SharePoint Farm managed host deployment
SharePoint farms are similar to remote managed hosts in that they require an associated service account, even though they are installed locally on a SharePoint server. In addition, you can configure the level of auditing you want to perform on SharePoint farms.
Permissions required to access SharePoint farms
SharePoint farms are similar to remote managed hosts in that they require a service account with sufficient permissions to access the data, even though they are installed locally. The service account for the agent managing SharePoint farms, must meet the following minimum permissions:
- Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)).
- Must be a member of the administrators group on the SharePoint server.
- Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)
Configure SharePoint to track resource activity
To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.
Configure auditing on SharePoint farms
You can enable auditing at different levels in the SharePoint farm. It is recommended that you enable auditing at the site collection level to ensure that all events are collected. The methods available for configuring auditing vary depending on the SharePoint edition installed. Sometimes, you can use Central Administration; in all cases you can use Windows PowerShell. It is recommended that you enable all SharePoint native events to ensure maximum coverage for data governance activities, but you may select a smaller set to improve performance if necessary.
Consult your Microsoft documentation for complete information on configuring auditing.