View the audit log

The audit log is your organization’s administrative history, including changes to user accounts, user roles, and more. Audit logs are available in intervals of 30, 60, and 90 days.

To view an audit log:

  1. Switch to the organization where you want to view audit logs.

  2. Click Settings, and then click Security.

  3. In the Audit Logs section, click Download as CSV, and then select the audit log interval to download (30, 60, or 90 days).

The audit log includes the following fields:

  • typename: The log record type, such as AuditEvent.

  • actionResult: The outcome of the event, such as SUCCESS.

  • userID: The UUID of the user who triggered the event.

  • event: Detailed event data, such as the response from the underlying API call associated with the event.

  • eventTime: The date and time that the event occurred in the format YYYY-MM-DDTHH:MM:SS.SSSZ.

  • eventType: The event category. Possible eventTypes include the following:

    • ACCEPT_USER_TO_ORGANIZATION: A user accepted an invitation to an organization.

    • ADD_SAML_IDP: Added an SSO identity provider configuration in active (enabled) status.

    • COPY_ROLE: Copied an existing role.

    • CREATE_ORG: Created an organization.

    • CREATE_ROLE: Created a role.

    • CREATE_USER: Created a user account.

    • DELETE_IDP: Deleted an SSO identity provider configuration.

    • DELETE_ORG: Deleted an organization.

    • DELETE_ROLE: Deleted a role.

    • DELETE_TOKEN_FOR_CLIENT: Deleted an application token.

    • DELETE_USER: Deleted a user account.

    • DISABLE_IDP: Deactivated an SSO identity provider configuration.

    • DISABLE_ORG_SSO: Deactivated SSO functionality for an organization. This happens if there are no active SSO IdP configurations.

    • ENABLE_IDP: Activated an SSO identity provider configuration.

    • ENABLE_ORG_SSO: Activated SSO functionality for an organization. This happens if there is at least one active SSO IdP configuration.

    • GENERATE_TOKEN_FOR_CLIENT: Created an application token.

    • INVITE_USER_TO_ORGANIZATION: Invited a user to an organization.

    • PREP_NEW_IDP: Added an SSO IdP configuration in draft (inactive) status.

    • PROVISION_SSO_USER_INTO_ORGANIZATION: SSO IdP provisioning added a user to an organization.

    • REMOVE_USER_FROM_ORG: Removed a user from an organization.

    • REVOKE_INVITATION: Cancelled a pending user invitation.

    • UPDATE_IDP: Edited an SSO IdP configuration.

    • UPDATE_ROLE: Edited a role.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com