Managing data security within the Spotfire Library requires strict oversight of folder permissions. When a restricted directory is suddenly exposed, or access is revoked, administrators must quickly audit who initiated the change, what folder was affected, and what specific access levels were updated.
Execute the following SQL query against your Spotfire Action Log database to extract a complete list of permission changes.

Please note that the Action log is not enabled by default. You need to enable and configure the Spotfire Server for action logging and system monitoring either from the command line or from the configuration tool.

All

Replace the ID1 = 'Your folder GUID' with the actual Folder GUID where you want to check the folder permissions changes.

---------------------------

SELECT 
    History.LOGGED_TIME,
    History.Modified_By,
    History.Permission_Action,
    History.Folder_Path,
    History.Folder_GUID,
    History.Target_Principal,
    CASE 
        WHEN History.Previous_Permission_Level IS NULL THEN 'NONE (Or No Log History)'
        ELSE History.Previous_Permission_Level 
    END AS Changed_From,
    CASE 
        WHEN History.New_Permission_Level IS NULL THEN 'NONE (Cleared/Removed)'
        ELSE History.New_Permission_Level 
    END AS Changed_To
FROM 
    (
        SELECT 
            LOGGED_TIME,
            USER_NAME AS Modified_By,
            LOG_ACTION AS Permission_Action,
            ID2 AS Folder_Path,               
            ID1 AS Folder_GUID,               
            ARG1 AS Target_Principal,         
            ARG2 AS New_Permission_Level,     
            LAG(ARG2) OVER (
                PARTITION BY ID1, ARG1 
                ORDER BY LOGGED_TIME ASC
            ) AS Previous_Permission_Level
        FROM 
            ACTIONLOG
        WHERE 
            LOG_CATEGORY = 'library' 
            AND LOG_ACTION IN ('set_group_perm', 'set_user_perm', 'clear_perm', 'remove_perm')
            -- Filter by the folder's unique, permanent GUID
            AND ID1 = 'Your folder GUID'                               ---------------------------> your folder GUID.
    ) AS History
ORDER BY 
    History.LOGGED_TIME DESC;

---------------------------

Note that the above query was tested on the MS SQL Server Spotfire action log database. 

Folder-level permission:
Access = X
Browse (+ Access) = R
Modify (+ Browse + Access)  = W
Full control = O

Disclaimer: The content of this article is for informational purposes only. The subject material may change in any new versions with no notice and there is no responsibility by CSG to maintain or support future access to this internal application content. Modification of any internal application content is not recommended and can lead to an unsupported configuration.  It is not intended to be used "As Is" in a Production environment. Always test in a Development environment.

A folder that was supposed to be restricted is suddenly visible to everyone. This article guides Spotfire administrators on how to identify which users modified the folder-level permissions in the Spotfire Library using the Action Log. It includes a pre-configured SQL Server query designed to track and decode these permission-changing events.

Doc: Action logs and system monitoring: 

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/action_logs_and_system_monitoring.html

Doc: Spotfire Server Action Log Reference:

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/action_log_reference.html

Doc: Library actions logged from Spotfire Server: 

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/library_actions_logged_from_spotfire_server.html