How to Detect SharePoint Permission Changes


Native Auditing vs. Netwrix Auditor for SharePoint

Native Auditing Netwrix Auditor for SharePoint
Steps
  1. Navigate to Site Settings → Site Collection Administration → Site collection features → Choose “Reporting” → Press “Activate”.
  2. Navigate to Site Settings → Site Collection Administration → Site collection audit settings → Mark “Editing Users and Permissions” events to audit in “List Libraries and Sites” settings.
  3. Navigate to Site Settings → Site Collection Administration → Site collection audit settings → Set “Automatically trim the audit log for this site?” to “Yes” → Set trimming range time (30 days default) → Set the location you want to save the log before it will be trimmed → Click “OK”.
  4. Navigate to Site Settings → Site Collection Administration → Audit log reports → Choose “Security Settings” report to view all permission changes made in your SharePoint.

  1. Run Netwrix Auditor → Reports → SharePoint → SharePoint Permissions Changes by User → View.


Spot SharePoint permission changes to keep your sensitive data secure

Timely detection of SharePoint permission changes is critical for security. Permission changes can enable users to get access to sensitive data that they shouldn’t have, or even to copy, modify, delete and distribute confidential information. Permission changes can be an indication of external or internal attackers attempting to exfiltrate sensitive data. Therefore, ongoing tracking of SharePoint permission changes is crucial to minimizing the risk of data leaks and compliance violations.

Netwrix Auditor for SharePoint tracks and reports on changes to farm configuration, user content and security, as well as modifications to permissions and permission inheritance, group membership and security policies. It provides all the details IT administrators need, including who made each change to permissions, when and where it was made, which SharePoint group was affected, and the before and after values. IT staff can also subscribe to these reports, which will be automatically delivered via email, to stay constantly aware of any SharePoint permission changes.  

Got Feedback? Share!