Permission Audit Entries for Alfresco SDK community version 7.0.0

cancel
Showing results for 
Search instead for 
Did you mean: 
rkhot
Member II

Permission Audit Entries for Alfresco SDK community version 7.0.0

Hi Alfresco Team,

We are using SDK Community - 7.0.0 version of Alfresco.

We are trying to retrieve the Permission Audit Entries.
For this, we modified alfresco-global.properties as follows :

audit.enabled=true
audit.alfresco-access.enabled=true
audit.cmischangelog.enabled=true
audit.filter.alfresco-access.default.enabled=true
audit.tagging.enabled=true
audit.alfresco-access.sub-events.enabled=true
audit.dod5015.enabled=true
audit.config.strict=false
audit.filter.alfresco-access.transaction.user=~System;~null;.*
audit.filter.alfresco-access.transaction.type=cm:content;cm:folder;st:site<br>
audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.*
audit.filter.alfresco-access.default.path=/app:company_home/st:sites.*

Still, we are not able to fetch Permission Audit Entries like Modifying the Permissions for a file or folder entities.

Please advise if above settings need any changes.

Also let us know if there is any other way to enable auditing of Permissions apart from settings in alfresco-global.properties

Thanks for your cooperation.

Regards
Rahul Khot

3 Replies
cristinamr
Advanced

Re: Permission Audit Entries for Alfresco SDK community version 7.0.0

Good morning.

Could you please attach your log?

In alfresco.docs you have in detail how to enable the debug for your audit config:

Log4J configuration

Log4J settings can be added in a file tomcat/shared/classes/alfresco/extension/audit-log4j.properties (you could copy ./tomcat/shared/classes/alfresco/extension/custom-log4j.properties.sample and remove the .sample, or create the file from scratch).

To see what information is available to audit, enable the following logging:

log4j.logger.org.alfresco.repo.audit.inbound=DEBUG

This would generate logging (in alfresco.log) such as:

15:55:26,590 User:admin DEBUG [repo.audit.inbound]
Inbound audit values:
    /alfresco-node/beforeDeleteNode/node=workspace://SpacesStore/c4728f24-4a11-40f7-9062-315edf959d79
15:55:26,748 User:admin DEBUG [repo.audit.inbound]
Inbound audit values:
    /alfresco-api/post/NodeService/deleteNode/no-error=null
    /alfresco-api/post/NodeService/deleteNode/args/nodeRef=workspace://SpacesStore/c4728f24-4a11-40f7-9062-315edf959d79

 

Enable it, reproduce the problem and share with us your logs.

Cheers,

Cristina.

--
VenziaIT: helping companies since 2005! Our ECM products: AQuA & Seidoc
afaust
Master

Re: Permission Audit Entries for Alfresco SDK community version 7.0.0

In addtition to what @cristinamr wrote, please also tell us "how" you are trying to retrieve the permission audit entries, i.e. what API calls you are using and with what parameters.

rkhot
Member II

Re: Permission Audit Entries for Alfresco SDK community version 7.0.0

Hi @afaust , @cristinamr ,

We are trying to fetch the Audit Entries for Change in Permissions using following API :

https://api-explorer.alfresco.com/api-explorer/#/audit/listAuditEntriesForAuditApp

Example Scenario ==> If we change the permissions of a file or folder and call the API, we do not get any Audit Entries for Permission Changes

Please let us know if we are using the right API

Regards,

Rahul Khot