Prerequisites
Make sure your system fits the descriptions below before starting the installation.
Software Requirements
File Access Manager requires the latest ASP.NET Core 6.0.x Hosting Bundle. This bundle consists of .NET Runtime and ASP .NET Core Runtime. You can download the latest 6.0.x Hosting Bundle version from here.
Permissions
You will need users with the following permissions to interact with SharePoint:
-
Create a designated domain user in the domain in which SharePoint works (for example, siq_wss).
- For Access Fulfillment support, assign that user as a “Site Collection Administrator” for all Site Collections, using the Web Application Policy Rule to assign these permissions.
- If the IIS log file configuration is set to Automatic, the user must be an Administrator on all the front-end servers to access the IIS remote management API and the administrative shares. If the IIS log file configuration is set to Manual, assign the user Read permissions to access all IIS Logs on all front-end servers through the dedicated UNC share. See Configure View Activities Monitoring (Manual Mode Only) (Update link) for further details.
-
In the installation package you can find the script called SIQGrantSharePointDBPermissions.sql under
Collectors\scripts
. This script can be used to generate a new user login with the required database permissions. To run the script:- Open the Collectors\scripts folder in the installation package.
- Copy the script to one of the SharePoint servers.
- Follow the instructions at the top and run the script in the SharePoint SQL Server.
- Verify that the permissions were granted successfully.
The script should have the following messages:
Successfully granted permissions to [Configuration DB]
- For each content database, a message
Successfully granted permissions to content db [Content DB Name]
Script execution completed successfully
Configure View Activities Monitoring (Manual Mode Only)
Note: The following step can be skipped when automatic IIS log configuration is enabled in the Add New Application Wizard.
Enable Host field logging on all Front-end IIS servers. For each Web Application in each Front-end server:
- Open the IIS management console.
- Locate the SharePoint Web Application site in the IIS.
- Open the "Logging" options on the IIS management console.
-
Select Select Fields to open the Logging sub-window.
-
Select cs-host to select the field.
-
Select Apply under Action so the changes will take effect.
Note
If the CS-host field was not defined for logging before, View events might take a few hours to start collecting. To make the connector start collecting new view events, stop the IIS, delete the last IIS log file and start the IIS again.
Important
When running in a SharePoint farm with multiple Front-end servers, create a dedicated share on each Front-end for each Web Application IIS log directory, and give Read permissions to the user defined in the Permissions section above to access the share. These shares must be configured manually in the Application Configuration Wizard, as described in chapter Adding a SharePoint Application.
Add the IIS Management Console Role for Activity Monitoring
The SharePoint Activity Monitoring agent requires the “IIS Management Console” role to gather all view logs paths.
Enable the role on the server where the Activity Monitor service is installed:
- Open the Server Manager.
- Select Manage and then Add roles and features.
- Select Next until reaching the Server Roles screen.
- Select Web Server (IIS) and then select Add Features on the confirmation dialog.
- Select Next until reaching the Role Services window of Web Server Role (IIS).
- Scroll to the bottom and under Management Tools make sure the required IIS Management Console role is selected.
-
Select Next and then Select Install on the Confirmation window.
Communications Requirements
Requirement | Source | Destination | Port |
---|---|---|---|
Database Access | Permissions Collector | File Access Manager DB | According to the specific DB definitions |
File Access Manager Access | Activity Monitor/Permission Collector server |
File Access Manager Servers | 8000-8008 |
SharePoint Database Access | Activity Monitor/Permission Collector service |
SharePoint Databases | According to the specific DB definitions |
Data Classification | Data Classification Server | SharePoint Farm | http & https as required |
Access to IIS Logs | Activity Monitor | All SharePoint Front-end servers | 139/445 |