Audit report - exclude users
- exclude system accounts
Good morning! I wonder if there is a way to have the Audit Reports have a checkbox to say "don't show system accounts" or "WE" can build them "ignore the search crawler account and the system account" as a checkbox so my results do'nt need to be filtered. I have a user who had permissions changed and I am looking for it. I want to find out which user / group moved it / changed it and I know it's not the search account or ME / system account. Just offering a sugestion! :)
I created a custom report that shows all users that have Full Control access to a site collection. I am able to include only those where their permission levels contain "Full Control" and also exclude farm admin and system accounts. It would be beneficial to be able to include the account that granted the user/user group Full Control access.
This information is available on the Permission Matrix report. I realize the Permission Matrix report (PMR) is driven by SharePoint's audit log and whether it is enabled and how long the retention time is set. It seems like the PMR runs by just chugging through the data. I don't know if the audit log is indexed in any way to allow easy lookup. If it is not, it looks like we would need to find a way to merge the 2 reports to get the information we are looking for.
The PMR already allows the specification of specific user groups. It would be good to be able to specify which groups to EXCLUDE and/or include only individuals or groups with a certain permission level. This could work also, although it would not allow for a complete audit of permissions, only those that are in SharePoint's audit log.
Lue Yang commented
To be able to exclude certain users or accounts.
This is a REAL need for Audit Reporting. All my audit reports are generating so many results that it ends up erroring out because "SharePoint took too long to respond to a request." That is the error that ShareGate gives. I then would have to modify the duration of dates that it needs to audit in order to generate properly, even though it is still in the thousands of results because of system accounts.
Cette fonctionnalité nous manque, ça serait utile d'exclure compte system,ou key-user pour les éléments de type "viewed"
Would be great for the Audit report to allow for the exclusion of specific accounts from a site collection in addition to the option for reporting on specific users.
PS: Awesome product!!!
I would love to be able to exclude users from Audit reports. Such as myself since I am the Admin and always changing everything or the system account since its always changing things with the nightly retention policies.
Bevan Scott commented
I would also like for this to be included in a future update. Ive just run a report with 32k results and 31k are the service account
I would like to share with my colleages an audit report of items they can "track" for how many times people have viewed or opened a document, however i have to go in and remove the SharePoint Search / Crawl account. I wonder if there is a way to have it EXCLUDE that. I know I can do so afterwards, but hey, I am asking for a lot! :)
La possibilite d'exclure des comptes (comptes de services, crawl, etc..) dans les rapports d'audit serait bien.
-exclude the system admin from the report
I like to run audit reports on SharePoint online to see what users are doing all across the site/subsites. However, since I am the SharePoint admin, my count throws off the numbers since I am in it all the time. As well as the System account that is expiring list items and recycling them are being counted. I want a way to exclude those users, but include everyone else.
Mathieu Delisle commented
I'd like to be able to select users that I don't want to appear in the Audit Report. In my case, I would particularly like the option to remove the System Account from the report.