We store user data on a NetAPp and I am wondering if there is a way to audit file access and file changes for a handful of users only.
Enable File Access Audit
Enable File Change Audit
Enable for specific user only
Store for one quarter of the year and then rewrite.