A cloud storage service implements security mechanisms to protect users data, including an access control mechanism to enable the data sharing. Thus, it is possible to define users permissions, granting the access only to authorized users. Existing solutions consider that the provider is honest but curious so that the designed mechanisms prevent the access to the files by the provider. However, the possibility of executing illegal transactions is not analyzed, and a malicious provider can perform transactions requested by unauthorized users, resulting in access control violations. In this paper, we propose monitoring and auditing mechanisms to detect these violations. As a result, new attacks are identified, especially those resulting from writing actions requested by users whose permissions were revoked. Colored Petri Nets (CPNs) are used to model and validate our proposal.