https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286029#M239159 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I'm trying to find out which user changes permissions on a node in Alfresco Community edition. Things I have tried so far</P><P></P><P>1. I can retrieve the&nbsp;alfresco-access logs via REST but I do not see any event rasied when permissions on a node changes.</P><P></P><P>2. cmischangelog produces a "Security" change event for the node but does not include the user who caused it. Tried fetching last modified property on the node but acl changes does not update the node. No effect on setting the variables below to false in alfresco-global.properties either.</P><PRE class="" style="color: #333333; background-color: #f5f5f5; border: 1px solid #888888; margin: 0px 0px 20px; padding: 2px;"><SPAN class="" style="color: #880000;"># The default to preserve all cm:auditable data on a node when the process is not directly driven by a user action<BR /></SPAN><SPAN class="" style="color: #000000;">system</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">auditableData</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">preserve</SPAN><SPAN class="" style="color: #666600;">=</SPAN><SPAN class="" style="color: #000000;">$</SPAN><SPAN class="" style="color: #666600;">{</SPAN><SPAN class="" style="color: #000000;">system</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">preserve</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">modificationData</SPAN><SPAN class="" style="color: #666600;">}<BR /></SPAN><SPAN class="" style="color: #000000;"></SPAN><SPAN class="" style="color: #880000;"># Specific control of whether ACL changes on a node trigger the cm:auditable aspect<BR /></SPAN><SPAN class="" style="color: #000000;">system</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">auditableData</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #660066;">ACLs</SPAN><SPAN class="" style="color: #666600;">=</SPAN><SPAN class="" style="color: #000000;">$</SPAN><SPAN class="" style="color: #666600;">{</SPAN><SPAN class="" style="color: #000000;">system</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">auditableData</SPAN><SPAN class="" style="color: #666600;">.</SPAN><SPAN class="" style="color: #000000;">preserve</SPAN><SPAN class="" style="color: #666600;">}</SPAN><SPAN class="" style="color: #000000;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></PRE><P>3. Trying to get alfresco-api for low level events by setting audit.alfresco-api.enabled=true in alfresco-global.properties does not seem to work. &nbsp;alfresco/service/api/audit/query/alfresco-api returns no entries and&nbsp;/alfresco/service/api/audit/control does not list alfresco-api</P><P></P><P>Is there any other way to know which user caused a permission change? &nbsp;Any help with one/all of the above steps would be very useful.</P></BODY></HTML> Thu, 10 Nov 2016 17:19:03 GMT arjuncbe 2016-11-10T17:19:03Z https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286029#M239159 Hello,I'm trying to find out which user changes permissions on a node in Alfresco Community edition. Things I have tried so far1. I can retrieve the&nbsp;alfresco-access logs via REST but I do not see any event rasied when permissions on a node changes.2. cmischangelog produces a "Security" change event Thu, 10 Nov 2016 17:19:03 GMT https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286029#M239159 arjuncbe 2016-11-10T17:19:03Z https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286030#M239160 <HTML><HEAD></HEAD><BODY><P>Although the name might imply it, system.auditableData does not relate to the Audit feature - it only refers to the cm:auditable aspect and the data it maintains (creation / modification user and timestamp).</P><P></P><P>Using alfresco-api should work as long as the PermissionService public service bean is properly used. Simply enabling alfresco-api is not enough though - that only produces audit data but does not record it. You need to configure an Audit application to actually record the data for the audit query to return. See <A href="http://docs.alfresco.com/5.1/concepts/audit-custom-audit-config.html" rel="nofollow noopener noreferrer">audit configuration</A> for details.</P></BODY></HTML> Thu, 10 Nov 2016 19:42:25 GMT https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286030#M239160 afaust 2016-11-10T19:42:25Z https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286031#M239161 <HTML><HEAD></HEAD><BODY><P>Thanks. I did realise that system.auditableData controls modifying user and was looking to&nbsp;make the person who changed acl on a node to be modified user.</P><P></P><P>Your pointer was helpful and configuring a custom audit app to extract and then record the necessary entries solved my issue.&nbsp;</P></BODY></HTML> Thu, 24 Nov 2016 10:32:19 GMT https://connect.hyland.com/t5/alfresco-archive/auditing-permission-changes/m-p/286031#M239161 arjuncbe 2016-11-24T10:32:19Z