Permissions required to access SharePoint farms
SharePoint farms are similar to remote managed hosts in that they require a service account with sufficient permissions to access the data, even though they are installed locally. The service account for the agent managing SharePoint farms, must meet the following minimum permissions:
- Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)).
- Must be a member of the administrators group on the SharePoint server.
- Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)
Configure SharePoint to track resource activity
To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.
Configure auditing on SharePoint farms
You can enable auditing at different levels in the SharePoint farm. It is recommended that you enable auditing at the site collection level to ensure that all events are collected. The methods available for configuring auditing vary depending on the SharePoint edition installed. Sometimes, you can use Central Administration; in all cases you can use Windows PowerShell. It is recommended that you enable all SharePoint native events to ensure maximum coverage for data governance activities, but you may select a smaller set to improve performance if necessary.
Consult your Microsoft documentation for complete information on configuring auditing.
Install the QAM.SharePoint.Auditing.Monitor farm solution
If you install the SharePoint farm solution, you can supplement the events captured by native auditing. Install “QAM.SharePoint.Auditing.Monitor.wsp” from the agent installation folder (by default %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services.) Consult your Microsoft documentation for information on installing a farm solution.
Note: You must enable SharePoint native auditing. The farm solution is not a replacement for native auditing, it is an enhancement.
This farm solution captures some events that are unavailable through native SharePoint auditing, specifically:
- Adding a folder
- Adding a library
- Renaming a list or library
- Creating a site