Alfresco Content Auditing : Tracking Made Smarter

Alfresco Content Auditing : Tracking Made Smarter

Alfresco today has become a synonym for document management system. Enterprises are moving towards the goal of going paperless. So it has become imperative for small to large scale enterprises to seek refuge in such a document management system. Document management is crucial but there are several other factors relating to a document. One such important factor is content auditing. Auditing is basically about keeping tracks and records as to keep a track so as to who and when is someone making even a single change in a specific document.

Before jumping into the concept of auditing, you first must be aware of the term curation. The term curation in terms of documentation basically implies to having an original document and being able to change the content of that document as per their requirement, purpose or necessity. But then at the same time there must be a provision to keep a track of all the changes and so as to who made those changes? ‘Metadata’ is what helps us in this – the metadata of the document usually shows the detail of the document like who is the author, when was it created and more as per requirement. This ability to keep track of documents is Alfresco auditing. It provides features to give you a detailed history of who and when changes were made in the document ensuring the credibility of the information as well as security.

How Alfresco supports Auditing?

Alfresco provides this unique auditing feature to track user activities on a document as per our requirement. The basic architecture is as follows:
Alfresco Content Auditing

  • 1. Data Producers: This entity generates the data that needs to be audited, but they have no clue where the data is supposed to be stored.
  • 2. Data Extractor: These components are present to take input and provide an output (which may or may not be transformed). One such simple example of an extractor is SimpleValueDataExtractor.
  • 3. Data Generators: These entities also produce audit data when datapath is active but it is not entirely dependent on data path value.
    org.alfresco.repo.audit.generator and beans auditModel.generator.* declared in alfresco/audit-services-context.xml contains a full list of all such DataGenerators present in alfresco.
  • 4. Audit Services: It is very important to retrieve data from the database. After the data is stored in Alfresco it is important that it can be retrieved from the database to generate report or display it on the dashlet directly.
  • 5. Data Paths: These are basically the mappings of audit data with application. Whenever a particular path from application is active or it is being invoked then the respective auditing component is invoked and will track auditing data.

Enabling Auditing:

To enable auditing permanently you have to go to the alfresco-global.properties file and set – audit.alfresco-access.enabled=true

  • Auditing is enabled by default. The audit.enabled property provides a way to enable or disable the auditing framework. Enabling this property however does not imply that it will necessarily result in the generation of audit data.
  • To enable the audit data generation you will need to enable the audit.alfresco-access.enabled property.
  • Once the global properties file have been configured and saved, you need to restart the Alfresco server, for auditing to be fully enabled.
  • You can check the status of auditing conveniently from the command line by using a tool such as curl to access the Audit Control web script.

curl -u admin:password “http://localhost:8080/alfresco/service/api/audit/control”

A detailed view of content auditing:

  • Alfresco can be used to audit actions performed on your content and folders as well. In accordance to the architecture described above the data producer-
    org.alfresco.repo.audit.access.AccessAuditor gathers together lower events into user recognizable events. For example the download or preview of content are recorded as a single read. Similarly the upload of a new version of a document is recorded as a single create version. On the contrary, AuditMethodInterceptor data producer would be recording multiple events.
  • A default audit configuration file located at /WEB-INF/classes/alfresco/audit/alfresco-audit-access.xml. is provided that persists audit data for general use. It can be configured to extract additional data of interest. For ease of use, the login success, login failure and logout events also persist by the default configuration.
  • Default audit filter settings are also provided for the AccessAuditor data producer, so that internal events are not reported. These settings may be customized (by setting global properties) to include or exclude auditing of specific areas of the repository, users or some other value included in the audit data created by AccessAuditor.
  • No additional functionality is provided for the retrieval of persisted audit data, as all data is stored in the standard way, so is accessible via the AuditService search, audit web scripts, database queries and Alfresco Explorer show_audit.ftl preview.
    • A simple example of an audit trail are as follows:
      To create a new folder called My Documents/alfresco-access/transaction/action=CREATE
      /alfresco-access/transaction/aspects/add=[cm:titled]
      /alfresco-access/transaction/path=/app:company_home/st:sites/cm:mysite/cm:documentLibrary/cm:My Documents
      /alfresco-access/transaction/properties/add=…
      /alfresco-access/transaction/sub-actions=createNode updateNodeProperties addNodeAspect
      /alfresco-access/transaction/type=cm:folder
      /alfresco-access/transaction/user=admin
  • The audit trail of individual content may be viewed from within Alfresco Explorer. Locate the content and select the option “Preview in Template”, using the show_audit.ftl preview.

Then what is versioning all about..

Talking about auditing we come across a general query i.e. what if a lot of changes were made and we needed the previous document for comparison as well. That is the moment which gives rise to the concept of versioning. When you make changes in a document then according to your need a prior few version of your documents can be saved.

The content in Alfresco DM is not generally marked as ‘versionable’ by default when new content is added. The content must be specifically marked as being versionable before versions can be created. Using the Alfresco Explorer (JSF client UI) you can select “View Details” on a content item and then “Version History -> Allow Versioning” (or you can “Run Action -> Add aspect to item” and select “Versionable”).

Thus Alfresco has these impressive features of auditing and versioning all under one roof which not only ensures credibility but also the security of data in a way that most enterprises may find helpful.

The following two tabs change content below.
Pratyush Kumar

Pratyush Kumar

Co-Founder & President at Algoworks, Open-Source | Salesforce | ECM
Pratyush is Co-Founder and President at Algoworks. He is responsible for managing, growing open source technologies team and has spearheaded more than 200 projects in Salesforce CRM alone. He provides consulting and advisory to clients looking for services relating to CRM(Customer Relationship Management) and ECM(Enterprise Content Management). In the past, Pratyush has held consulting roles with various global technology leaders, such as Globallogic & HCL in India. He holds an Engineering graduate degree from Indian Institute of Technology, Roorkee.
Pratyush Kumar

Latest posts by Pratyush Kumar (see all)

Pratyush KumarAlfresco Content Auditing : Tracking Made Smarter