Managing Access Reviews Integration Limits for File Servers
Overview
This article describes the current limits and system requirements for the Access Reviews integration when collecting permission data from Windows File Servers in Netwrix Auditor.
The Access Reviews integration collects permission data from monitored file servers and uploads it to the Access Reviews (AIC) database. The volume of permission data directly affects memory consumption on both the Auditor host and the SQL Server instance.
Review the Considerations & Limitations section for general integration constraints.
Instructions
Permission Upload Limit
The default limit for permissions uploaded to the Access Reviews database in a single data collection is 200,000. To increase this limit, contact Netwrix Support. The current maximum that can be configured is 800,000 permissions.
If the number of permissions exceeds this limit, the upload fails with a connection error due to SQL Server packet size restrictions.
NOTE: SQL Server imposes the 800,000 permission limit as a hard constraint. Attempting to upload more than 820,000 permissions results in a
maximum packet count exceedederror that cannot be resolved through SQL Server configuration changes.
System Requirements by Permission Count
The following table shows approximate memory consumption observed during data collection for different permission counts. Testing used Auditor 10.8 with a dedicated SQL Server instance.
| Permissions | Auditor host (RAM) | SQL instance (RAM) |
|---|---|---|
| 200,000 | 3.2 GB | 6.5 GB |
| 400,000 | 4.1 GB | 12 GB |
| 500,000 | 5 GB | 15.5 GB |
| 600,000 | 5.6 GB | 19 GB |
| 800,000 | 6.5 GB | 24 GB |
NOTE: If the SQL Server host does not have enough available RAM for the permission count being processed, the upload fails with an
insufficient system memory in resource poolerror.
Count Permissions Before Enabling Integration
-
Verify that the total number of permissions per data source does not exceed the 800,000 limit.
-
Download and copy the AIC Resource Estimation Tool to the machine where Auditor is installed.
Download the AIC Resource Estimation Tool, a Netwrix permission-counting utility.
The executing account must have:
- Local administrator rights.
- Read access to the Auditor reporting databases. To authenticate with a specific SQL account, use
--sqluser.
-
Run the tool:
AicResourceEstimationTool.exeAicResourceEstimationTool.exe --countallAicResourceEstimationTool.exe --htmlParameter Description --countallCount permissions for all File Server Auditing (FSA) plans, including plans without Access Reviews enabled --htmlSave results as an HTML report and open it in the default browser --csvSave results as a CSV file --depth NOverride the AIC depth level for every plan (0 = shares only, 1 = shares + one subfolder level) --sqluser USERNAMEAuthenticate to SQL Server with a specific account (SQL or Windows) --helpDisplay help and exit NOTE: The tool reads the Auditor configuration automatically and discovers all FSA monitoring plans. By default, it only counts permissions for plans with Send Data for Access Reviews enabled. Use the
--countallparameter to include all FSA plans.
Recommendations
- Verify permission counts before enabling the integration.
- If a file server has more than 800,000 unique permissions across all monitored shares, consider splitting the data source into multiple monitoring plans.
- Allocate sufficient SQL Server memory.
- For environments with 400,000+ permissions, ensure the SQL Server host has at least 16 GB of RAM dedicated to the SQL instance.
- For 600,000+ permissions, allocate at least 24 GB.
- Monitor the Auditor host.
- Auditor services hold allocated memory until the upload completes. Ensure the Auditor host has enough available RAM to accommodate the peak usage listed in the System Requirements by Permission Count table.
- Check the Health Log for errors.
- The Netwrix Auditor Health Log records upload failures. These failures do not affect the status of monitored items or data sources in the Auditor console.