Forum Discussion
Audit logs for access attempts
Just wondering if the audit activities "Accessed file" and "Used secure link" are logged for when a user with insufficient permission to view the file/link attempts access. Or does the logging only happens on successful file access and viewing of the secure link respectively?
Thank you for posting your question here!
After performing some testing on my end to confirm, it does not appear that attempting to access a file you do not have access is sent to the Audit Log as I cannot find proof that my test user tried accessing the files that they did not have access to.
I tried accessing a file that I had no permissions on through SharePoint, a SharePoint Link, and on a file that I had the ability to see, but due to a sensitivity label, I could not open. None of these events showed up in the Audit Log under "Accessed File" or "Used secure link"
3 Replies
Thank you for posting your question here!
After performing some testing on my end to confirm, it does not appear that attempting to access a file you do not have access is sent to the Audit Log as I cannot find proof that my test user tried accessing the files that they did not have access to.
I tried accessing a file that I had no permissions on through SharePoint, a SharePoint Link, and on a file that I had the ability to see, but due to a sensitivity label, I could not open. None of these events showed up in the Audit Log under "Accessed File" or "Used secure link"
- Thank you for testing this scenario out and confirming. Much appreciated!
- Happy to help! Thank you for marking my answer!
