For SharePoint Auditing

Before you start creating a monitoring plan to audit your SharePoint farm, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard.

Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.

NOTE: For more information on gMSA, refer to Using Group Managed Service Account (gMSA)Microsoft documentation.

These group Managed Service Accounts should meet the related requirements.

On the target SharePoint farm:

  1. On the SharePoint server where the Netwrix Auditor Core Service will be deployed: the account must be a member of the local Administrators group.
    To learn more about Netwrix Auditor Core Services, refer to Installing Core Services to Audit User Activity and SharePoint (Optional).
  2. On the SQL Server hosting SharePoint database: the SharePoint_Shell_Access role.
    See Assigning 'SharePoint_Shell_Access' Role
  3. If you plan to collect state-in-time data from a SharePoint farm, the account should also meet the requirements below:
    • For site collection processing — lock status for this account must differ from No access
    • For web application processing — the following permissions must be assigned to this account:
      • Open items
      • View items
      • Browse directories
      • View pages
      • Browse user information
      • Open
      • Enumerate permissions