7 Appendix B: Permissions Required for the Protocol Client

For the Site Data Protocol, Microsoft SharePoint servers use the port with a standard address location of http://root/_vti_bin/SiteData.asmx where root denotes a root URL of a site (or some subsite thereof).

The network account used by the client of Site Data Protocol has to belong to the group of Site Collection Administrators to be able to fully retrieve information about site structure, its users and groups, as well as permissions granted to those entities.

Those permissions can be granted to the client by the Site Collection Administrator using Central Administration > Application Management > Policy for Web Applications menu of the SharePoint Central Administration tool. By default, those permissions are granted only to NT AUTHORITY\LOCAL SERVICE and NT AUTHORITY\NETWORK SERVICE accounts, which even administrators cannot impersonate.