Nick Grattan's Blog

About Microsoft SharePoint, .NET, Natural Language Processing and Machine Learning

Auditing Permission Changes

with 13 comments

Question: Can you audit permission changes in a site collection?

Answer: This is possible, but by default security changes are not audited. To enable auditing:

  1. Select Site Actions + Site Settings + Modify All Site Settings at the site collection root site.
  2. Click the Site collection audit settings link.
  3. Select the Editing users and permissions option:

Audit1

Once turned on, changes to permissions on sites, lists and items will be audited. To view the audit log:

  1. Click the Audit log reports link on the “Site Settings” page for the site collection.
  2. Click the Security Settings link:

Audit2

This will open the audit log in an Excel spreadsheet. The following example shows a summary showing a single security change resulting from a breaking of permission inheritance:

Audit3

More detailed information is available in the “Report Data” sheet in the Excel workbook.

Advertisements

Written by Nick Grattan

November 27, 2007 at 9:13 pm

13 Responses

Subscribe to comments with RSS.

  1. I don’t see much value in this. I guess while it might be important for some to see when user permissions were changes, what is most important is WHO made those changes. I cannot believe that MS left that out of this report.

    Do you know whether this information is available?

    Craig Campbell

    January 16, 2008 at 8:49 pm

    • I personally use this automated software available from Lepide i.e., (http://www.lepide.com/sharepoint-audit/) to monitor my ShrePoint database changes. This software is equipped with several salient features that provide real time monitoring of all changes even at granular level. It sends customized email notification immediately when someone trying to make any crucial changes in SharePoint database.

      samual hassi

      June 30, 2014 at 10:02 am

  2. When I open the report I see a column called “User ID” which I believe is the user who made the change. Are you seeing this?

    I agree that the whole reporting area is poor – the fact that Sites etc are displayed as GUID is not very user friendly!

    Nick.

    nickgrattan

    January 17, 2008 at 11:16 am

  3. Well, User Id is actually user’s domain name. Lately I had a problem: someone changed the structure of the list (removed a column) that crashed useful logic. If I had only enabled that feature!

    yava.ua

    January 24, 2008 at 1:08 pm

  4. I’m sure you have your suspicions as to the identity of the guilty party!

    nickgrattan

    January 24, 2008 at 2:14 pm

  5. This is all very well to see who made what changes and when, what if you want to do a ‘snapshot’ of what the permissions are at the current time?

    Can you fiddle with this report to get the answers?
    Or is there another easier way to do this?

    PJ

    February 16, 2009 at 1:53 am

  6. I don’t know a report that will give you these answers – certainly a limitation. Nick

    Nick Grattan

    February 16, 2009 at 10:03 am

  7. Does anybody know what event=”Security Role Bind Update” means? What causes this event?

    igh

    October 8, 2009 at 9:02 am

    • This occurs when you bind a permission level to a group. It probably happens when assigning permissions to other objects too. Regards, Nick.

      Nick Grattan

      October 8, 2009 at 9:10 am

      • Hey Nick, One thanks for maintaining this blog – hopefully that is still the case. 🙂 Can you elaborate on what it means when “…occurs when you bind a permission level to a group. It probably happens when assigning permissions to other objects too.” As a business user – we found permissions to inadvertently change on a doc library and wondering who the culprit is though – given a report from IT – we have for UserID – a system account and for ‘Event’ we have Security Role Bind Update. I don’t get it. Any info you have on this would be appreciated. Thanks – CB

        CB

        October 15, 2013 at 1:49 pm

  8. if i am not enable, any other way trace who change the permission ?

    nsp

    June 11, 2010 at 1:59 am

  9. […] of SharePoint security group جواب شما: Item-Level Auditing with SharePoint Server 2007 Auditing Permission Changes ویرایش توسط mehdiiiii : امروز در ساعت 11:49 PM تجربه شخصی: […]

    modify permission

    January 23, 2011 at 7:20 pm

  10. […] funcionalidad está disponible de serie desde la versión 2007 de SharePoint como podéis ver en este enlace. Básicamente, en las ediciones de SharePoint Server podemos habilitar el seguimiento de cambios en […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: