Nick Grattan’s SharePoint Blog

About Microsoft SharePoint and some .NET

Auditing Permission Changes

with 8 comments

Question: Can you audit permission changes in a site collection?

Answer: This is possible, but by default security changes are not audited. To enable auditing:

  1. Select Site Actions + Site Settings + Modify All Site Settings at the site collection root site.
  2. Click the Site collection audit settings link.
  3. Select the Editing users and permissions option:

Audit1

Once turned on, changes to permissions on sites, lists and items will be audited. To view the audit log:

  1. Click the Audit log reports link on the “Site Settings” page for the site collection.
  2. Click the Security Settings link:

Audit2

This will open the audit log in an Excel spreadsheet. The following example shows a summary showing a single security change resulting from a breaking of permission inheritance:

Audit3

More detailed information is available in the “Report Data” sheet in the Excel workbook.

Written by Nick Grattan

November 27, 2007 at 9:13 pm

Posted in SharePoint Administration, SharePoint Power User

«
»

8 Responses

Subscribe to comments with RSS.

  1. I don’t see much value in this. I guess while it might be important for some to see when user permissions were changes, what is most important is WHO made those changes. I cannot believe that MS left that out of this report.

    Do you know whether this information is available?

    Craig Campbell

    January 16, 2008 at 8:49 pm

    Reply

  2. When I open the report I see a column called “User ID” which I believe is the user who made the change. Are you seeing this?

    I agree that the whole reporting area is poor – the fact that Sites etc are displayed as GUID is not very user friendly!

    Nick.

    nickgrattan

    January 17, 2008 at 11:16 am

    Reply

  3. Well, User Id is actually user’s domain name. Lately I had a problem: someone changed the structure of the list (removed a column) that crashed useful logic. If I had only enabled that feature!

    yava.ua

    January 24, 2008 at 1:08 pm

    Reply

  4. I’m sure you have your suspicions as to the identity of the guilty party!

    nickgrattan

    January 24, 2008 at 2:14 pm

    Reply

  5. This is all very well to see who made what changes and when, what if you want to do a ’snapshot’ of what the permissions are at the current time?

    Can you fiddle with this report to get the answers?
    Or is there another easier way to do this?

    PJ

    February 16, 2009 at 1:53 am

    Reply

  6. I don’t know a report that will give you these answers – certainly a limitation. Nick

    Nick Grattan

    February 16, 2009 at 10:03 am

    Reply

  7. Does anybody know what event=”Security Role Bind Update” means? What causes this event?

    igh

    October 8, 2009 at 9:02 am

    Reply

    • This occurs when you bind a permission level to a group. It probably happens when assigning permissions to other objects too. Regards, Nick.

      Nick Grattan

      October 8, 2009 at 9:10 am

      Reply

Leave a Reply