How to Detect SharePoint Permission Changes

Native Auditing vs. Netwrix Auditor for SharePoint
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for SharePoint
Native Auditing
Netwrix Auditor for SharePoint
Steps
  1. Navigate to "Site Settings" → Click "Site Collection Administration" → Go to "Site collection features" → Choose "Reporting" → Click "Activate".
  2. Navigate to "Site Settings" → Click "Site Collection Administration" → Go to "Site collection audit settings" → Tick the "Editing Users and Permissions" events to audit under the "List Libraries and Sites" settings.
  3. Navigate to "Site Settings" → Click "Site Collection Administration" → Go to "Site collection audit settings" → Set "Automatically trim the audit log for this site?" to "Yes" → Set the trimming range time (the default value is 30 days) → Set the location you want to save the log to before it’s trimmed → Click "OK".
  4. Navigate to "Site Settings" → Click "Site Collection Administration" → Go to "Audit log reports" → Select the "Security Settings" report to view all permission changes made in your SharePoint environment.
Native Audit log report for detection of SharePoint permissions changes
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "SharePoint" section → Select "SharePoint Permissions Changes by User" → Click "View".
Netwrix Auditor Report for detection of SharePoint permissions changes
  1. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click “Save”.

Spot SharePoint Permission Changes to Keep Your Sensitive Data Secure

Timely detection of SharePoint permission changes is critical for security. Permission changes can enable users to get access to sensitive data that they shouldn’t have, or even to copy, modify, delete and distribute confidential information. Permission changes can be an indication of external or internal attackers attempting to exfiltrate sensitive data. Therefore, ongoing tracking of SharePoint permission changes is crucial to minimizing the risk of data leaks and compliance violations.

Netwrix Auditor for SharePoint tracks and reports on changes to farm configuration, user content and security, as well as modifications to permissions and permission inheritance, group membership and security policies. It provides all the details IT administrators need, including who made each change to permissions, when and where it was made, which SharePoint group was affected, and the before and after values. IT staff can also subscribe to these reports, which will be automatically delivered via email, to stay constantly aware of any SharePoint permission changes.  

Related How-tos