diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
index e5264e8139..939392423c 100644
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
@@ -120,6 +120,7 @@
       <property name="configuredFilePermissions">
          <value>${rm.haspermissionmap.write}</value>
       </property>
+      <property name="recordsManagementAuditService" ref="RecordsManagementAuditService" />
    </bean>
    <bean class="org.alfresco.util.BeanExtender">
       <property name="beanName" value="permissionServiceImpl"/>
diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/audit-service.properties b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/audit-service.properties
index f4f9ea6937..7e55d72cc7 100644
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/audit-service.properties
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/messages/audit-service.properties
@@ -14,4 +14,7 @@ rm.audit.audit-clear=Audit Clear
 rm.audit.audit-view=Audit View
 rm.audit.trail-file-fail=We couldn't generate an audit report. Check the audit details and try again, or speak with your I.T. Dept.
 rm.audit.audit-report=Audit Report
+rm.audit.set-permission=Set Permission
+rm.audit.enable-inherit-permission=Inherited Permissions Switched On
+rm.audit.disable-inherit-permission=Inherited Permissions Switched Off
 recordable-version-config=Auto-Declare Options
\ No newline at end of file
diff --git a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
index ee323cae0c..25f6fae4fd 100644
--- a/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -462,6 +462,7 @@
         <property name="authorityService" ref="AuthorityService" />
         <property name="filePlanRoleService" ref="FilePlanRoleService" />
         <property name="filePlanService" ref="FilePlanService" />
+        <property name="recordsManagementAuditService" ref="RecordsManagementAuditService" />
     </bean>
 
     <bean id="FilePlanPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -980,6 +981,7 @@
                 <![CDATA[
                 org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.registerAuditEvent=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.auditEvent=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.auditOrUpdateEvent=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.clearAuditLog=RM_CAP.0.rma:filePlanComponent.DeleteAudit
                 org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.getAuditTrail=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.getAuditTrailFile=RM_ALLOW
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditService.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditService.java
index bf1c3250f7..137414f6db 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditService.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditService.java
@@ -49,8 +49,6 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
 {
     public enum ReportFormat { HTML, JSON }
 
-
-
     /**
      * Retrieves a list of audit events.
      *
@@ -91,8 +89,8 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
      *
      * @param nodeRef   node reference
      * @param eventName event name
-     * @param before    property values before event
-     * @param after     property values after event
+     * @param before    property values before event (this must be modifiable and may be changed by the method).
+     * @param after     property values after event (this must be modifiable and may be changed by the method).
      */
     void auditEvent(NodeRef nodeRef,
             		String eventName,
@@ -104,8 +102,8 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
      *
      * @param nodeRef                      node reference
      * @param eventName                    event name
-     * @param before                       property values before event
-     * @param after                        property values after event
+     * @param before                       property values before event (this must be modifiable and may be changed by the method).
+     * @param after                        property values after event (this must be modifiable and may be changed by the method).
      * @param immediate                    true if event is to be audited immediately, false otherwise
      */
     void auditEvent(NodeRef nodeRef,
@@ -119,8 +117,8 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
      *
      * @param nodeRef                      node reference
      * @param eventName                    event name
-     * @param before                       property values before event
-     * @param after                        property values after event
+     * @param before                       property values before event (this must be modifiable and may be changed by the method).
+     * @param after                        property values after event (this must be modifiable and may be changed by the method).
      * @param immediate                    true if event is to be audited immediately, false otherwise
      * @param removeIfNoPropertyChanged    true if event is not audited when there are no properties changed, false otherwise
      */
@@ -131,6 +129,21 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
                     boolean immediate,
                     boolean removeIfNoPropertyChanged);
 
+    /**
+     * Supply incremental changes as part of an event. This will either create a new event or update the existing details to put any supplied properties into the map.
+     *
+     * @param nodeRef                      node reference
+     * @param eventName                    event name
+     * @param before                       additional property values before event (this must be modifiable and may be changed by the method).
+     * @param after                        additional property values after event (this must be modifiable and may be changed by the method).
+     * @param removeIfNoPropertyChanged    true if event is not audited when there are no properties changed, false otherwise
+     */
+    void auditOrUpdateEvent(NodeRef nodeRef,
+                            String eventName,
+                            Map<QName, Serializable> before,
+                            Map<QName, Serializable> after,
+                            boolean removeIfNoPropertyChanged);
+
     /**
      * Determines whether the RM audit log is currently enabled.
      *
@@ -153,7 +166,6 @@ public interface RecordsManagementAuditService extends RecordsManagementAuditSer
      */
     void stopAuditLog(NodeRef filePlan);
 
-
     /**
      * Clears the RM audit.
      *
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java
index 032e3c5bca..d7041ea2d9 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/audit/RecordsManagementAuditServiceImpl.java
@@ -110,7 +110,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
     private static Log logger = LogFactory.getLog(RecordsManagementAuditServiceImpl.class);
 
     private static final String ACCESS_AUDIT_CAPABILITY = "AccessAudit";
-    
+
     private static final String KEY_RM_AUDIT_NODE_RECORDS = "RMAUditNodeRecords";
 
     protected static final String RM_AUDIT_EVENT_LOGIN_SUCCESS = "Login.Success";
@@ -284,7 +284,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
     {
         this.namespaceService = namespaceService;
     }
-    
+
     /**
      * @param capabilityService capability service
      */
@@ -292,9 +292,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
     {
         this.capabilityService = capabilityService;
     }
-    
-    
-    
+
 
     /**
      * @param ignoredAuditProperties
@@ -514,40 +512,87 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
         }
         else
         {
-            Set<RMAuditNode> auditDetails = TransactionalResourceHelper.getSet(KEY_RM_AUDIT_NODE_RECORDS);
-            AlfrescoTransactionSupport.bindListener(txnListener);
-
             // RM-936: Eliminate multiple audit maps from being generated when events with the same name are required to be fired multiple times in the same transaction.
             // Check if auditDetails already contains an auditedNode with the same combination of nodeRef and eventName.
-            boolean auditNodeAlreadyExists = false;
-            for (RMAuditNode existingRMAuditNode : auditDetails)
+            RMAuditNode existingEventNode = findExistingEventNode(nodeRef, eventName);
+            if (existingEventNode != null)
             {
-                if (existingRMAuditNode.getNodeRef().equals(nodeRef) && existingRMAuditNode.getEventName().equals(eventName))
-                {
-                    // If there exists such an auditNode, update its 'after' properties with the latest set of properties and leave its 'before' properties unchanged so that it
-                    // retains the original set of properties. The first 'before' and last 'after' will be diff'ed when comes to building the auditMap later when the transaction
-                    // commits.
-                    existingRMAuditNode.setNodePropertiesAfter(after);
-                    auditNodeAlreadyExists = true;
-                    break;
-                }
+                // If there exists such an auditNode, update its 'after' properties with the latest set of properties and leave its 'before' properties unchanged so that it
+                // retains the original set of properties. The first 'before' and last 'after' will be diff'ed when comes to building the auditMap later when the transaction
+                // commits.
+                existingEventNode.setNodePropertiesAfter(after);
             }
-
-            if (!auditNodeAlreadyExists)
+            else
             {
-                // Create a new auditNode if it doesn't already exist
-                RMAuditNode auditedNode = new RMAuditNode();
-                auditedNode.setNodeRef(nodeRef);
-                auditedNode.setEventName(eventName);
-                auditedNode.setNodePropertiesBefore(before);
-                auditedNode.setNodePropertiesAfter(after);
-                auditedNode.setRemoveIfNoPropertyChanged(removeIfNoPropertyChanged);
-
-                auditDetails.add(auditedNode);
+                createAuditEventInTransaction(nodeRef, eventName, before, after, removeIfNoPropertyChanged);
             }
         }
     }
 
+    /** {@inheritDoc} */
+    @Override
+    public void auditOrUpdateEvent(NodeRef nodeRef, String eventName, Map<QName, Serializable> before,
+                Map<QName, Serializable> after, boolean removeIfNoPropertyChanged)
+    {
+        RMAuditNode existingEventNode = findExistingEventNode(nodeRef, eventName);
+        if (existingEventNode != null)
+        {
+            // Update the existing event to include all the new properties.
+            existingEventNode.getNodePropertiesBefore().putAll(before);
+            existingEventNode.getNodePropertiesAfter().putAll(after);
+        }
+        else
+        {
+            createAuditEventInTransaction(nodeRef, eventName, before, after, removeIfNoPropertyChanged);
+        }
+    }
+
+    /**
+     * Create a new audit event for this transaction.
+     *
+     * @param nodeRef The node the audit message is about.
+     * @param eventName The event.
+     * @param before The before property map to use.
+     * @param after The after property map to use.
+     * @param removeIfNoPropertyChanged Whether to remove the event if no properties have changed.
+     */
+    private void createAuditEventInTransaction(NodeRef nodeRef, String eventName, Map<QName, Serializable> before,
+                Map<QName, Serializable> after, boolean removeIfNoPropertyChanged)
+    {
+        // Create a new auditNode.
+        RMAuditNode auditedNode = new RMAuditNode();
+        auditedNode.setNodeRef(nodeRef);
+        auditedNode.setEventName(eventName);
+        auditedNode.setNodePropertiesBefore(before);
+        auditedNode.setNodePropertiesAfter(after);
+        auditedNode.setRemoveIfNoPropertyChanged(removeIfNoPropertyChanged);
+
+        // Add it to the transaction.
+        Set<RMAuditNode> auditDetails = TransactionalResourceHelper.getSet(KEY_RM_AUDIT_NODE_RECORDS);
+        auditDetails.add(auditedNode);
+    }
+
+    /**
+     * Find an audit node if it already exists for the transaction.
+     *
+     * @param nodeRef The node the event is against.
+     * @param eventName The name of the event.
+     * @return The pre-existing event node, or null if none exists.
+     */
+    private RMAuditNode findExistingEventNode(NodeRef nodeRef, String eventName)
+    {
+        AlfrescoTransactionSupport.bindListener(txnListener);
+        Set<RMAuditNode> auditDetails = TransactionalResourceHelper.getSet(KEY_RM_AUDIT_NODE_RECORDS);
+        for (RMAuditNode existingRMAuditNode : auditDetails)
+        {
+            if (existingRMAuditNode.getNodeRef().equals(nodeRef) && existingRMAuditNode.getEventName().equals(eventName))
+            {
+                return existingRMAuditNode;
+            }
+        }
+        return null;
+    }
+
     /**
      * Helper method to build audit map
      *
@@ -929,7 +974,7 @@ public class RecordsManagementAuditServiceImpl extends AbstractLifecycleBean
                     // Skip it
                     return true;
                 }
-                
+
                 if(nodeRef != null && nodeService.exists(nodeRef) &&
                     !AccessStatus.ALLOWED.equals(
                         capabilityService.getCapabilityAccessState(nodeRef, ACCESS_AUDIT_CAPABILITY)))
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
index a148063bb5..2aa8c3f03f 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -27,6 +27,9 @@
 
 package org.alfresco.module.org_alfresco_module_rm.security;
 
+import static java.util.Collections.singletonMap;
+import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority.EXTENDED_READER;
+import static org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority.EXTENDED_WRITER;
 import static org.alfresco.repo.policy.Behaviour.NotificationFrequency.TRANSACTION_COMMIT;
 import static org.alfresco.repo.policy.annotation.BehaviourKind.CLASS;
 import static org.alfresco.repo.security.authentication.AuthenticationUtil.getSystemUserName;
@@ -34,10 +37,15 @@ import static org.alfresco.service.cmr.security.OwnableService.NO_OWNER;
 import static org.alfresco.util.ParameterCheck.mandatory;
 import static org.apache.commons.lang.BooleanUtils.isTrue;
 
+import java.io.Serializable;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
+import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
@@ -48,6 +56,7 @@ import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.policy.annotation.Behaviour;
 import org.alfresco.repo.policy.annotation.BehaviourBean;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessPermission;
@@ -73,6 +82,12 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                                                       RMPermissionModel,
                                                       NodeServicePolicies.OnMoveNodePolicy
 {
+    /** An audit key for the set permission event. */
+    private static final String AUDIT_SET_PERMISSION = "set-permission";
+
+    /** An namespace to use when constructing QNames to use for auditing changes to permissions. */
+    private static final String AUDIT_NAMESPACE = "audit://permissions/";
+
     /** Permission service */
     private PermissionService permissionService;
 
@@ -91,6 +106,9 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
     /** File plan service */
     private FilePlanService filePlanService;
 
+    /** The RM audit service. */
+    private RecordsManagementAuditService recordsManagementAuditService;
+
     /** Logger */
     private static final Log LOGGER = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
 
@@ -111,6 +129,16 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                 NodeServicePolicies.OnMoveNodePolicy.QNAME,
                 TYPE_RECORD_CATEGORY,
                 new JavaBehaviour(this, "onMoveNode", TRANSACTION_COMMIT));
+
+        AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
+        {
+            @Override
+            public Void doWork() throws Exception
+            {
+                recordsManagementAuditService.registerAuditEvent(new AuditEvent(AUDIT_SET_PERMISSION, "rm.audit.set-permission"));
+                return null;
+            }
+        });
     }
 
     /**
@@ -227,6 +255,16 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         this.filePlanService = filePlanService;
     }
 
+    /**
+     * Set the RM audit service.
+     *
+     * @param recordsManagementAuditService The RM audit service.
+     */
+    public void setRecordsManagementAuditService(RecordsManagementAuditService recordsManagementAuditService)
+    {
+        this.recordsManagementAuditService = recordsManagementAuditService;
+    }
+
     /**
      * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService#setupRecordCategoryPermissions(org.alfresco.service.cmr.repository.NodeRef)
      */
@@ -340,6 +378,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
 
         final boolean hasUserPermission = authenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
         {
+            @Override
             public Boolean doWork()
             {
                 return getPermissionService().hasPermission(nodeRef, RMPermissionModel.FILING) == AccessStatus.ALLOWED;
@@ -350,6 +389,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         {
             authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>()
             {
+                @Override
                 public Void doWork()
                 {
                     getPermissionService().setPermission(nodeRef, user, RMPermissionModel.FILING, true);
@@ -365,6 +405,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
      * @param parent        parent node reference
      * @param nodeRef       child node reference
      */
+    @Override
     public void setupPermissions(final NodeRef parent, final NodeRef nodeRef)
     {
         mandatory("parent", parent);
@@ -374,6 +415,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         {
             authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
             {
+                @Override
                 public Object doWork()
                 {
                     // set inheritance
@@ -480,6 +522,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
 
         authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
         {
+            @Override
             public Object doWork()
             {
                 if (nodeService.exists(record) && nodeService.hasAspect(record, aspectTypeQName))
@@ -506,6 +549,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
 
         authenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
         {
+            @Override
             public Void doWork()
             {
                 NodeRef record = sourceAssocRef.getChildRef();
@@ -547,6 +591,7 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
     /**
      * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#setPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, boolean)
      */
+    @Override
     public void setPermission(final NodeRef nodeRef, final String authority, final String permission)
     {
         ParameterCheck.mandatory("nodeRef", nodeRef);
@@ -555,12 +600,18 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
 
         authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
         {
+            @Override
             public Void doWork()
             {
                 if (canPerformPermissionAction(nodeRef))
                 {
+                    QName auditProperty = constructAuditEventName(authority, permission);
+                    Map<QName, Serializable> oldPermission = getCurrentPermissionForAuthority(nodeRef, authority, permission, auditProperty);
                     // Set the permission on the node
                     getPermissionService().setPermission(nodeRef, authority, permission, true);
+                    // Add an entry in the audit log.
+                    recordsManagementAuditService.auditOrUpdateEvent(nodeRef, AUDIT_SET_PERMISSION, oldPermission,
+                                new HashMap<>(singletonMap(auditProperty, (Serializable) true)), true);
                 }
                 else
                 {
@@ -575,9 +626,31 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         });
     }
 
+    /**
+     * Get the current permission on a node for an authority.
+     *
+     * @param nodeRef The node.
+     * @param authority The authority.
+     * @param auditProperty The QName used as the key in the returned map.
+     * @return A map from the audit property to true or false depending on whether the user currently has permission.
+     */
+    private Map<QName, Serializable> getCurrentPermissionForAuthority(NodeRef nodeRef, String authority, String permission, QName auditProperty)
+    {
+        Set<AccessPermission> allSetPermissions = getPermissionService().getAllSetPermissions(nodeRef);
+        for (AccessPermission setPermission : allSetPermissions)
+        {
+            if (setPermission.getAuthority().equals(authority) && setPermission.getPermission().equals(permission))
+            {
+                return new HashMap<>(singletonMap(auditProperty, (Serializable) true));
+            }
+        }
+        return new HashMap<>(singletonMap(auditProperty, (Serializable) false));
+    }
+
     /**
      * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deletePermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
      */
+    @Override
     public void deletePermission(final NodeRef nodeRef, final String authority, final String permission)
     {
         ParameterCheck.mandatory("nodeRef", nodeRef);
@@ -586,12 +659,18 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
 
         authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>()
         {
+            @Override
             public Void doWork()
             {
                 if (canPerformPermissionAction(nodeRef))
                 {
+                    QName auditProperty = constructAuditEventName(authority, permission);
+                    Map<QName, Serializable> oldPermission = getCurrentPermissionForAuthority(nodeRef, authority, permission, auditProperty);
                     // Delete permission on this node
                     getPermissionService().deletePermission(nodeRef, authority, permission);
+                    // Add an entry in the audit log.
+                    recordsManagementAuditService.auditOrUpdateEvent(nodeRef, AUDIT_SET_PERMISSION, oldPermission,
+                                new HashMap<>(singletonMap(auditProperty, (Serializable) false)), true);
                 }
                 else
                 {
@@ -606,6 +685,19 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         });
     }
 
+    /**
+     * Construct a QName so that the authority and permission are visible in the log.
+     *
+     * @param authority The authority whose permission is being changed.
+     * @param permission The name of the permission being changed.
+     * @return A QName such that the local name will make sense to the end user.
+     */
+    private QName constructAuditEventName(String authority, String permission)
+    {
+        QName auditProperty = QName.createQName(AUDIT_NAMESPACE, permission + " " + authority);
+        return auditProperty;
+    }
+
     private boolean canPerformPermissionAction(NodeRef nodeRef)
     {
         return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef) || isTransfer(nodeRef) || isHold(nodeRef);
diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
index d46eafd462..826319eb73 100644
--- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -36,12 +36,15 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
+import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.repo.cache.SimpleCache;
-
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
 import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor;
@@ -67,6 +70,11 @@ import org.springframework.context.ApplicationEvent;
  */
 public class ExtendedPermissionServiceImpl extends PermissionServiceImpl implements ExtendedPermissionService
 {
+    /** An audit key for the enable permission inheritance event. */
+    private static final String AUDIT_ENABLE_INHERIT_PERMISSION = "enable-inherit-permission";
+    /** An audit key for the disable permission inheritance event. */
+    private static final String AUDIT_DISABLE_INHERIT_PERMISSION = "disable-inherit-permission";
+
     /** Writers simple cache */
     protected SimpleCache<Serializable, Set<String>> writersCache;
 
@@ -90,6 +98,26 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
     /** Permission processor registry */
     private PermissionProcessorRegistry permissionProcessorRegistry;
 
+    /** The RM audit service. */
+    private RecordsManagementAuditService recordsManagementAuditService;
+
+    /** {@inheritDoc} Register the audit events. */
+    @Override
+    public void init()
+    {
+        super.init();
+        AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
+        {
+            @Override
+            public Void doWork() throws Exception
+            {
+                recordsManagementAuditService.registerAuditEvent(new AuditEvent(AUDIT_ENABLE_INHERIT_PERMISSION, "rm.audit.enable-inherit-permission"));
+                recordsManagementAuditService.registerAuditEvent(new AuditEvent(AUDIT_DISABLE_INHERIT_PERMISSION, "rm.audit.disable-inherit-permission"));
+                return null;
+            }
+        });
+    }
+
     /**
      * Gets the file plan service
      *
@@ -120,6 +148,16 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
         this.permissionProcessorRegistry = permissionProcessorRegistry;
     }
 
+    /**
+     * Set the RM audit service.
+     *
+     * @param recordsManagementAuditService The RM audit service.
+     */
+    public void setRecordsManagementAuditService(RecordsManagementAuditService recordsManagementAuditService)
+    {
+        this.recordsManagementAuditService = recordsManagementAuditService;
+    }
+
     /**
      * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
      */
@@ -300,6 +338,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
      * @param aclId
      * @return
      */
+    @Override
     public Set<String> getReadersDenied(Long aclId)
     {
         AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
@@ -335,6 +374,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
     /**
      * @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
      */
+    @Override
     public Set<String> getWriters(Long aclId)
     {
         AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
@@ -378,12 +418,17 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
         {
             setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
         }
-        super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+        if (inheritParentPermissions != super.getInheritParentPermissions(nodeRef))
+        {
+            super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+            String auditEvent = (inheritParentPermissions ? AUDIT_ENABLE_INHERIT_PERMISSION : AUDIT_DISABLE_INHERIT_PERMISSION);
+            recordsManagementAuditService.auditEvent(nodeRef, auditEvent);
+        }
     }
 
     /**
      * Helper method to the RM admin role scoped by the correct file plan.
-     * 
+     *
      * @param nodeRef   node reference
      * @return String   RM admin role
      */
@@ -398,7 +443,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
         }
         return adminRole;
     }
-    
+
     /**
      * @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getReadersAndWriters(org.alfresco.service.cmr.repository.NodeRef)
      */
@@ -411,15 +456,15 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
         Set<String> writers = getWriters(aclId);
 
         // add the current owner to the list of extended writers
-        Set<String> modifiedWrtiers = new HashSet<String>(writers);    
+        Set<String> modifiedWrtiers = new HashSet<String>(writers);
         String owner = ownableService.getOwner(nodeRef);
-        if (StringUtils.isNotBlank(owner) && 
+        if (StringUtils.isNotBlank(owner) &&
             !owner.equals(OwnableService.NO_OWNER) &&
             authorityService.authorityExists(owner))
         {
             modifiedWrtiers.add(owner);
-        }        
-        
+        }
+
         return new Pair<Set<String>, Set<String>> (readers, modifiedWrtiers);
     }
 }