How to Audit SharePoint Permissions using PortalFront SharePoint News Slider
Once installed,
1. Run the program by going to the start menu. In Windows 8 it would look like this:
2. The program will launch, and you will see the main "SharePoint Tru Auditor" Form
2. Fill in
- SharePoint Type: Identifies if you are using SharePoint on Premises or SharePoint Online (Office 365)
- SharePoint site URL: This is the full path to the SharePoint site collection or a subsite under that site collection. It may be best to navigate to the site using a browser first before typing this address in.
- Username: This is the user name that will be used to authenticate against SharePoint to query the permissions. Often time this is your own or an admin account. The account must have "Full Control" on the areas being audited.
If using Office 365 or Forms based authentication this is usually in the form of an email address "example@domain.com"
If using an on premises SharePoint, this is in the format of DOMAIN\USERNAME - Password: The password for the account provided
-
Report Type:
- SharePoint Unique Permissions Report:
This Report is used to show SharePoint Sites, Libraries and lists with unique permissions (fine grained permissions). Along with the Report you will see the role assignments or the different SharePoint Groups, users and Active Directory (AD) Groups and the rights they are given on that object. - SharePoint User-Specific Audit Report:
This Report is used to audit a specific use for their effective permissions across the site. You will see a report of objects with unique permissions and the effective permission that user has on those objects.
- SharePoint Unique Permissions Report:
- Report Location: The Tru Auditor generates a report in the format of an Excel File (XLSX). This is the location that the report will be generated. Under the provided folder here, Tru SharePoint Auditor will create a folder and place the report file inside the folder.
- Output Window: This is the output window that shows prompts and progress made by the audit. You will see content here once you click on "Generate Report" button.
- STOP Processing: In case you the program starts generating a report, use the STOP processing button to stop the current report job. By stopping, all data of the report will be lost, no partial data is available for viewing.
- OPEN REPORT FOLDER BUTTON: This button will open the Explorer location of of the path provided under "Report Location"
Running Tru Audit Report
Once you have populated all the fields in the form. Click on the "Generate Report" button. The output screen will display the status of the report job.
Navigating the Results
Once the report is complete, the app will provide two outputs.
1. A Site Tree Window showing a tree structure with the items it identified to have unique permissions.
2. A Full Excel Document Report which shows a very detailed report of the findings.
The Unique Permissions Tree View Window
The report generates the tree view that shows all sites and lists or document libraries with broken inheritance (also referred to having unique permissions or fine-grained permissions). The tree view does not show items such as specific documents or list items. To view those you must open the Excel Report.
You may double click on a node in the tree to visit the site or library directly.
Tru SharePoint Unique Permission Excel Report
Tru Permissions Reporter will generate an Excel file with a complete report of everything under the starting location you specified in the URL. Opening the report will reveal the table below.
From this table, you are able to answer many questions about the permissions in SharePoint.
- What objects have unique or broken inheritance permissions. Are those items, lists or sites.
- Who has access to those items with broken inheritance.
- What groups in Active Directory or SharePoint have access to those items.
- What changes in security and permissions have been done since the last report?
The report can be filtered by user, site group, or any field by using the drown down filters..
User-Specific Effective Permission Report
This report shows the effective permissions a user has on objects in SharePoint. But first what are effective permissions?
An effective permission is the final verdict the system makes on whether a user has access or SharePoint object or not. If a user is given read access AND full control access, the effective permission is that they have full control access. Full Control overwrites the read access.
Here's another example. If a user is in group called managers and managers has full control on a site, it may be hard from looking at the role assignments to know if that user has access, since the user is buried under the manager's group. In the effective permissions report, the user is tested against that site and the report will show exactly what kind of rights a user has regardless of how many groups he/she is nested under.
How to Read the Permission Report
EntityTitle The name of the object in SharePoint
EntityType Identifies if this object is a site, list, or item. Web means a subsite.
UserOrGroupName The person or group name that has permission on that object
UserLoginName The internal User ID or Group ID of the person or group
UserOrGroupType Identifies if this is a group or User
Role The permission level assign to this user or group.
Important Note about the Report
The report only shows items that have unique permissions. Items that inherit permissions from their parent do not show since they have the same permissions.
If you're interested in changing the report results or would like to see something else, please let us know.
Comments
Get News and Updates