Monday, May 21, 2012

Update Site Collection Audit setting without overwriting

 

SharePoint Server provides the auditing capabilities which allow you to track all activities that occur within the environment. The site collection administrator can set auditing requirements within the environment that determine the types of actions that should be tracked.

Reports are then available that can be used to review the logged events. These reports could also be used to create any needed audit reporting or statistics. You can also control the size of audit information that can be logged over the time.

To turn on auditing feature on your Site Collection form UI, follow these steps:

  1. Navigate to the Site Settings page for the top-level site in the site collection.
  2. Click on Site Actions > Site Settings.
  3. Click on “Site Collection Audit Settings” link from Site Collection Administration section.
  4. On the Configure Audit Settings page, identify any audit log trimming settings,
    and select the items to audit:
    • In the Audit Log Trimming section: turn on sizing by specifying the proper values
    • In the Documents and Items section, check the boxes in front of the events
      to audit which can include the following:
      • Opening or downloading documents, viewing items in lists, or viewing item properties
      • Editing items
      • Checking out or checking in items
      • Moving or copying items to another location in the site
      • Deleting or restoring items
    • In the Lists, Libraries, and Sites section, check the boxes in front of the items
      to audit which can include the following:
      • Editing content types and columns
      • Searching site content
      • Editing users and permissions
  5. Click ok to change to update setting.

From Code behind:

Sometimes we want to change these settings from code behind like event Receiver or timer Job. To change the Setting in code behind is very simple and following code does the job for us:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
     using (SPSite Site = new SPSite(“http://someURL/”))
     {
          using (SPWeb Web = site.OpenWeb())
          {
               site.AllowUnsafeUpdates = true;
               site.Audit.AuditFlags = SPAuditMaskType.All;
               // site.Audit.AuditFlags = SPAuditMaskType.None;
               // site.Audit.AuditFlags = SPAuditMaskType.Delete | SPAuditMaskType.View;
               site.Audit.Update();
               site.AllowUnsafeUpdates = false;
          }
     }
});

This piece of code allows us to set new auditing setting for our site collection by overwriting the existing setting i.e. Audit Flags.

From Code behind without overwriting:

Let’s take an example where we want to audit delete and view events in our Site if and only if current Site Collection does not support for it. If we simply use above code it will destroy the previous setting and overwrite with delete and view setting. in real time we want to append the auditing of Delete and View Event to the existing one if already not present.

so first task is to find out the Delete or View flag is already present or not. Since the data type of AuditFlags is enum, we cannot use it like ArrayList or Generic List. To do so let’s examine the SPAuditMaskType enum to specify the audit Flags form Microsoft.Sharepoint Library.

Imp: The enum stores values in a bitwise fashion. hence we can provide more than one value to the enum object by separating with Pipe (|)

namespace Microsoft.SharePoint
{
    // Summary:
    // Specifies what kind of actions and events are being audited for a particular
    // site collection, site, list, folder, or list item object.
    public enum SPAuditMaskType
    {
        All = -1,
        None = 0,
        CheckOut = 1,
        CheckIn = 2,
        View = 4,
        Delete = 8,
        Update = 16,
        ProfileChange = 32,
        ChildDelete = 64,
        SchemaChange = 128,
        SecurityChange = 256,
        Undelete = 512,
        Workflow = 1024,
        Copy = 2048,
        Move = 4096,
        Search = 8192
    }
}

So we need to check Delete is already specified or not using the bitwise operation like (& operator)

if (!((site.Audit.AuditFlags & SPAuditMaskType.Delete) == SPAuditMaskType.Delete))
{
   site.Audit.AuditFlags |= SPAuditMaskType.Delete;
}


If not present then we can append using “|” operator as above.

No comments: