Audit log information and SharePoint reports

Hi,

I am trying to determine what precisely some of my DI reports are telling me. Specifically, related to the Access details report, it is my understanding that SharePoint audit logs differentiate between a "view" (e.g., going to a site or a library) and a "read" (e.g., opening an item on a site or a library), but it does not appear that DI access reports maintain that distinction- everything appears to be a "read". So the question is: does DI differentiate between "view" and "read" events in SharePoint (2010). If so, can we create a report that shows who has accessed a SharePoint site, but not read anything?  Thanks.

1 Reply
Highlighted

Connie: I think you are

Connie:

I think you are asking how the SharePoint events are recorded in Symantec DataInsight (SDI) and can you use those events in a report. You can certainly gain a perspective in a report on all events and marrying the event reported to the type you desire can be done consider some typical events in SharePoint like:

        {"checkout”}                              Read

        {"checkin”}                                Write  

        {"view”}                                     Read   

        {"undelete”}                               Write

        {"copy”}                         Read (on Source file)

        {"move”}                                    Rename

        {"update”}                                  Write

        {"security”}                                Security

 

Here is a list of all the mappings:
Note: there are unsupported types as well.

Data Insight Access Type

SharePoint Access Type

Description

Read

CheckOut

Check-out of the object.

Write

CheckIn

Check-in of the object.

Read

View

Viewing of the object by a user.

Delete

Delete

Deletion of the object.

Write

Update

Changing the properties of an object or creating an object.

NOT SUPPORTED

ProfileChange

Change in a profile that is associated with the object.

Delete

ChildDelete

Deletion of one of the child objects of the object.

NOT SUPPORTED

SchemaChange

Change in the schema of the object.

Write

Undelete

Restoration of an object from the Recycle Bin.

NOT SUPPORTED

Workflow

Access of the object as part of a workflow.

Read (on source file)

Copy

Copying of the object.

Rename

Move

Move of the object.

NOT SUPPORTED

AuditMaskChange

A change in the types of events that are audited for the object.

NOT SUPPORTED

Search

Search on the object.

Rename

ChildMove

Move of one of the child objects of the object.

NOT SUPPORTED

FileFragmentWrite

A File Fragment has been written for the file.

Security

SecGroupCreate

Creation of a user group for a SharePoint site collection.

Security

SecGroupDelete

Deletion of a group that is associated with a SharePoint site collection.

Security

SecGroupMemberAdd

Addition of a new member to a group that is associated with a SharePoint site collection.

Security

SecGroupMemberDel

Deletion of a member from a group that is associated with a SharePoint site collection.

Security

SecRoleDefCreate

Creation of a new role (that is, permission level) definition associated with the object.

Security

SecRoleDefDelete

Removal of a role (that is, permission level) definition associated with the object.

Security

SecRoleDefModify

Changing a role (that is, permission level) definition associated with an object.

Security

SecRoleDefBreakInherit

Turning off inheritance of role (that is, permission level) definitions from the parent of the object.

Security

SecRoleBindUpdate

Changing the permissions of a user or group for the object.

Security

SecRoleBindInherit

Turning on inheritance of security settings from the parent of the object.

Security

SecRoleBindBreakInherit

Turning off inheritance of security settings from the parent of the object.

NOT SUPPORTED

EventsDeleted

Deletion of audited events that are connected with the object from the SharePoint database.

Depends*

Custom

Custom action or event.

 *Notes: Data Insight (DI) SharePoint Agent inserts a custom event whenever  a file/folder is created. This is to generate a create event in DI since SharePoint natively does not create events.

This will allow you to confirm the type of event you wish to report on. Some events such as READ depict differing access with the same event type. Does that answer your question or is there further explanation desired?

 

Rod