Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auditing Permission Changes

arjuncbe
Champ in-the-making
Champ in-the-making

‎11-10-2016 12:19 PM

Hello,

I'm trying to find out which user changes permissions on a node in Alfresco Community edition. Things I have tried so far

1. I can retrieve the alfresco-access logs via REST but I do not see any event rasied when permissions on a node changes.

2. cmischangelog produces a "Security" change event for the node but does not include the user who caused it. Tried fetching last modified property on the node but acl changes does not update the node. No effect on setting the variables below to false in alfresco-global.properties either.

# The default to preserve all cm:auditable data on a node when the process is not directly driven by a user action
system.auditableData.preserve=${system.preserve.modificationData}
# Specific control of whether ACL changes on a node trigger the cm:auditable aspect
system.auditableData.ACLs=${system.auditableData.preserve}     

3. Trying to get alfresco-api for low level events by setting audit.alfresco-api.enabled=true in alfresco-global.properties does not seem to work.  alfresco/service/api/audit/query/alfresco-api returns no entries and /alfresco/service/api/audit/control does not list alfresco-api

Is there any other way to know which user caused a permission change?  Any help with one/all of the above steps would be very useful.

Labels:
0 Kudos
2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator

‎11-10-2016 02:42 PM

Although the name might imply it, system.auditableData does not relate to the Audit feature - it only refers to the cm:auditable aspect and the data it maintains (creation / modification user and timestamp).

Using alfresco-api should work as long as the PermissionService public service bean is properly used. Simply enabling alfresco-api is not enough though - that only produces audit data but does not record it. You need to configure an Audit application to actually record the data for the audit query to return. See audit configuration for details.

0 Kudos

arjuncbe
Champ in-the-making
Champ in-the-making
In response to afaust

‎11-24-2016 05:32 AM

Thanks. I did realise that system.auditableData controls modifying user and was looking to make the person who changed acl on a node to be modified user.

Your pointer was helpful and configuring a custom audit app to extract and then record the necessary entries solved my issue. 

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC