Auditing and the WorkFlow history list in MOSS 2007


Hello All,

Recently I was working with a customer who has MOSS 2007 and as we are making improvements to this environment I realized that they had disabled the WorkFlow Cleanup Timer Job I then discovered that they had done this becuase somebody had told them to do this so that Site Collection owners could have audit logs using those lists...sigh

This SHOULD NOT BE DONE, the lists are not secured properly to be used as Audit logs, SharePoint does audit functionality built in and that is what you should use.  Here is the meat of the e-mail I sent to my customer to help them decide how to proceed.

I highly recommend that you look at this project as a solution http://msdn.microsoft.com/en-us/magazine/cc794261.aspx


First as I have mentioned in the past Workflow history lists were never intended to be used for auditing, and do not meet security requirements as regular users could gain access and edit entries.  Along the same lines writing to a list would be unacceptable for the same reason.  Please see this article for a note about Workflow History lists http://technet.microsoft.com/en-us/library/ee662522(v=office.14).aspx.

This leaves us with two choices the OOB audit functionality that is built into SharePoint or a 3rd party tool, since this seems to be the only site that requires auditing (Please correct me if I’m wrong) I would recommend the OOB functionality as being the more cost effective choice.  Here is some relevant information about the audit functionality.

 

  1. Auditing and reporting is done at the Site Collection level

  2. OOB there is limited setting that can be modified for Auditing, but it is customizable

  3. There is an auditflag for WorkFlows which means we could gather information and then create a custom report to view that data.  We could implement this following advice in this article http://msdn.microsoft.com/en-us/magazine/cc794261.aspx NOTE: The exe in this article is not supported by Microsoft.

 

Configure audit settings for a site collection

https://support.office.com/en-US/Article/Configure-audit-settings-for-a-site-collection-c4ee05e1-2ebd-45f1-a254-d2350aa44ae0?ui=en-US&rs=en-US&ad=US

 

Events audited when audit logging is enabled (Office SharePoint Server)

http://technet.microsoft.com/en-us/library/cc824909(v=office.12).aspx

 

Custom Auditing In SharePoint

http://msdn.microsoft.com/en-us/magazine/cc794261.aspx

 

Item-Level Auditing with SharePoint Server 2007

http://msdn.microsoft.com/en-us/library/office/bb397403(v=office.12).aspx

Comments (1)

  1. Anonymous says:

    Sooooooo you have figured out that you disabled the Workflow History Cleanup timer job, and now realize

Skip to main content