A customer came up with a requirement that they wanted to know and get the audit log of the following activities happening their environment:
- Users/Groups added/modified in the People and Groups list of the site.
- Any modification in the Site Collection Administrator section.
- User/Groups permission change in the Advanced Permissions section.
In MOSS 2007, to view the audit log for security related operations is a two step process.
- Enable the audit log for a specific entity
- Under Site Collection Administration, click on Site collection audit settings
- Select “Editing users and permissions” option.
- From now on SharePoint will start storing the audit log in its database.
- Write a custom application using the SharePoint Audit APIs to view the audit log.
- Use SPAuditQuery class to query the audit log for a site collection.
- Use SPAuditEventType enumeration to know the type of the event.
- SPAuditEntry.EventData contains the event related data in XML format which can be used to identify the actionable objects and their related objects. The MSDN article contains the detail of what EventData object can contain and explanation of the Audit Event Type data
Here the sample code which will help you understand the audit entries and the event data associated with it.
As always… Happy Coding