tags:

views:

1240

answers:

3
+2  Q: 

SharePoint site security: how can I programmatically monitor changes?

I have a case where if a SharePoint site owner decides to break permissions inheritance and directly manage site membership, I'd also like to correspondingly modify view permissions on items in a specific list in the top-level site. How can I best catch those changes so I know when to apply the appropriate changes to the list items? I'd like to have some C# code be notified when a site's permissions are changed so I can programmatically modify the appropriate list item permissions.

+1  A: 

The best way to do this (unfortunately) is to periodically query all of the sites and check to see if inheritance is disabled. I had a similar problem and used powershell scripting to create a report on site security. If you haven't used Powershell before, don't be intimidated. The syntax is VERY similar to C#.

jwmiller5  2008-12-08 14:49:22
A: 

You can use SharePoint auditing to monitor permission changes. It will track changes down to item level. The downside is that you have to turn this feature on and it will hurt performance somewhat.

As for notification, I don't think auditing tells you about changes. I'm pretty sure you would need to poll the audit log.

There's heaps of information about auditing in this article on MSDN.

Alex Angas  2008-12-08 17:24:03
A: 

Another approach which I think might do a very good job of this is to use the SharePoint ChangeLog. Bascially, this is used by SharePoint during indexing, with the log telling the gatherer exactly what has changed, and what should be indexed during an incremental crawl.

When you have a permission change, then this should be picked up during an incremental crawl. The ChangeLog has specific parameters that can be passed to identify changes to permissions. Take a look here at the SPChangeQuery Class:

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spchangequery.aspx

Specifically you can look for ChangeTypes: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spchangetype.aspx

Including: AssignmentAdd AssignmentDelete MemberAdd MemberDelete ...and more

Daniel McPherson  2009-08-05 10:46:14

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security