Documentum Audit Documentum Audit FacilityFacility

Documentum auditing built-in mechanism

Author: Milan Markovic

Introduction

Auditing is a security feature that allows you to monitor events that occur in a repository or application. Events are operations performed on objects in a repository or something that happens in an application.

Event types

1. System events - more than 100 predefined events (e.g dm_checkin, dm_checkout, dm_save, dm_link, dm_destroy)

2. Application events – Custom, tailored application actions occurance (performed search actions)

Audit trail

• An audit trail is the history of an audited event. Each occurrence of an audited event is recorded in one entry in an audit trail.

• dm_audittrail object

• Derived types - dm_audittrail_acl and dm_audittrail_group

dm_audittrail object

• event_name• event_source• i_audited_obj_class• audited_obj_vstamp• audited_obj_id• user_name• time_stamp• string_1• string_2• string_3• string_4• string_5• id_1• id_2• id_3• id_4• id_5

Extended user privileges

• By default, neither the Docbase owner nor the Superuser have any of these extended permissions

• The extended privileges are stored as an integer in the user_xprivileges attribute of the dm_user object.

Level Name Description

8 Config Audit User can execute the methods to start and stop auditing.

16 Purge Audit User can remove audit trail entries from the repository.

32 View Audit User can view audit trail entries.

Registering an Audit

• Every time an Audit method is successfully invoked, a new record is recorded in the dmi_registry object.

• Content Server takes care of creating the Audit Trail entries when the registered events occur.

• The responsibility of the application is to know when an Application Event has occurred and to manage the creation of Audit Trail entries. It is recommended to have specified application events in dmi_registered object so could be easily configurable.

Auditing properties

• Whether you register properties for auditing when you start auditing for the event.

• Whether the audit_old_values property in the docbase config object is set to true or false.

The default for this property is T (true).

Signing audit trail entries

• Added security feature, audit trail entries can be signed by Content Server.

• Signing an entry increases security by making it possible to detect whether the entry was changed after it was saved to the repository.

• This involves computing a hash for the contents, encrypting the hash with the Application Encryption Key (AEK) for the Content Server, and storing the encrypted hash in the audit_signature attribute of the dm_audittrail entry.

• Supports use of Electronic Signature feature

Removing audit trail entries

• Monitor the size of the audit trail carefully!

• Archive audit data that you want to keep by copying it or moving it out of the audit trail.

• Purge audit trail objects using Management Audit Trail Tool. Purging an audit trail entry is always audited. It is not possible to stop auditing this event.

Manage auditing using Documentum Administrator

Search Audit

Q&A

• Questions and Answers