Maximizing Security and Insight with Documentum Audit Management

by Sandeep Beniwal, on Mar 11, 2024 5:17:00 PM

Key takeaways from this blog:

  • Granular Security: Documentum's Audit Management provides a granular approach to security, allowing organizations to track and monitor events with precision.
  • Strategic Insights: Beyond security, the tool offers strategic insights into user behavior and workflow efficiency, fostering informed decision-making.
  • Tailored Auditing: Organizations can tailor their auditing approach to match specific needs, ensuring robust security aligned with unique requirements.

What is Documentum Audit Management?


In the realm of document management and security, Documentum Audit Management stands as an alert beacon, keeping a vigilant watch over every event within a repository or application. Let's uncover the layers of this powerful tool and explore how it not only ensures security but also offers unparalleled insights into organizational workflows.

Understanding the Scope of Audit Information:

Audit information serves a myriad of purposes, offering the ability to:

  • Analyze access patterns to objects.
  • Monitor critical document changes and status updates.
  • Track specific user activities.
  • Record events on particular objects or object types.
  • Capture workflow-related events.
  • Document executions of specific jobs.
  • Record all events in the repository.

It's essential to note that effective audit management requires extended user privileges, and the Audit Management page can be accessed through the Administration menu.

Audit events:

An event is something that happens to an object in the repository, or an operation defined as an event by a user-written application. There are two types of events:

  • System events:

System events are events that Content Server recognizes and can audit automatically. For example, checking in a document can be an audited system event. When an audited system event occurs, Content Server automatically generates the audit trail entry. Documentum provides a large set of system events that are associated with API methods, lifecycles (business policies), workflows, and jobs.

  • Application events:

Application events are events that are recognized and audited by client applications. For example, a user opening a particular dialogue can be an audited application event. To audit application events, an application must recognize when the event occurs and create the audit trail entry programmatically. Application events are not recognized by Content Server.

The Anatomy of Audit Trails:

An audit trail is a recorded history of event occurrences that have been marked for auditing. Each occurrence is recorded in one audit trail record. The server stores audit trail records as objects in the repository. Auditing an event stores pertinent data in the audit trail object, such as when the event occurred and what object was involved. Audit trail entries are generated after auditing is set up and can consume considerable space in the repository. Therefore, audit trail entries should be removed from the repository periodically.

Audit Properties:

Once the properties are registered, the property name and new value are recorded in the attribute list property of the audit trail entry. Old property values are only included automatically if the audit old values property in the docbase config object is enabled. The property name and old value are recorded in the attribute_list_old property of the audit trail entry. The audit_old_values property is enabled by default. If the audit_old_values property is disabled, the audit trail entry does not record changes to properties unless they are specifically registered for auditing when the event is registered. Aspect attributes can also be audited. Auditing is available for aspect attributes, attached to SysObject, user, group, and acl objects, and any of their associated subtypes; Auditing aspect attributes requires that auditing is also enabled for the object type or subtype.

Default Audited Events:

Content Server audits the following events by default:

  • dm_audit and dm_unaudit - All executions of methods that register or unregister events for auditing.
  • dm_signoff - All executions of a IDfPersistentObject.signoff method.
  • dm_adddigsignature - All executions of an addDigitalSignature method. By default, audit trail entries are created.
  • dm_adddigsignature event are not signed by Content Server. To sign those entries, register the event explicitly for auditing and set the argument to require signing.
  • dm_addesignature and dm_addesignature_failed - All executions, successful or unsuccessful of an addESignature method. The audit trail entries for the dm_addesignature event are signed by Content Server automatically.
  • dm_purgeaudit - Removal of an audit trail entry from the repository. A dm_purgeaudit event is generated whenever a destroy method is executed to remove an audit trail entry from the repository or a PURGE_AUDIT administration method is executed. All dm_purgeaudit events are audited.
  • User login failure
  • dm_default_set - A default set of events on objects of type dm_document and its subtypes. This event is registered against the docbase config object, and Content Server audits the events in the set for dm_document type and its subtypes.

Configuring Auditing:

Documentum offers three approaches to auditing:

  • Auditing by Object Type: Creates audit trails for events on all objects of a specific type.
  • Auditing by Object Instance: Creates audit trails for events on a particular object.
  • Auditing by Selected Events for All Objects: Adds or removes auditing events for all objects in the repository.

Audit Management Job:

The Audit Management tool automates the removal of unneeded audit trail entries, enhancing performance. It runs under the Documentum installation owner's account and requires Purge Audit privileges. Guidelines for configuring cutoff days and custom predicates help manage the deletion of audit trail objects efficiently.

To summarize:

Documentum's Audit Management is a powerful tool for organizations seeking to bolster security, monitor activities, and gain insights into their repositories. By understanding the nuances of auditing, organizations can tailor their approach to meet specific security and compliance requirements. Regular maintenance and thoughtful configuration ensure that audit trails remain effective without overwhelming the repository. With security and strategic insights at its core, Documentum Audit Management emerges as a cornerstone in the realm of document management systems.

Next Reading

Topics:Enterprise Content Management (ECM)

Subscribe to Blogs