Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Audit log folder access

akring
Confirmed Champ
Confirmed Champ

‎05-06-2021 08:00 AM

I cannot see audit log entries for folder access of normal users (user access to content nodes is available in the audit logs). I am using the following audit settings:

audit.alfresco-access.enabled=true
audit.filter.alfresco-access.default.enabled=true
audit.filter.alfresco-access.transaction.path=/app:company_home/st:sites/.*
audit.filter.alfresco-access.default.path=/app:company_home/st:sites/.*

apart from these default setting provided by the repository.properties file:

# Audit configuration
audit.enabled=true
audit.tagging.enabled=true
audit.alfresco-access.enabled=false
audit.alfresco-access.sub-actions.enabled=false
audit.cmischangelog.enabled=false
audit.dod5015.enabled=false
# Setting this flag to true will force startup failure when invalid audit configurations are detected
audit.config.strict=false
# Audit map filter for AccessAuditor - restricts recorded events to user driven events 
audit.filter.alfresco-access.default.enabled=false
audit.filter.alfresco-access.transaction.user=~System;~null;.*
audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site
audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.*

As I understand it the setting above should ensure that user access to folders is audit logged, but doing a

$ curl -X GET -u admin:admin 'http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/audit-entries?maxItems=100'

where a9099aa6-25eb-4b2d-98c3-f234ceaed2b8 is the nodeId of a folder just returns a single entry which is a result of the creation of the node by the admin user. The following calls from the network tab in the browser inspector reveals that the folder node actually has been visited by a normal user (username = bruce):

https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?fields=isFile%2CparentId%2Cid
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/children?maxItems=2147483647&orderBy=isFolder%20desc%2Cname%20asc&include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames&includeSource=true

So I am a bit puzzled why the above folder access from the user bruce is not shown in the audit log. Any ideas why this could be?

Labels:
0 Kudos
2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator

‎05-07-2021 03:52 AM

Regular read access to nodes is not logged via alfresco-access - neither for content nor folders. The only read-access that is logged is an explicit content access, which obviously only applies to nodes of type content or which have any other type/aspect defining a content property. In the audit entry this content access should be appropriately be listed as a "readContent" action / event, not to be confused with a metadata / listing read access.

akring
Confirmed Champ
Confirmed Champ
In response to afaust

‎05-10-2021 06:41 AM

Ok - thanks a lot for clearifying this

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC