Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Analyzing Permissions by List Item

The Permissions by List Item analysis lets you examine user permissions for folders and items within selected lists.

NOTE:  List item permissions are also included as part of Comprehensive Permissions analysis.  

To generate a Permissions by List Item analysis:

1Select the list(s) whose item permissions you want to analyze.

2Choose Users and Security > Permissions by List Item.

3If you want to analyze only specific items within the selected scope, select the items you want to analyze.

4Specify the parameters for your analysis.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The first row of the result set includes the following information about the list itself:

·an icon that identifies the list type (document library, calendar, task list, etc.).

·the name of the list

·the List Security type (Inherited or Unique)

·the number of Items in the list

·the number of Items with Unique Permissions.

When the first row is expanded, each user with permissions for the list is displayed, along with the following information:

·the name of the SharePoint User

·the number of Accessible Items (that is, the number of items within the list for which the user has permissions)

·the user's permission level(s) for the list itself, as indicated by a plus sign (+) in the applicable column(s), which may include:

§the site collection's Admin group

§the five default SharePoint permission levels:

§Full Control

§Design

§Contribute

§Read

§Limited.

NOTE:  If a user has a template-specific or custom permission level, it is recorded in the Other column.

Permissions by List Item LIST EXPANDED

The remaining rows contain detailed permissions information for each folder and item within the list.

Click a list, folder, or item name to open the SharePoint Permissions page.

Note that in the following example, the external user is identified by his external email address.

 

Analyzing Comprehensive Permissions

The Comprehensive Permissions analysis shows the permissions that users have to selected sites as well as lists (and optionally, list items) within those sites.  

If you want to analyze site-level permissions only (with the option of drilling down to list permissions for each user individually), you can run a Site Permissions analysis instead.

NOTE:  The Comprehensive Permissions analysis always uses real-time (not cached) data.

To generate a Comprehensive Permissions analysis:

1Select the object(s) on which you want to perform the analysis).

2Choose Users and Security > Comprehensive Permissions.

3Specify the parameters for your analysis.

Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.

NOTE:  By default, permissions for list items are excluded from the analysis.  You can, however, chose to Include List Items.  Be aware however, that processing time may increase significantly.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Comprehensive Permissions analysis results consist of the following sections:

·Web Application Policies

·User Rights.

Web Application Policies Section

The information in the Web Application Polices section is the same as that found in the Site Permissions analysis.

User Rights Section

In addition to the same site-level permissions (Site Security) shown in the Site Permissions analysis, the User Rights section also shows the same list-level and optionally, item-level permissions (List Security) shown in the Site Lists Permissions analysis.

 

Analyzing Comprehensive Information About SharePoint Users

The Comprehensive User Report contains the following information about one or more SharePoint users:

·permissions that the user has for sites, lists, and list items

·workflows created by the user

·documents created by, last modified by, and checked out to the user

·SharePoint alerts that have been created for the user

·open tasks assigned to the user, including workflow tasks

·membership in both SharePoint and Active Directory groups.

To  generate a Comprehensive User Report:

1Select the object(s) for which you want to view comprehensive user information

2Choose Users and Security > Comprehensive User Report.

3Select the user(s) whose comprehensive information you want to analyze.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Comprehensive User Information Report results consist of the following sections:

·Web Application Policies

·User Rights

·Documents Created By, Last Modified By, and Checked Out to User

·SharePoint Alerts by Site

·Workflows Created

·Open Tasks

·User Groups

Web Application Polices and User Rights Sections

The information in the Web Application Polices and User Rights sections is the same as that found in the Comprehensive Permissions analysis.

Documents Created By, Last Modified By, and Checked Out to User Section

This section lists each of the documents created by, last modified by, and checked out to the user and includes the name of the Web Application, Site, and List where the document is located.

Comp User Documents

SharePoint Alerts by Site Section

This section lists SharePoint alerts that have been created for the user for each site within the scope of your analysis, including the Web Application, Site.  and url for which the alert is set.  

When expanded, the following additional information displays:

·alert Type (List or Item)

·Event Filter that triggers the alert

·Frequency of the alert

·if the frequency is other than immediate, the date and time of the Next Alert

·the alert Filter

Comp User Alerts

Running Workflows Created Section

The Running Workflows Created section lists all of the workflows created by the user that have at least one instance currently running.  Information about the workflow includes:

·Workflow name

·the number of Running Instances

·A Description of the workflow.

When expanded, the following additional information about the workflow displays:

·the workflow's Associated Item

·a link to a Summary of all workflows associated with the Document

·the List for which the workflow was created

·the Site and Web Application where the list is located.

Comp User Workflows

Open Tasks Section

The Open Tasks section lists all of the workflow-associated open tasks that have been assigned to the user, including:

·the Task Name and Status

·the Task Created Date and time

·the Task Type

·the Associated Workflow for the task

·the Task Description

User Groups Section

The User Groups section lists the Active Directory Groups and SharePoint Groups of which the user is a member.

Comp User Groups

 

Analyzing SharePoint Groups

The SharePoint Groups Analysis provides details about membership and permissions of SharePoint groups within one or more site collections and/or sites.  

To generate a SharePoint Groups analysis:

1Select the object(s) for which you want to analyze SharePoint groups.

2Choose Users and Security > SharePoint Group Analysis.

3Specify the parameters for your analysis.

In addition to the "standard" parameters for permissions analyses, you can limit results to:

§SharePoint groups whose name include a specific text string

§groups with no members and/or with no permissions or only groups with both members and permissions

NOTE:  Currently, you can only report on groups with no permissions if the ControlPoint Configuration Setting "Show SharePoint Groups with No Permissions in Hierarchy" is set to true.  (See the ControlPoint Administration Guide for details.)

You can also choose whether to Include lists and list items in results.

CAUTION:  If you chose to include lists and list items, the analysis may take significantly longer to run and may generate a much larger set of results.

SP Group Analysis

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The SharePoint Group Analysis consists of the following sections:

·Membership

·Permissions

Membership Section

The Membership section lists each site collection within the scope or your analysis.

When expanded the following information displays:

·each SharePoint Group within the site collection

·the No of users in the group.

·a plus sign (+) identifying each group that Has Permissions.

SP Group Analysis MEMBERS EXP

 

When expanded, each Member login name and Display Name is listed.

SP Group Analysis MEMBERS EXP

Note that an Active Directory group is counted as a single user.  

SP Group Analysis AD GROUP

Permissions Section

The Permissions section lists each site within the scope of your analysis.

SP Group Analysis AD GROUP

When expanded, a Site Security summary row indicates whether site security is Inherited or Unique.  Each SharePoint Group within the site is listed, along with a plus sign (+) identifying each of its permissions.  Any custom permissions levels are recorded in the Other column.

SP Group Analysis PERMS EXP

Note that in the following example, the external user is identified by his external email address.

 

 

Related Documents