立即与支持人员聊天
与支持团队交流

ControlPoint 8.7 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Running Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Provisioning SharePoint Site Collections and Sites Default Menu Options for ControlPoint Users About Us

Analyzing SharePoint Groups

The SharePoint Groups Analysis provides details about membership and permissions of SharePoint groups within one or more site collections and/or sites.  

To generate a SharePoint Groups analysis:

1Select the object(s) for which you want to analyze SharePoint groups.

2Choose Users and Security > SharePoint Group Analysis.

3Specify the parameters for your analysis.

In addition to the "standard" parameters for permissions analyses, you can limit results to:

§SharePoint groups whose name include a specific text string

§groups with no members and/or with no permissions or only groups with both members and permissions

NOTE:  Currently, you can only report on groups with no permissions if the ControlPoint Configuration Setting "Show SharePoint Groups with No Permissions in Hierarchy" is set to true.  (See the ControlPoint Administration Guide for details.)

You can also choose whether to Include lists and list items in results.

CAUTION:  If you chose to include lists and list items, the analysis may take significantly longer to run and may generate a much larger set of results.

SP Group Analysis

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be run at a later time.

The SharePoint Group Analysis consists of the following sections:

·Membership

·Permissions

Membership Section

The Membership section lists each site collection within the scope or your analysis.

When expanded the following information displays:

·each SharePoint Group within the site collection

·the No of users in the group.

·a plus sign (+) identifying each group that Has Permissions.

SP Group Analysis MEMBERS EXP

 

When expanded, each Member login name and Display Name is listed.

SP Group Analysis MEMBERS EXP

Note that an Active Directory group is counted as a single user.  

SP Group Analysis AD GROUP

Permissions Section

The Permissions section lists each site within the scope of your analysis.

SP Group Analysis AD GROUP

When expanded, a Site Security summary row indicates whether site security is Inherited or Unique.  Each SharePoint Group within the site is listed, along with a plus sign (+) identifying each of its permissions.  Any custom permissions levels are recorded in the Other column.

SP Group Analysis PERMS EXP

Note that in the following example, the external user is identified by his external email address.

Site Permissions EXTERNAL USER

 

 

Analyzing Permissions Changes

If you use ControlPoint to back up site permissions, you can compare permission changes within a single site, either between current permissions and a backup created at a specific date and time or from two backups created at different dates and times.

The analysis shows changes to:

·individual user permissions that have been granted directly

·permissions granted to SharePoint and Active Directory groups.

NOTE:  Currently, this analysis does not identify changes to “effective permissions” (which, in SharePoint, refers to permissions granted as a side-effect of a granted permission).   That is, changes to an individual’s permissions based solely on addition to or deletion from a SharePoint or Active Directory group will not be reflected in analysis results.

To analyze permissions changes:

1Select the site whose permissions changes you want to analyze.

2Choose one of the following options (depending on how you want results to be grouped):

§Users and Security > Permissions Changes by Site.

OR

§Users and Security > Permissions Changes by User.

3Specify the parameters for your analysis.

In addition to "standard" parameters:

§You must select a Compare permissions from and Compare permissions to date and time.

NOTE:  You can only select backups that were created in ControlPoint version 4.6 or later.

Comprehensive Permissions Changes

§If you want to view only users whose permissions have changed, check the Show only users with permissions changes box.

NOTE:  If you leave this box unchecked, all users will be included in the analysis, regardless of whether their permissions have changed.

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be run at a later time.

Analysis results contain the same information as the User Rights section of the Comprehensive Permissions analysis, except that, for the time period covered by the analysis:

·permissions that have been deleted are identified by a red D, and

·permissions that have been added are identified by a green A.

Comprehensive Permissions Changes RESULTS

 

Generating a User To Group Analysis

The ControlPoint User to Group Analysis lets you compare user direct permissions within one or more site collections with comparable SharePoint and/or Active Directory groups.  You can use this analysis to identify users who should be moved into groups—as well as potential groups into which they can be moved (that is, groups that have the same permissions or fewer)—in accordance with SharePoint best practices via the Clean-up User Permissions action.

NOTE:  This analysis is only available at the site collection level of the hierarchy.  However, your selection may include more than one site collection.

To generate a User to Group Analysis:

1Select the site collection(s) you want to include in your analysis.

2Choose Automation > User to Group Analysis.

3Select the user(s) whose permissions you want to analyze.

4If different from the default (Include SharePoint Groups only), check/uncheck the appropriate option(s) to Include Active Directory Groups only or both Include SharePoint  and Include Active Directory Groups.

NOTE:  At least one of these options must be checked.

User to Group Analysis

Now you can:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be run at a later time.

The User to Group Analysis consists of the following sections:

·User Rights

·Group Permissions

User Rights Section

The User Rights section lists each Web application, site collection and user within the scope of your analysis, along with

·SharePoint groups that have permissions that correspond to the user's direct permissions, and

·the number of unique (non-inherited) direct permissions that the user has for objects within the site collection.

Group Analysis USER RIGHTS

When expanded, each of the individual objects for which the user has unique direct permissions display, along with the corresponding Permissions Level(s).  

Group Analysis USER RIGHTS EXPANDED

Group Permissions Section

The Group Permissions sections lists all of the SharePoint and/or Active Directory groups within each site collection.

Group Analysis GROUP PERMISSIONS

When expanded, each of the objects (sites, lists, folders, and items) for which the user has unique direct permissions, along with the corresponding permissions level(s).

Group Analysis GROUP PERMISSIONS EXPANDED

You can use the information in this analysis to help you with cleaning up user permissions.

 

The ControlPoint Task Audit

The ControlPoint Task Audit is an analysis tool that summarizes one or more of the ControlPoint actions that have been performed by administrators over a specified time period.

By default, the Task Audit report is accessible from the Manage ControlPoint panel.  An action-specific Task Audit Report is also displayed automatically after a ControlPoint action is carried out.

NOTE:  In a multi-farm installation, the Task Audit includes actions performed on both home and remote farms.

 

To generate a Task Audit:

1From the Manage ControlPoint panel, choose Schedule Management and Logging > ControlPoint Task Audit.

2Specify the following parameters for your analysis:

§Either

§Enter the StartDate and EndDate, or

§click the Calendar icon ()and select the date(s).

§(Optional)  If you want to search for a specific text string, complete the Search for field.  You can enter a full or partial:

§site name or url

§action name, or

§action description

For example, by entering the words "Site Theme" in the Search for field, your results will be limited to tasks that involved modifying a site theme.

Select an Administrator from the drop-down.  (If you want report results to include all administrators in the list, select <ALL>).

Note that the drop-down list includes only administrators who have performed a ControlPoint action within that farm.  

§Select a Task Type from the drop-down.

Task Type drop-down

NOTE:  The Task Type list is populated with the types of actions that have actually been performed by administrators.  For example, if a Delete User Permissions action has never been performed, it will not appear in the list.  If you want to include all available options in the report results, select <ALL>.

If you chose the Run Now, option, after the operation has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the operation and displays in the Results section.

If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.

See also The ControlPoint Task Audit.

Information in the Task Audit Report

The Task Audit Report contains the following information for each task:

·the Task Type

·the username of the administrator that the task was Performed by

·the Date and time when the task was performed, and

·a summary of the parameters chosen for the action.

Task Audit Report RESULTS

When expanded, a more detailed description of a task displays, which lists:

·site collections or sites on which the action was carried out, and

·any special notes or errors (such as "Security is inherited - no processing is done").

Task Audit DETAIL

Note that:

·As with other ControlPoint analyses, only actions taken on sites you have permissions to manage within ControlPoint display in audit report results.

·Sites for which the administrator who performed the action does not have permissions to manage are not acted upon, and therefore are not captured in the audit report.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级