Skip to main content

Permissions for Qumulo Auditing

Before you start creating a monitoring plan to audit your Qumulo or Synology file servers, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard (or monitored item settings).

You can also use group Managed Service Accounts (gMSA) as data collecting accounts.

See the Use Group Managed Service Account (gMSA) topic and the Group Managed Service Accounts Overview Microsoft article for additional information.

These group Managed Service Accounts should meet the related requirements, as listed below.

The account for data collection can be either local (Qumulo account) or domain-based.

The following permissions are required:

  • An account with the "Observers" role to monitor a Qumulo cluster. Assign the Observers role to the user using Cluster > Role Management.
  • The account requires Read share permission on the audited shared folders.
  • The account requires Read NTFS permission on all objects in the audited folders.