How to Detect SharePoint Permission Changes

As the amount of critical data stored on SharePoint increases, securing it becomes one of organization’s top priorities.

Excessive SharePoint permissions may not only allow users to get access to sensitive data but also to copy, modify, delete and distribute confidential files. Timely detection of SharePoint permission changes is extremely important for security assurance.

This how-to will show you two different approaches to detecting who changed SharePoint permissions, what exactly was changed, when and where.

Native Auditing vs. Netwrix Auditor for SharePoint

Native Auditing

1. Navigate to Site Settings > Site Collection Administration > Site collection features > Choose “Reporting” > Press “Activate”

2. Navigate to Site Settings > Site Collection Administration > Site collection audit settings > Mark “Editing Users and Permissions” events to audit in “List Libraries and Sites” settings

3. Navigate to Site Settings > Site Collection Administration > Site collection audit settings > Set “Automatically trim the audit log for this site?” to “Yes” > Set trimming range time (30 days default) > Set the location you want to save the log before it will be trimmed > Click “OK”

4. Navigate to Site Settings > Site Collection Administration > Audit log reports > Choose “Security Settings” report to view all permission changes made in your SharePoint

Netwrix Auditor for SharePoint

1. Install and configure Netwrix Auditor for SharePoint

2. Navigate to Netwrix Auditor > Managed Objects > Your SharePoint Server > Launch data collection by clicking “Run” button

3. Navigate to Netwrix Auditor > Managed Objects > Your SharePoint Server > SharePoint > Reports > All Changes > All SharePoint Permission Changes by User > Specify date and time range > Click “View Report” button to view all permission changes within specified period

Don’t miss out on real-life use cases of detecting permission changes on SharePoint!