Chat now with support
Chat with Support

Metalogix ControlPoint 8.1 - for Office 365 User Guide

Getting Started with ControlPoint Searching for SharePoint Sites Managing SharePoint Objects Managing Metadata Managing SharePoint User Permissions Data Analysis and Reporting Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Provisioning SharePoint Site Collections and Sites Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity About Us

Analyzing Comprehensive Permissions

The Comprehensive Permissions analysis shows the permissions that users (including external users) have to selected sites as well as lists (and optionally, list items) within those sites.  

If you want to analyze site-level permissions only (with the option of drilling down to list permissions for each user individually), you can run a Site Permissions analysis instead.

NOTE:  The Comprehensive Permissions analysis always uses real-time (not cached) data.

To generate a Comprehensive Permissions analysis:

1Select the object(s) on which you want to perform the analysis.

2Choose Users and Security > Comprehensive Permissions

3Specify the parameters for your analysis.

Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.

NOTE:  By default, permissions for list items are excluded from the analysis.  You can, however, chose to Include List Items.  Be aware however, that processing time may increase significantly.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Because Comprehensive Permissions analyses are always run on real-time data, if your analysis encompasses multiple users, sites, lists, and/or list items, the analysis may run very slowly and the result set may be very large.  Therefore, you may want to consider running it by schedule.

In addition to the same site-level permissions (Site Security) shown in the Site Permissions by Site analysis, the User Rights section also shows the same list-level and optionally, item-level permissions (List Security) shown in the Site Lists Permissions analysis.

 

Analyzing SharePoint Groups

The SharePoint Groups Analysis provides details about membership and permissions of SharePoint groups within one or more site collections and/or sites.  

To generate a SharePoint Groups analysis:

1Select the object(s) for which you want to analyze SharePoint groups.

2Choose Users and Security > SharePoint Group Analysis.

3Specify the parameters for your analysis.

In addition to the "standard" parameters for permissions analyses, you can limit results to:

§SharePoint groups whose name include a specific text string

§groups with no members and/or with no permissions or only groups with both members and permissions

NOTE:  Currently, you can only report on groups with no permissions if the ControlPoint Configuration Setting "Show SharePoint Groups with No Permissions in Hierarchy" is set to true.  (See the ControlPoint Administration Guide for details.)

You can also choose whether to Include lists and list items in results.

CAUTION:  If you chose to include lists and list items, the analysis may take significantly longer to run and may generate a much larger set of results.

SP Group Analysis

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The SharePoint Group Analysis consists of the following sections:

·Membership

·Permissions

Membership Section

The Membership section lists each site collection within the scope or your analysis.

When expanded the following information displays:

·each SharePoint Group within the site collection

·the No of users in the group.

·a plus sign (+) identifying each group that Has Permissions.

 

When expanded, each Member login name and Display Name is listed.

SP Group Analysis MEMBERS CP Online

Permissions Section

The Permissions section lists each site within the scope of your analysis.

When expanded, a Site Security summary row indicates whether site security is Inherited or Unique.  Each SharePoint Group within the site is listed, along with a plus sign (+) identifying each of its permissions.  Any custom permissions levels are recorded in the Other column.

SP Group Analysis PERMS CP Online

Note that in the following example, the external user is identified by his external email address.

Site Permissions EXTERNAL USER

 

 

Auditing Activities and Changes in Your SharePoint Environment

SharePoint captures activities and changes to the environment via the following mechanisms:

·the Audit Log, which focuses on activities performed by SharePoint users.

·the Change Log, which focuses on changes made to the SharePoint environment.  

ControlPoint provides functionality that enables you to view contents of audit logs and change logs, which is not currently available in native SharePoint.

 

Events Captured in SharePoint Logs

The following tables identify the log(s) where different types of events are recorded and the event codes used to identify them.

NOTE: Be aware that some events may not appear immediately in analysis results, as it can take several minutes for them to be recorded in the SharePoint log.

Add/Delete Site Collections, Sites, Libraries and Lists

Event

Where Recorded (ControlPoint Event Type)

·Site collection added

·Site added

·Library or list added

Change Log (Add)

NOTE:  It may take several minutes for an added site to appear in the Change Log.

·Site deleted

·Library or list deleted

·Audit Log (Delete/Delete Child)

NOTE:  A Delete event is reported from the perspective of the object itself.  A Delete Child event is reported from the perspective of the object's parent.

·Change Log (Delete)

Add/Delete Document and List Items

Event

Where Recorded (ControlPoint Event Type)

Document or list item added

·Audit Log (Update)

·Change Log (Add)

Document or list item deleted

·Audit Log (Delete/Delete Child)

NOTE:  A Delete event is reported from the perspective of the object itself.  A Delete Child event is reported within the scope of the object's parent.

·Change Log (Delete)

Document or list item restored

·Audit Log (Undelete)

·Change Log (Restore)

Other Actions on Document and List Items

Event

Where Recorded (ControlPoint Event Type)

·Document opened/downloaded

·List item viewed

·List item properties viewed

Audit Log (View)

·Document or list item edited

·Document or list item properties edited

·Audit Log (Update)

·Change Log (Update)

Item checked in/checked out

·Audit Log (Check In/Check Out)

·Change Log (Update)

Items moved to another location in the site

Audit Log (Move)

Change Log (Move Away/Move Into)

Items copied to another location in the site (using the Send To menu entry)

Audit Log (Update)

Item accessed as part of a workflow

Audit Log (Workflow)

Add/Delete/Change Users and Permissions

 

Event

Where Recorded (ControlPoint Event Type) (SharePoint Event Code)

Site security inheritance broken

 

·Audit Log (Turn Off Inheritance from Parent) (SecRoleBindBreakInherit)

·Change Log (Add Assignment) (AssignmentAdd)

Site security inheritance restored

·Audit Log (Turn On Inheritance from Parent) (SecRoleBindInherit)

·Change Log (Delete Assignment) (Assignment)

Permission level inheritance restored

Change Log (Delete Assignment) (Assignment)

Site permission level created

·Audit Log (Create Permissions) (SecRoleDefCreate)

·Change Log (Add Role)(RoleUpdate)

Site permission level deleted

·Audit Log (Remove Permissions) (SecRoleDefDelete)

·Change Log (Delete Role) (RoleUpdate)

Site Permission level changed

·Audit Log (Modify Permissions) (SecGroupCreate)

·Change Log (Update Role) (RoleUpdate)

User or SharePoint group permission changed

·Audit Log (Change Permissions) (SecRoleBindUpdate)

·Change Log (Add Assignment and/or Delete Assignment) (AssignmentAdd and/or Assignment)

SharePoint group created

·Audit Log (Create Group) (SecGroupCreate)

·Change Log (Add)

SharePoint group deleted

·Audit Log (Delete Group) (SecGroupDelete)

·Change Log (Delete)

Member added to SharePoint group

·Audit Log (Add Member to Group) (SecGroupMemberAdd)

·Change Log (Add Member) (MemberAdd)

Member deleted from SharePoint group

·Audit Log (Delete Member from Group) (SecGroupemberDelete)

·Change Log ( Delete Member) (MemberDelete)

Add Content Types and Columns

Action

Where Recorded (ControlPoint Event Type) (SharePoint Event Code)

Content Type added

Audit Log (Change Profile) (ProfileChange)

Column added

Audit Log (Change Schema) (SchemaChange)

SharePoint Search Activity

Event

Where Recorded (ControlPoint Event Type)

SharePoint search performed

Audit Log (Search)

Audit Settings

Event

Where Recorded (ControlPoint Event Type) (SharePoint Event Code)

Audit settings changed

Audit Log (Change Mask) (AuditMaskChange)

 

Related Documents