I have been struggling for a while trying to understand why the Content DB API throws me a pretty FdkException mentioning an ACCESSDENIED error when performing an audit search on a custom audit specification.
Here is my scenario:
(i) I have created a custom audit specification via scriptdriver.sh on a library.
It basically does audit on document events such as DOCUMENT_CREATED, DOCUMENT_UPDATED and so forth. So far so good.
(ii) Then, I have done a couple of document creations to fill the audit trail.
(iii) Try to search against audit history on DOCUMENT_CREATED with orcladmin with the API. Everything went ok.
(iv) Now I am desperately trying to search audit events with another user where ADMINISTRATOR role was granted on the library that holds audit specification. Of course, I have switcheded to admin mode operations (back and forth) when calling searchAuditHistory method. Despite this, the audit manager throws me a classical ACCESS DENIED error! Ok, I initially though that the target documents were moved in another place where my user does not have rights (it happened in the past but actually it should not be related anyhow). But obviously not, I am just trying to look up events at the right place.
As far as I can read in the documentation, audit history should be accessible to any user if and only if this user owns the "getAuditHistory" permission which is likely the case for Administrators.