Forum Discussion

Connie_Falk_Mil's avatar
10 years ago

Audit log information and SharePoint reports

Hi,

I am trying to determine what precisely some of my DI reports are telling me. Specifically, related to the Access details report, it is my understanding that SharePoint audit logs differentiate between a "view" (e.g., going to a site or a library) and a "read" (e.g., opening an item on a site or a library), but it does not appear that DI access reports maintain that distinction- everything appears to be a "read". So the question is: does DI differentiate between "view" and "read" events in SharePoint (2010). If so, can we create a report that shows who has accessed a SharePoint site, but not read anything?  Thanks.

  • Connie:

    I think you are asking how the SharePoint events are recorded in Symantec DataInsight (SDI) and can you use those events in a report. You can certainly gain a perspective in a report on all events and marrying the event reported to the type you desire can be done consider some typical events in SharePoint like:

            {"checkout”}                              Read

            {"checkin”}                                Write  

            {"view”}                                     Read   

            {"undelete”}                               Write

            {"copy”}                         Read (on Source file)

            {"move”}                                    Rename

            {"update”}                                  Write

            {"security”}                                Security

     

    Here is a list of all the mappings:
    Note: there are unsupported types as well.

    Data Insight Access Type

    SharePoint Access Type

    Description

    Read

    CheckOut

    Check-out of the object.

    Write

    CheckIn

    Check-in of the object.

    Read

    View

    Viewing of the object by a user.

    Delete

    Delete

    Deletion of the object.

    Write

    Update

    Changing the properties of an object or creating an object.

    NOT SUPPORTED

    ProfileChange

    Change in a profile that is associated with the object.

    Delete

    ChildDelete

    Deletion of one of the child objects of the object.

    NOT SUPPORTED

    SchemaChange

    Change in the schema of the object.

    Write

    Undelete

    Restoration of an object from the Recycle Bin.

    NOT SUPPORTED

    Workflow

    Access of the object as part of a workflow.

    Read (on source file)

    Copy

    Copying of the object.

    Rename

    Move

    Move of the object.

    NOT SUPPORTED

    AuditMaskChange

    A change in the types of events that are audited for the object.

    NOT SUPPORTED

    Search

    Search on the object.

    Rename

    ChildMove

    Move of one of the child objects of the object.

    NOT SUPPORTED

    FileFragmentWrite

    A File Fragment has been written for the file.

    Security

    SecGroupCreate

    Creation of a user group for a SharePoint site collection.

    Security

    SecGroupDelete

    Deletion of a group that is associated with a SharePoint site collection.

    Security

    SecGroupMemberAdd

    Addition of a new member to a group that is associated with a SharePoint site collection.

    Security

    SecGroupMemberDel

    Deletion of a member from a group that is associated with a SharePoint site collection.

    Security

    SecRoleDefCreate

    Creation of a new role (that is, permission level) definition associated with the object.

    Security

    SecRoleDefDelete

    Removal of a role (that is, permission level) definition associated with the object.

    Security

    SecRoleDefModify

    Changing a role (that is, permission level) definition associated with an object.

    Security

    SecRoleDefBreakInherit

    Turning off inheritance of role (that is, permission level) definitions from the parent of the object.

    Security

    SecRoleBindUpdate

    Changing the permissions of a user or group for the object.

    Security

    SecRoleBindInherit

    Turning on inheritance of security settings from the parent of the object.

    Security

    SecRoleBindBreakInherit

    Turning off inheritance of security settings from the parent of the object.

    NOT SUPPORTED

    EventsDeleted

    Deletion of audited events that are connected with the object from the SharePoint database.

    Depends*

    Custom

    Custom action or event.

     *Notes: Data Insight (DI) SharePoint Agent inserts a custom event whenever  a file/folder is created. This is to generate a create event in DI since SharePoint natively does not create events.

    This will allow you to confirm the type of event you wish to report on. Some events such as READ depict differing access with the same event type. Does that answer your question or is there further explanation desired?

     

    Rod