Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0.1 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment About us

Permissions required to access SharePoint farms

SharePoint farms are similar to remote managed hosts in that they require a service account with sufficient permissions to access the data, even though they are installed locally. The service account for the agent managing SharePoint farms, must meet the following minimum permissions:

  • Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)).
  • Must be a member of the administrators group on the SharePoint server.
  • Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)

Configure SharePoint to track resource activity

To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.

Configure auditing on SharePoint farms

You can enable auditing at different levels in the SharePoint farm. It is recommended that you enable auditing at the site collection level to ensure that all events are collected. The methods available for configuring auditing vary depending on the SharePoint edition installed. Sometimes, you can use Central Administration; in all cases you can use Windows PowerShell. It is recommended that you enable all SharePoint native events to ensure maximum coverage for data governance activities, but you may choose a smaller set to improve performance if necessary.

Consult your Microsoft documentation for complete information on configuring auditing.

Install the QAM.SharePoint.Auditing.Monitor Farm Solution

If you install the SharePoint farm solution, you can supplement the events captured by native auditing. Install “QAM.SharePoint.Auditing.Monitor.wsp” from the agent installation folder (by default %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services.) Consult your Microsoft documentation for information on installing a farm solution.

Note: You must enable SharePoint native auditing. The farm solution is not a replacement for native auditing, it is an enhancement.

This farm solution captures some events that are unavailable through native SharePoint auditing, specifically:

  • Adding a folder
  • Adding a library
  • Renaming a list or library
  • Creating a site
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating