If you use ControlPoint to back up site permissions, you can compare permission changes within a single site, either between current permissions and a backup created at a specific date and time or from two backups created at different dates and times.
The analysis shows changes to:
·individual user permissions that have been granted directly
·permissions granted to SharePoint and Active Directory groups.
NOTE: Currently, this analysis does not identify changes to effective permissions (which, in SharePoint, refers to permissions granted as a side-effect of a granted permission). That is, changes to an individuals permissions based solely on addition to or deletion from a SharePoint or Active Directory group will not be reflected in analysis results.
To analyze permissions changes:
1Select the site whose permissions changes you want to analyze.
2Choose one of the following options (depending on how you want results to be grouped):
§Users and Security > Permissions Changes by Site.
OR
§Users and Security > Permissions Changes by User.
3Specify the parameters for your analysis.
In addition to "standard" parameters:
§You must select a Compare permissions from and Compare permissions to date and time.
§If you want to view only users whose permissions have changed, check the Show only users with permissions changes box.
NOTE: If you leave this box unchecked, all users will be included in the analysis, regardless of whether their permissions have changed.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Analysis results contain the same information as the User Rights section of the Comprehensive Permissions analysis, except that, for the time period covered by the analysis:
·permissions that have been deleted are identified by a red D, and
·permissions that have been added are identified by a green A.
The ControlPoint User to Group Analysis lets you compare user direct permissions within one or more site collections with comparable SharePoint and/or Active Directory groups. You can use this analysis to identify users who should be moved into groupsas well as potential groups into which they can be moved (that is, groups that have the same permissions or fewer)in accordance with SharePoint best practices via the Clean-up User Permissions action.
NOTE: This analysis is only available at the site collection level of the hierarchy. However, your selection may include more than one site collection.
To generate a User to Group Analysis:
1Select the site collection(s) you want to include in your analysis.
2Choose Automation > User to Group Analysis.
3Select the user(s) whose permissions you want to analyze.
4If different from the default (Include SharePoint Groups only), check/uncheck the appropriate option(s) to Include Active Directory Groups only or both Include SharePoint and Include Active Directory Groups.
NOTE: At least one of these options must be checked.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The User to Group Analysis consists of the following sections:
·User Rights
·Group Permissions
User Rights Section
The User Rights section lists each Web application, site collection and user within the scope of your analysis, along with
·SharePoint groups that have permissions that correspond to the user's direct permissions, and
·the number of unique (non-inherited) direct permissions that the user has for objects within the site collection.
When expanded, each of the individual objects for which the user has unique direct permissions display, along with the corresponding Permissions Level(s).
Group Permissions Section
The Group Permissions sections lists all of the SharePoint and/or Active Directory groups within each site collection.
When expanded, each of the objects (sites, lists, folders, and items) for which the user has unique direct permissions, along with the corresponding permissions level(s).
You can use the information in this analysis to help you with cleaning up user permissions.
The ControlPoint Task Audit is an analysis tool that summarizes one or more of the ControlPoint actions that have been performed by administrators over a specified time period.
By default, the Task Audit report is accessible from the Manage ControlPoint panel. An action-specific Task Audit Report is also displayed automatically after a ControlPoint action is carried out.
NOTE: In a multi-farm installation, the Task Audit includes actions performed on both home and remote farms.
To generate a Task Audit:
1From the Manage panel, choose Schedule Management and Logging > ControlPoint Task Audit.
2Specify the following parameters for your analysis:
§Either
§Enter the StartDate and EndDate, or
§click the Calendar icon ()and select the date(s).
§(Optional) If you want to search for a specific text string, complete the Search for field. You can enter a full or partial:
§site name or url
§action name, or
§action description
For example, by entering the words "Site Theme" in the Search for field, your results will be limited to tasks that involved modifying a site theme.
Select an Administrator from the drop-down. (If you want report results to include all administrators in the list, select <ALL>).
Note that the drop-down list includes only administrators who have performed a ControlPoint action within that farm.
§Select a Task Type from the drop-down.
NOTE: The Task Type list is populated with the types of actions that have actually been performed by administrators. For example, if a Delete User Permissions action has never been performed, it will not appear in the list. If you want to include all available options in the report results, select <ALL>.
If you chose the Run Now, option, after the operation has been processed:
·a confirmation message displays at the top of the page, and
·a ControlPoint Task Audit is generated for the operation and displays in the Results section.
If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.
See also The ControlPoint Task Audit.
Information in the Task Audit Report
The Task Audit Report contains the following information for each task:
·the Task Type
·the username of the administrator that the task was Performed by
·the Date and time when the task was performed, and
·a summary of the parameters chosen for the action.
When expanded, a more detailed description of a task displays, which lists:
·site collections or sites on which the action was carried out, and
·any special notes or errors (such as "Security is inherited - no processing is done").
Note that:
·As with other ControlPoint analyses, only actions taken on sites you have permissions to manage within ControlPoint display in audit report results.
·Sites for which the administrator who performed the action does not have permissions to manage are not acted upon, and therefore are not captured in the audit report.
The Logged Errors Report lets you view the contents of the ControlPoint Services (xcAdmin) database error log for a specified date range. You can use this detail with guidance from Quest Support to diagnose potential issues in your environment.
To view logged errors:
1From the Manage ControlPoint panel, choose Schedule Management and Logging > Logged Errors Report.
2Select a Start date and End date representing the time period for which you want to view logged errors.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Logged Error Report results contain a time-stamped entry for each error logged within the specified date range, followed by detailed error text.
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center