Tag Archives: delete permission

How to track permission changed in SharePoint

Posted on by

Here are some tips to identify or track the permission changed in SharePoint.

Prerequisites:

1. Reporting feature should be activated at site collection level. (From CA, option is available under Site Collection Administrator section)

2. Make sure audit logs not purged. (Usually there is duration specified to trim the audit logs)

How to:

1. Click Audit log reports. (From CA, option is available under Site Collection Administrator section)

2. Under Security And Site Settings Reports click the security settings option.

3. Confirm the location of log file.

4. Once process completed, open log file in excel and filter out event column with “Security Group Member Delete”

5. Under Event Data column, check the tag ID Number it will display with numeric value. (For instance 1234 is the ID Number displaying under user)

6. Navigate to this URL http://yoursite/_layouts/userdisp.aspx?ID=1234&force=1 (Pass the same user id,)

7. Finally you will find which user was deleted and if you want to know who deleted then check the column “User ID”