Skip to main content

Veeva Vault

Use the Veeva Vault connector to index Veeva Vault quality documents in Glean.

Supported features

  • Indexes Veeva Vault quality documents and their associated permissions.
  • Lets you control crawl scope by configuring allowed document types.
  • Stores searchable metadata such as document type, subtype, classification, and status.
  • Preserves additional queryable Vault fields and surfaces them as searchable custom fields when they are available in your Vault configuration.
  • Opens each result in the corresponding Veeva Vault document version URL.
  • Supports Dynamic Access Control pattern so you can further restrict what the Glean integration user can see. See Configure Dynamic Access Control for Glean access.

Connect to Veeva Vault

Prerequisites

  • The person setting up this connector must have either the Vault Owner or System Administrator security profile in Veeva Vault.
  • For security best practices, create a dedicated integration user for Glean.
  • If you do not want to grant full System Administrator access, create a custom permission set and security profile for the connector as described in Step 1: Create a Permission Set for Glean and Step 2: Create a Security Profile for Glean. The integration user should use the Glean Integration Profile instead of the standard System Administrator profile.
  • Gather these values before you start:
    • Vault URL, for example company.veevavault.com
    • Username for the integration user, for example glean-integration@example.com
    • Password for the integration user

Step 1: Create a Permission Set for Glean

Create a custom permission set with the minimum permissions required for the Glean connector.

  1. Log in to your Veeva Vault instance as an administrator.

  2. Navigate to Admin > Users & Groups > Permission Sets.

  3. Click Create and name the permission set Glean Integration.

  4. Configure Glean integration permissions in the following tabs:

    Admin tab

    PermissionAccess
    Document TypesRead
    Document FieldsRead
    Document LifecyclesRead
    Business Admin ObjectsRead
    UsersRead
    GroupsRead
    Security ProfilesRead

    Leave all other Admin permissions unchecked.

    Application tab

    PermissionAccess
    API: Access APIEnabled
    API: Metadata APIEnabled
    Document: Download DocumentEnabled
    Document: Download RenditionEnabled
    User: View User InformationEnabled
    User: View User ProfileEnabled
    File Staging: AccessEnabled
    Object: Bulk ActionEnabled

    Important: Do not enable All Documents: All Document Read. Document visibility is controlled through Dynamic Access Control (see Step 5).

    Leave all other Application permissions unchecked, including Workflow, Workflow Administration, and Events API.

    Objects tab

    PermissionAccess
    All ObjectsRead

Tabs Tab

No specific tab permissions are required for the Glean connector. You can leave this tab at its defaults.

Pages, Mobile and API Tabs

These tabs do not require any specific permissions for the Glean connector. You can leave them at their defaults.

  1. Click Save to create the permission set.

Step 2: Create a Security Profile for Glean

  1. Navigate to Admin > Users & Groups > Security Profiles.
  2. Click Create and name the security profile Glean Integration Profile.
  3. Add the Glean Integration permission set you created in Step 1.
  4. Click Save.

Step 3: Create an integration user for Glean

  1. Navigate to Admin > Users & Groups > Vault Users.

  2. Click Create to open the Create User form.

  3. In the Domain User section, click the Domain User dropdown and select + Create Domain User to set up a new domain-level user for Glean. If a dedicated user already exists, select it from the list.

  4. In the Create Domain User section, fill in the following required fields, then click Save to create the Domain User.

    FieldValue
    First NameGlean
    Last NameIntegration User
    User Nameglean-integration (the domain suffix is added automatically)
    EmailA valid email address for receiving notifications
    Language(Your preferred language)
    Locale(Your preferred locale)
    Timezone(Your preferred timezone)

  5. Scroll down to the Details section and fill in the following:

    FieldValue
    Security ProfileGlean Integration Profile (the custom profile created in Step 2)
    Activation DateClick Today to activate the user immediately
    Security PolicyYour organization’s default policy (or as required by your IT team)

  6. Click Save + Create or Save to create the user.

  7. The new user will receive a welcome email with instructions to set their password. You can also reset the password from the user’s profile page via Actions > Reset Password.

Step 4: Gather Connection Details

You will need the following information to complete the setup:

  1. Vault URL: Your Veeva Vault instance URL (for example, company.veevavault.com)
  2. Username: The integration user’s full username (for example, glean-integration@example.com)
  3. Password: The integration user’s password (set via the welcome email or password reset)

Step 5: Configure Dynamic Access Control for Glean Access

This section explains how to configure Dynamic Access Control in Veeva Vault so the Glean integration user can access and index only the documents you explicitly allow.

Veeva recommends the following procedure to give the Glean integration user access to the content Glean can index.

The setup uses:

  • A dedicated Document Type Group
  • A dedicated Application Role
  • A dedicated Lifecycle Role
  • A Sharing Rule based on Document Type Group
  • A User Role Setup for the Glean integration user

This approach gives you granular control over which documents Glean can index.

Before you begin

Before starting, make sure you have:

  • Admin access to Veeva Vault
  • The Glean integration user available in Vault
  • A list of the document types, sub-types, and document lifecycles that should be accessible to Glean

Step 5a: Create a document type group for Glean-accessible documents

  1. In Veeva Vault, go to Business Admin > Objects.
  2. Create a new Document Type Group.
  3. Name it Glean Accessible Documents.

Use this document type group to mark all document types and sub-types that Glean should be allowed to index.

Step 5b: Add the document type group to the document types and sub-types you want Glean to index

For each document type that should be accessible to Glean:

  1. Go to Admin > Configuration > your document type > Document Type Groups.
  2. Add Glean Accessible Documents.

Important

Sub-types may not inherit document type groups from their parent type.
Make sure you explicitly add Glean Accessible Documents to every sub-type you want Glean to index.

Step 5c: Create an application role for Glean

  1. Go to Admin > Users & Groups > Application Roles.
  2. Create a new Application Role with:
    • Label: Glean Integration Access
    • Name: glean_integration_access__c

This role will be used in the affected document lifecycles.

Step 5d: Add the Glean role to each affected document lifecycle

For each document lifecycle that contains documents Glean should index:

  1. Go to Admin > Configuration > Document Lifecycles.
  2. Open the lifecycle.
  3. Go to the Roles tab.
  4. Click Create Role.
  5. Select the application role Glean Integration Access.
  6. Set the role label to Glean Integration Access.
  7. Under Options:
    • Enable Dynamic Access Control
    • Clear the Allowed Group dropdown
  8. Save the role.

At this point, the lifecycle role exists, but you still need to define how users are assigned to it.

Step 5e: Create a sharing rule for the lifecycle role

For each lifecycle where you added the Glean Integration Access role:

  1. In the lifecycle Roles tab, click Glean Integration Access.
  2. Open Sharing Rules.
  3. Click Create.
  4. Name the rule Glean Access Rule.
  5. Set the rule criteria to Document Type Group.
  6. Save the rule.

How this works

With this rule in place, when a User Role Setup is created for:

  • the role Glean Integration Access, and
  • the document type group Glean Accessible Documents

The selected user is added to that lifecycle role for all matching documents.

This is the mechanism that controls which documents Glean can access and index.

Step 5f: Add the Glean integration user to the role setup

  1. Go to Admin > Users & Groups.
  2. Open the Glean Integration User.
  3. Go to User Role Setup.
  4. Click Create.
  5. Set:
    • Role: Glean Integration Access
    • Document Type Group: Glean Accessible Documents
  6. Save the setup.

After this is configured, any document that:

  • belongs to a lifecycle with the configured Glean Integration Access role and sharing rule, and
  • matches the Glean Accessible Documents document type group

will grant access to the Glean Integration User through that lifecycle role.

Step 5g: Grant the required permissions in the steady-state lifecycle state

For each affected document lifecycle:

  1. Go to Admin > Configuration > Document Lifecycles.
  2. Open the lifecycle.
  3. Click States.
  4. Select the steady-state state.
  5. Open Security Settings.
  6. For Glean Integration Access, grant:
    • View Content
    • View Document
    • Download Source

These permissions are required for Glean to access and index the document.

Validation checklist

Use this checklist to confirm the setup is complete:

  • A Document Type Group named Glean Accessible Documents exists
  • All required document types and sub-types are added to that group
  • An Application Role named Glean Integration Access exists
  • The role is added to each affected document lifecycle
  • Dynamic Access Control is enabled for the lifecycle role
  • A Sharing Rule exists with criteria Document Type Group
  • The Glean Integration User has a User Role Setup for:
    • role Glean Integration Access
    • document type group Glean Accessible Documents
  • The steady-state lifecycle state grants:
    • View Content
    • View Document
    • Download Source

Notes

  • This configuration is intentionally restrictive and is recommended when you want Glean to index only a controlled subset of documents.
  • If a document subtype is missing the Glean Accessible Documents group, Glean will not receive access through this configuration.
  • You must repeat the lifecycle configuration for each affected document lifecycle.

Step 6: Test API connectivity (optional)

You can verify API access by making a test authentication request:

curl -X POST "https://YOUR-VAULT.veevavault.com/api/v25.2/auth" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=${VEEVA_USERNAME}&password=${VEEVA_PASSWORD}"

A successful response will include a sessionId and responseStatus of SUCCESS in the JSON response.

Step 7: Enter the connection details in Glean

On the Veeva Vault setup page in Glean:

  1. Go to Admin console > Data sources > Add data source and select Veeva Vault.
  2. Enter a display name for the data source.
  3. Enter your Vault URL in the format company.veevavault.com without http:// or https://.
  4. Enter the integration user’s username.
  5. Enter the integration user’s password.
  6. Save the configuration so Glean can validate the credentials and API access permissions.

What Glean crawls

Glean indexes Veeva Vault quality documents. To support indexing and access control, the connector syncs related users, groups, auto-managed groups, document property metadata, lifecycle definitions, document role assignments, and document deletions.

You can configure allowed document types to restrict which documents are included in the crawl. The connector reads document property metadata before the crawl starts to include queryable metadata fields and resolve document structure correctly.

How crawl and sync work

After the initial indexing run, Glean updates content and permissions periodically.

The connector uses separate crawl scopes for:

  • users
  • groups
  • auto-managed groups
  • document property metadata
  • documents
  • deletions

The documents crawl depends on the document property metadata crawl.

Before crawling documents, the connector reads lifecycle definitions to identify the steady-state statuses for each lifecycle and the lifecycle-state permission rules that affect document visibility.

For documents in scope, Glean fetches document metadata first, then fetches document role assignments for those document IDs, and then exports and downloads the document renditions used for indexing.

During incremental syncs, Glean fetches documents modified since the last crawl. If a previously indexed document no longer matches a steady-state status for its lifecycle, Glean removes it during a later incremental update.

The connector also runs a separate deletions crawl to remove documents that were deleted in Veeva Vault.

Permissions

Glean preserves Veeva Vault permissions for indexed documents.

To build document access, Glean combines:

  • the users and groups assigned through Veeva document role assignments
  • the roles that have document view access in the document's current lifecycle state

A user or group is granted access in Glean only if its assigned document role is allowed to view the document in that lifecycle state.

Limitations

  • The current connector scope is Veeva Vault quality documents.
  • Glean indexes only documents whose current status is a steady-state status for that document's lifecycle.
  • Documents that move out of a steady-state status are removed during later incremental syncs.

Troubleshooting

FAQs

Last updated on