Skip to content

Connector Overview

Activity Monitor Operation Principles

Monitored activities can include activities from all Site Collections, Crawled Site Collections or from selected Site Collections, as described in Chapter Adding a SharePoint Application .

File Access Manager Activity Monitor for SharePoint uses two separate mechanisms to audit user activities.

  1. Fetch audits from SharePoint's audit facilities.
  2. The SharePoint audit audits all events, except View. Since monitoring View events via the SharePoint audit may result in an extremely heavy load on the SharePoint content database, a different approach is needed. View activities are audited by reading and analyzing the IIS log files on the SharePoint front-end servers. Each Web Application in the farm has its own log file folder and can span across multiple front-end servers. The Activity Monitor can find IIS log file folders automatically or manually.

Automatic Mode

In this mode, the Activity Monitor performs the following discovery sequence:

  • Read the list of front-end servers in the farm by using direct access to SharePoint databases.
  • Read the Web Applications configured on each Front-end server.
  • Configure the Web Application’s IIS log fields by using the IIS Remote Management API.
  • Locate the Web Applications IIS log file folder in each front-end server and access it through the administrative share remotely to read the IIS log files. Unless the default IIS log folder was changed, the administrative share will be \\frontend_server\c$.

Manual Mode

In this mode, each Web Application IIS logging configuration on each SharePoint front-end server must be configured to include specific fields. The IIS log path folders also must be manually configured in the Application Configuration Wizard in the form of a remote UNC share.

Use of Manual Mode is not recommended since it requires more manual work, which makes it more susceptible to mistakes.

Important

Only use this mode if the user running the Activity Monitor is not to be set as an administrator on all the front-end servers.

See Configure View Activities Monitoring (Manual Mode Only) (Update link) and the IIS Log Configuration field description in chapter Adding a SharePoint Application for information on configuring Manual Mode (Add link).

Permissions Collector Operation Principle

File Access Manager connects to SharePoint databases directly and analyzes the permissions for local and domain users and groups, including Site Collection administrators and Web Application Policy Rules.

By default, permissions are analyzed to the folder level, but they can also be analyzed on the file level. If permissions are analyzed on the file level, the system will only display uniquely managed files in the Business Resource Tree. Chapter Adding a SharePoint Application describes how to analyze file level permissions.

SharePoint Installation Flow Overview

To install the SharePoint connector:

  1. Configure all the prerequisites.
  2. Add a new SharePoint application in the Business Website.

  3. Install the relevant services:

    • Activity Monitor - This is the activity collection engine, used by all connectors that support activity monitoring.
    • Permissions Collector - If you are using EC2 login, the collector should be installed on the EC2 instance.
    • Data Classification Collector

Important

Installing the permissions collector and data classification services is optional and should only be installed by someone with a full understanding of File Access Manager deployment architecture. The File Access Manager Administrator Guide has additional information on the architecture.

Capabilities

This connector enables you to use File Access Manager to access and analyze data stored in SharePoint and do the following:

  • Analyze the structure of your stored data.
  • Monitor user activity in the resources.
  • Classify the data being stored.
  • Verify user permissions on the resources, and compare them against requirements.
  • Manage access fulfillment - automated granting and revoking of access - according to rules set in File Access Manager.
  • Identity collector – collect IAM users, groups and roles and the connections between them.

Supported Versions

  • SharePoint Server 2013, 2016, and 2019
  • 32-bit and 64-bit