Audit log folder access

akring — Thu, 06 May 2021 12:00:25 GMT

I cannot see audit log entries for folder access of normal users (user access to content nodes is available in the audit logs). I am using the following audit settings:

audit.alfresco-access.enabled=true
audit.filter.alfresco-access.default.enabled=true
audit.filter.alfresco-access.transaction.path=/app:company_home/st:sites/.*
audit.filter.alfresco-access.default.path=/app:company_home/st:sites/.*

apart from these default setting provided by the repository.properties file:

# Audit configuration
audit.enabled=true
audit.tagging.enabled=true
audit.alfresco-access.enabled=false
audit.alfresco-access.sub-actions.enabled=false
audit.cmischangelog.enabled=false
audit.dod5015.enabled=false
# Setting this flag to true will force startup failure when invalid audit configurations are detected
audit.config.strict=false
# Audit map filter for AccessAuditor - restricts recorded events to user driven events 
audit.filter.alfresco-access.default.enabled=false
audit.filter.alfresco-access.transaction.user=~System;~null;.*
audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site
audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.*

As I understand it the setting above should ensure that user access to folders is audit logged, but doing a

$ curl -X GET -u admin:admin 'http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/audit-entries?maxItems=100'

where a9099aa6-25eb-4b2d-98c3-f234ceaed2b8 is the nodeId of a folder just returns a single entry which is a result of the creation of the node by the admin user. The following calls from the network tab in the browser inspector reveals that the folder node actually has been visited by a normal user (username = bruce):

https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?fields=isFile%2CparentId%2Cid
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/children?maxItems=2147483647&orderBy=isFolder%20desc%2Cname%20asc&include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames&includeSource=true

So I am a bit puzzled why the above folder access from the user bruce is not shown in the audit log. Any ideas why this could be?

Re: Audit log folder access

afaust — Fri, 07 May 2021 07:52:19 GMT

Regular read access to nodes is not logged via alfresco-access - neither for content nor folders. The only read-access that is logged is an explicit content access, which obviously only applies to nodes of type content or which have any other type/aspect defining a content property. In the audit entry this content access should be appropriately be listed as a "readContent" action / event, not to be confused with a metadata / listing read access.

Re: Audit log folder access

akring — Mon, 10 May 2021 10:41:04 GMT

Ok - thanks a lot for clearifying this

topic Re: Audit log folder access in Alfresco Forum

Audit log folder access

Re: Audit log folder access

Re: Audit log folder access