Posted on 2011-04-21
As we know in SharePoint, there's an audit log of everything that happens.
When I was describing this capability to someone, they asked me if an administrator can turn the log off, sneak in and snoop in user files, then turn it back on, and subsequently have no record of the fact that the administrator snooped. Is this true?
The reason I ask is that we're having the inevitible situation where some user is realizing that an IT user can get to people's files. I was describing to them that this is not an uncommon situation in IT, and explaining that this is why we a framework and procedures in place to counterbalance this risk. Things like:
-Background Investigations on new hires, and 5 year check-ins on existing employees
-SharePoint Audit logs, server logs, network logs, etc
-and not letting any one person be a single point of failure for any given system
So they challeneged the notion of Audit Logs speculating that an admin could go in turn logging off, do something michevious, and then turn logging back on.
1) Is this a weakness?
2) Are there any other ways that you mitigate this inevitible "risk"