The SharePoint Groups Analysis provides details about membership and permissions of SharePoint groups within one or more site collections and/or sites.
To generate a SharePoint Groups analysis:
1Select the object(s) for which you want to analyze SharePoint groups.
2Choose Users and Security > SharePoint Group Analysis.
3Specify the parameters for your analysis.
In addition to the "standard" parameters for permissions analyses, you can limit results to:
§SharePoint groups whose name include a specific text string
§groups with no members and/or with no permissions or only groups with both members and permissions
NOTE: Currently, you can only report on groups with no permissions if the ControlPoint Configuration Setting "Show SharePoint Groups with No Permissions in Hierarchy" is set to true. (See the ControlPoint Administration Guide for details.)
You can also choose whether to Include lists and list items in results.
CAUTION: If you chose to include lists and list items, the analysis may take significantly longer to run and may generate a much larger set of results.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The SharePoint Group Analysis consists of the following sections:
·Membership
·Permissions
Membership Section
The Membership section lists each site collection within the scope or your analysis.
When expanded the following information displays:
·each SharePoint Group within the site collection
·the No of users in the group.
·a plus sign (+) identifying each group that Has Permissions.
When expanded, each Member login name and Display Name is listed.
Note that an Active Directory group is counted as a single user.
Permissions Section
The Permissions section lists each site within the scope of your analysis.
When expanded, a Site Security summary row indicates whether site security is Inherited or Unique. Each SharePoint Group within the site is listed, along with a plus sign (+) identifying each of its permissions. Any custom permissions levels are recorded in the Other column.
Note that in the following example, the external user is identified by his external email address.
If you use ControlPoint to back up site permissions, you can compare permission changes within a single site, either between current permissions and a backup created at a specific date and time or from two backups created at different dates and times.
The analysis shows changes to:
·individual user permissions that have been granted directly
·permissions granted to SharePoint and Active Directory groups.
NOTE: Currently, this analysis does not identify changes to effective permissions (which, in SharePoint, refers to permissions granted as a side-effect of a granted permission). That is, changes to an individuals permissions based solely on addition to or deletion from a SharePoint or Active Directory group will not be reflected in analysis results.
To analyze permissions changes:
1Select the site whose permissions changes you want to analyze.
2Choose one of the following options (depending on how you want results to be grouped):
§Users and Security > Permissions Changes by Site.
OR
§Users and Security > Permissions Changes by User.
3Specify the parameters for your analysis.
In addition to "standard" parameters:
§You must select a Compare permissions from and Compare permissions to date and time.
NOTE: You can only select backups that were created in ControlPoint version 4.6 or later.
§If you want to view only users whose permissions have changed, check the Show only users with permissions changes box.
NOTE: If you leave this box unchecked, all users will be included in the analysis, regardless of whether their permissions have changed.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Analysis results contain the same information as the User Rights section of the Comprehensive Permissions analysis, except that, for the time period covered by the analysis:
·permissions that have been deleted are identified by a red D, and
·permissions that have been added are identified by a green A.
The ControlPoint User to Group Analysis lets you compare user direct permissions within one or more site collections with comparable SharePoint and/or Active Directory groups. You can use this analysis to identify users who should be moved into groupsas well as potential groups into which they can be moved (that is, groups that have the same permissions or fewer)in accordance with SharePoint best practices via the Clean-up User Permissions action.
NOTE: This analysis is only available at the site collection level of the hierarchy. However, your selection may include more than one site collection.
To generate a User to Group Analysis:
1Select the site collection(s) you want to include in your analysis.
2Choose Automation > User to Group Analysis.
3Select the user(s) whose permissions you want to analyze.
4If different from the default (Include SharePoint Groups only), check/uncheck the appropriate option(s) to Include Active Directory Groups only or both Include SharePoint and Include Active Directory Groups.
NOTE: At least one of these options must be checked.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The User to Group Analysis consists of the following sections:
·User Rights
·Group Permissions
User Rights Section
The User Rights section lists each Web application, site collection and user within the scope of your analysis, along with
·SharePoint groups that have permissions that correspond to the user's direct permissions, and
·the number of unique (non-inherited) direct permissions that the user has for objects within the site collection.
When expanded, each of the individual objects for which the user has unique direct permissions display, along with the corresponding Permissions Level(s).
Group Permissions Section
The Group Permissions sections lists all of the SharePoint and/or Active Directory groups within each site collection.
When expanded, each of the objects (sites, lists, folders, and items) for which the user has unique direct permissions, along with the corresponding permissions level(s).
You can use the information in this analysis to help you with cleaning up user permissions.
The ControlPoint Task Audit is an analysis tool that summarizes one or more of the ControlPoint actions that have been performed by administrators over a specified time period.
By default, the Task Audit report is accessible from the Manage ControlPoint panel. An action-specific Task Audit Report is also displayed automatically after a ControlPoint action is carried out.
NOTE: In a multi-farm installation, the Task Audit includes actions performed on both home and remote farms.
To generate a Task Audit:
1From the Manage ControlPoint panel, choose Schedule Management and Logging > ControlPoint Task Audit.
2Specify the following parameters for your analysis:
§Either
§Enter the StartDate and EndDate, or
§click the Calendar icon ()and select the date(s).
§(Optional) If you want to search for a specific text string, complete the Search for field. You can enter a full or partial:
§site name or url
§action name, or
§action description
For example, by entering the words "Site Theme" in the Search for field, your results will be limited to tasks that involved modifying a site theme.
Select an Administrator from the drop-down. (If you want report results to include all administrators in the list, select <ALL>).
Note that the drop-down list includes only administrators who have performed a ControlPoint action within that farm.
§Select a Task Type from the drop-down.
NOTE: The Task Type list is populated with the types of actions that have actually been performed by administrators. For example, if a Delete User Permissions action has never been performed, it will not appear in the list. If you want to include all available options in the report results, select <ALL>.
If you chose the Run Now, option, after the operation has been processed:
·a confirmation message displays at the top of the page, and
·a ControlPoint Task Audit is generated for the operation and displays in the Results section.
If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.
See also The ControlPoint Task Audit.
Information in the Task Audit Report
The Task Audit Report contains the following information for each task:
·the Task Type
·the username of the administrator that the task was Performed by
·the Date and time when the task was performed, and
·a summary of the parameters chosen for the action.
When expanded, a more detailed description of a task displays, which lists:
·site collections or sites on which the action was carried out, and
·any special notes or errors (such as "Security is inherited - no processing is done").
Note that:
·As with other ControlPoint analyses, only actions taken on sites you have permissions to manage within ControlPoint display in audit report results.
·Sites for which the administrator who performed the action does not have permissions to manage are not acted upon, and therefore are not captured in the audit report.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center