SharePoint 2010 Security Reports

SharePoint 2010 offers permissions to manage its resources using different permission levels. It provides more granular control on permissions starting from the entire farm to item level security, as continued from SharePoint 2007. The permissions can be defined for users and groups using the default permission levels available out-of-the-box or you can define custom permission levels. The permissions for users and groups can be assigned from Active Directory repository or external stores like SQL or other custom authentication providers.

Depending on the object level in the SharePoint hierarchy, permissions can be assigned by using the default SharePoint classifications like Farm Administrators, Site Collection Administrators, Site Owners, Site Members, Site Visitors, etc., which have pre-defined permissions configured in them. SharePoint administrators can also manage SharePoint security by creating custom permission levels, apart from using the SharePoint defaults.
With the Permissions Management in SharePoint 2010 more flexible, SharePoint administrators / owners / users can modify permissions of SharePoint objects at ease. Proper documentation of the existing permissions setting and any change to permissions facilitates effective permission management and is necessary for post-migration of SharePoint contents.
Our product Admin Report Kit for SharePoint 2010 (ARKSP) ably assists in generating permissions reports for various SharePoint objects for documentation or monitoring SharePoint security or internal & external audit purposes. ARKSP provides detailed permissions reports pertaining to various SharePoint entities like web application, site collection, site, list and list items as mentioned below:

1. Site Collection Administrators Report:

Site Collection Administrators report provides information about the list of users who have been configured as Site Collection Administrators. This report displays the list of admin users, admin type (Primary or Secondary), their login names and e-mail addresses.

Report fields
: Web Application, Site Collection URL, Created Date, Admin Type, Admin Name, Admin Login Name, Admin E-mail.

2. Site Permission Levels Report:

Site Permission Levels report provides information about the list of permission levels with their permissions defined for each one of them.

Report fields
: Web URL, Web Title, Permission Level, Description, Permissions

3. Site Permissions Report:

Site Permissions report provides information about the list of users and groups who have been assigned permissions in the SharePoint site. This report displays the
list of assigned users / groups, account type (User, AD group or SharePoint group), owner and members of the group and permission levels.

Report fields: Web URL, Web Title, Groups/Users, Account Type, Description, Group Owner, Permission Levels, Members.

You can group the Site Permissions report using the following fields:

  • Group/Users field to view the groups / users and the corresponding sites for which they have specific permissions.
  • Group Owner field to view the group owners and the corresponding sites with their respective permissions.
  • Members field to view the list of users / groups who have inherited permissions in the SharePoint site by way of group membership.
  • Permission Levels field to view the permission levels and the list of users / groups who have been configured with that permission level for the site.

4. List Permissions Report:

List Permissions report provides information about the list of users and groups who have been assigned permissions in the SharePoint list. The final report displays the list of assigned users / groups, account type (User, AD group or SharePoint group), members of the group and their permission levels.

Report fields: Web URL, Web Title, Base Template, List Name, Groups/Users, Account Type, Description, Group Owner, Permission Levels, Group Members.

You can group the report by Group/Users field to view the groups / users and the corresponding sites for which they have specific permissions.

You can also group the report by Permission Levels field to view the permission levels and the list of users / groups who have been configured with that permission level for the list.

5. List Folders Security Report:

List Folders Security report provides information about the list of users and groups who have been assigned permissions in the folders available in the SharePoint list. The final report displays the list of assigned users / groups and their permission levels.

Report fields: Web URL, Web Title, Base Template, List Name, Folder Name, Folder URL, Groups/Users, Permission Levels.

You can group the report by Group/Users field to view the groups / users and the corresponding sites for which they have specific permissions.

6. List Item Security Report:

List Item Security report provides information about the list of users and groups who have been assigned permissions for each item available in the SharePoint list. The final report displays the list of assigned users / groups and their permission levels.

Report fields: Web URL, Web Title, Base Template, List Name, Item URL, Item
Name, Groups/Users, Permission Levels.

You can group the report by Group/Users field to view the groups / users and the corresponding sites for which they have specific permissions.

7. Audit – Permission Inheritance Changed Report:

Audit – Permission Inheritance Changed report provides permission inheritance changes for sites, lists and the items in each site. The final report displays the list of SharePoint objects, permission inheritance event, URL, the user who performed and the date on which inheritance event occurred.

Report fields: Web URL, Web Title, Event Name, URL, Occurred, Performed By.

You can group the report by Occurred field to view the dates on which the permission inheritance has been modified in SharePoint objects by users.

You can also group the report by Performed By field to view the users and the corresponding objects for which they have modified permission inheritance.

8. Audit – Permission Level Added Report:

Audit – Permission Level Added report provides the list of permission levels added in SharePoint sites in the last N days or for a given date range. The final report displays the list of sites, permission levels added, the user who created the permission level and the date on which permission level event occurred.

Report fields: Web URL, Web Title, URL, Permission Level, Occurred, Performed By.

You can group the report by Occurred field to view the dates on which the permission level has been added in SharePoint site by users.

You can group the report by Performed By field to view the users and the corresponding permission levels they have added in the SharePoint sites in the last N days.

9. Audit – Permission Level Deleted Report:

Audit – Permission Level Deleted report provides the list of permission levels deleted in SharePoint sites in the last N days or for a given date range. The final report displays the list of sites, permission level ids that have been deleted, the user who deleted the permission level and the date on which permission level event occurred.

Report fields: Web URL, Web Title, URL, Permission Level ID, Occurred, Performed By.

You can group the report by Occurred field to view the dates on which the permission level has been deleted in SharePoint site by users.

You can group the report by Performed By field to view the users and the corresponding permission level ids they have deleted in the SharePoint sites in the last N days.

10. Audit – Permission Level Modified Report:

Audit – Permission Level Modified report provides the list of permission levels modified in SharePoint sites in the last N days or for a given date range. The final report displays the list of sites, permission levels modified, the user who modified the permission level and the date on which permission level event occurred.

Report fields: Web URL, Web Title, URL, Permission Level, Occurred, Performed By.

You can group the report by Occurred field to view the dates on which the permission level has been
modified in SharePoint site by users.

You can group the report by Performed By field to view the users and the corresponding permission levels they have modified in the SharePoint sites in the last N days.

11. Audit – Permissions Changed Report:

Audit – Permissions Changed report provides the permission changes performed in Groups/Users in SharePoint sites in the last N days or for a given date range. The final report displays the list of sites, Groups/Users whose permissions are modified, the user who modified the permissions and the date on which permissions event occurred.

Report fields: Web URL, Web Title, URL, Groups/Users, Occurred, Performed By.

You can group the report by Occurred field to view the dates on which the permission has been changed for groups/users in SharePoint site by users.

You can group the report by Performed By field to view the users and the corresponding groups/users for which permissions have been modified in the SharePoint sites in the last N days.

ARK for SharePoint 2010 software can be installed at the farm level to monitor and manage the entire SharePoint 2010 farm. You can download a 30-day evaluation copy from the product web page.