I cannot see audit log entries for folder access of normal users (user access to content nodes is available in the audit logs). I am using the following audit settings:
audit.alfresco-access.enabled=true audit.filter.alfresco-access.default.enabled=true audit.filter.alfresco-access.transaction.path=/app:company_home/st:sites/.* audit.filter.alfresco-access.default.path=/app:company_home/st:sites/.*
apart from these default setting provided by the repository.properties file:
# Audit configuration audit.enabled=true audit.tagging.enabled=true audit.alfresco-access.enabled=false audit.alfresco-access.sub-actions.enabled=false audit.cmischangelog.enabled=false audit.dod5015.enabled=false # Setting this flag to true will force startup failure when invalid audit configurations are detected audit.config.strict=false # Audit map filter for AccessAuditor - restricts recorded events to user driven events audit.filter.alfresco-access.default.enabled=false audit.filter.alfresco-access.transaction.user=~System;~null;.* audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.*
As I understand it the setting above should ensure that user access to folders is audit logged, but doing a
$ curl -X GET -u admin:admin 'http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/audit-entries?maxItems=100'
where a9099aa6-25eb-4b2d-98c3-f234ceaed2b8 is the nodeId of a folder just returns a single entry which is a result of the creation of the node by the admin user. The following calls from the network tab in the browser inspector reveals that the folder node actually has been visited by a normal user (username = bruce):
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?fields=isFile%2CparentId%2Cid
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/children?maxItems=2147483647&orderBy=isFolder%20desc%2Cname%20asc&include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames&includeSource=true
So I am a bit puzzled why the above folder access from the user bruce is not shown in the audit log. Any ideas why this could be?
Regular read access to nodes is not logged via alfresco-access - neither for content nor folders. The only read-access that is logged is an explicit content access, which obviously only applies to nodes of type content or which have any other type/aspect defining a content property. In the audit entry this content access should be appropriately be listed as a "readContent" action / event, not to be confused with a metadata / listing read access.
Ok - thanks a lot for clearifying this
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.