Audit Logs API Events and Event Types

  • 19 January 2024
  • 0 replies
  • 144 views

Userlevel 3
Badge +3

When you call the Audit Log API to return specific data on your user activity in Pigment, it returns audit events. The audit event is a JSON with standard fields and a payload containing details that vary depending on the event type. This article describes audit event structures, and provides details on the event types that occur in your Pigment Workspace. 

For more information on the Audit Logs API, check out these topics: 

 

All audit events returned by the Audit Logs API has a standard structure. You can read more details about this in the article Calling the Audit Log API.  The following is a list of event types returned by the Audit Logs API. 

User Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
UserInvited

User invited into the organization.

If the user is invited into the organization, and SAML SSO is configured,  then you can interpret this event to mean that the user is activated.

2024-01-01
{
"id": "ABC124",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}
UserAccountTypeUpdated

The user account type changed.

Any changes to the Workspace Primary Owner account type is not logged here. 

2024-01-01
{
"userId": "ABC123",
"userName": "John Doe",
"userEmail": "JOHN.DOE@ACME.COM",
"newAccountType": "Workspace Admin",
"previousAccountType": "Builder"
}
UserDeactivated

User deactivated.

This event is logged either through the member’s page or through SCIM provisioning.

2024-01-01
{
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}

 

UserReactivated

User reactivated following their account being deactivated.

This event is logged either through the member’s page or through SCIM provisioning.

2024-01-01
{
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}

 

UserPasswordChanged

A user reset their password.

This event only appears if the user performs an action using the reset password email.

If the password is reset administratively, this event won’t appear. An example of this would be when a user can’t receive password reset emails, and is provided with a temporary password.

2024-01-01
{
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}

 

UserLoggedIn

User logged into the Pigment Workspace. Pigment Support Account does not generate this event (there is the event SupportSessionStarted instead). 

2024-01-01 No payload is available for this event because the event is generated for the actor.
UserLoggedOut User logged out of the Pigment Workspace. Pigment Support Account does not generate this event. 2024-01-01 No payload is available for this event because the event is generated for the actor.
SupportSessionStarted Pigment Support account has started a session in the Workspace.  2024-02-05 No payload is available for this event because the event is generated for the actor.

 

Group Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
UserGroupCreated A Group was created. 2024-01-01
{
"id": "ABC123",
"name": "My Group"
}

 

UserGroupDeleted A Group was deleted. 2024-01-01
{
"id": "ABC123",
"name": "My Group"
}
UserGroupMembershipUpdated A member was added to or removed from a Group from the Groups page.

If the member was added to the Group, the details of the group will be in the field called newGroup.

If the member was removed from the Group, the details of the group will be in the field called previousGroup.
2024-01-01
{
"userId":"ABC123",
"userEmail":"JOHn.DOE@ACME.COM",
"newGroup":
{
"id":"ABC123",
"name":"My Group"
}
}

 

UserGroupApplicationRoleUpdated A Group was assigned to a Role in an Application or removed from a Role in an Application from the Groups page, or the Application Role was changed.

When an Application Role is removed from a Group, the payload will only contain the group and application fields - no record of the removed Application Role will be logged.
2024-01-01
{
"group":
{
"id":"ABC123",
"name":"My Group"
},
"application":
{
"id":"ABC123",
"name":"My Application"
},
"previousApplicationRole":"Admin",
"newApplicationRole":"Modeler"
}

 

View Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
ViewAccessed

Whenever a Member lands on a View in a Metric, Table, Dimension or Transaction List, this event is logged.

It’s logged even if the View is used in a widget on a Board.

Even if the Member doesn’t have the required Access Rights set up on the View, but obtains a URL to land on the View, this action is logged.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "View 1",
"application": {
"id": "ABC123",
"name": "My Application"
},
"entityType": "View",
"block": {
"id": "ABC123",
"name": "My Metric"
}
}
}
ViewCreated

A view was created in Pigment.

The event will appear with the BlockCreated event, as a view is also created whenever a Block is created.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
}
}

 

ViewUpdated

A view configuration was updated.

There’s a parameter in the payload type which uses these values to specify updates:

  • settings: Formatting, configuration change, pivoting.
  • rename: View was renamed.

There can be multiple unique ViewUpdated events logged from a single action, depending on the type update that occurred on the Pigment View.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
},
"type": "Settings"
}

 

ViewDeleted

A view was deleted.

No corresponding deleted view event is available when a Block is deleted.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
}
}

 

 

Temporary Views in Pigment

Certain actions in Pigment can result in events from temporary Views being logged. For example, this can happen when you use the Formula Playground, or create a draft View, which is not saved,  and then share the View URL with another Member in the Application.

You can identify these from the name of the View from within the entity. It has a suffix containing a random ID. In the example below, the suffix is 111aa1a1:

{
"entity":
{
"id":"ABC123",
"name":"My View - 111aa1a1",
"application":
{
"id":"ABC123",
"name":"test app"
},
"entityType":"View",
"block":
{
"id":"ABC123",
"name":"My Metric"}
}
}

 

Metric Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
MetricCreated

A Metric was created. 

If the Metric is a security Metric, it has the following additional parameter settings:

  • isSecurityBlock: This value is true.
  • dataType: This is one of the following: 
    BlockDataType_Permissions
    BlockDataType_AccessRights
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}

 

MetricUpdated

A Metric was updated, for example, renamed. 

The type of update is specified in the type parameter:

  •  rename: Metric was renamed.
  •  settings: Metric configuration changed, for example Block settings. 
  • formula: Formula on the Metric was changed.

If the Metric is a security Metric, it has the following additional parameter settings:

  • isSecurityBlock: This value is true
  • dataType: This is one of the following: 
    BlockDataType_Permissions
    BlockDataType_AccessRights
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "test app"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
},
"type": "Settings"
}

 

MetricDeleted A Metric was deleted.
 

If the Metric is a security Metric, it has the following additional parameter settings:

  • isSecurityBlock: This value is true
  • dataType: This is one of the following: 
    BlockDataType_Permissions
    BlockDataType_AccessRights
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}

 

MetricDataChanged

The data in a metric changed due to an input or import. 

If the Metric is a security Metric, it has the following additional parameter settings:

  • isSecurityBlock: this value is true.
  • dataType: this is one of the following: 
    BlockDataType_Permissions
    BlockDataType_AccessRights
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}

 

 

Temporary Metrics in Pigment

Using the Formula Playground in Pigment can result in the audit trail logging Metric events on temporary metrics. You can identify these from the name of the Metric from within the entity . It has a prefix Formula Playground.
For example:

{
"entity":
{
"id":"ABC123",
"name":"Formula Playground ABC123",
"application":
{
"id":"ABC123",
"name":"My App"
},
"entityType":"Metric"
},
"settings":
{
"isSecurityBlock":false,
"dataType":"BlockDataType_Number"
}
}

 

Table Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
TableDeleted A Table was deleted. 2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}

 

TableCreated A Table was created. 2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}

 

TableUpdated

A Table was updated, for example a Metric was added. 

The type of update is specified in the update_type parameter:

  •  rename: Dimension List was renamed.
  •  settings: Table settings updated, for example Metrics changed. 
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "test app"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}

 

 

Boards Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
BoardUpdated

A board was updated, for example, adding a widget, and so on. 

When the permissions on a Board is updated, this event is also logged.

2024-01-01
 {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}

 

BoardCreated A board was created. 2024-01-01
 {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}
BoardDeleted A board was deleted. 2024-01-01
 {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}

 

List Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
DimensionListCreated

A Dimension List was created. 

If the Dimension is a Role dimension, there will be an additional parameter setting:

  • isSecurityBlocktrue.
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}

 

DimensionListUpdated

A Dimension List was updated.

The type of update is specified in the update_type parameter:

  •  rename: Dimension List was renamed.
  •  settings: List settings updated, for example properties added. 
  • Block settings. 
  • formula: Formula on the List property was changed.

If the dimension is a Role dimension, it has the following additional parameter setting:

  • isSecurityBlock:  true
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My Ap"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}

 

DimensionListDeleted A Dimension List was deleted.
 

If the dimension is a Role dimension, it has the following additional parameter setting:

  • isSecurityBlock:  true
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}

 

DimensionDataChanged

The data on a Dimension changed, for example, due to an input or an import.

This event is also logged if the order of items on a List was changed.

If the dimension is a Role dimension, it has the following additional parameter setting:

  • isSecurityBlocktrue
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}

 

TransactionListCreated A Transaction List was created. 2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My Application"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
}
}

 

TransactionListDataChanged The data on a Transaction List changed, for example, due to an input or an import.

This event is also logged if the order of items on a List was changed.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
}
}

 

TransactionListDeleted A Transaction List was deleted. 2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}

 

TransactionListUpdated

A Transaction List was updated.

The type of update is specified in the update_type parameter:

  •  rename: Dimension List was renamed.
  •  settings: List settings updated, for example properties added. 
  • Block settings. 
  • formula: Formula on the List property was changed.
2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}

 

 

API Key Management Event Types

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
APIKeyCreated

An API key was created.

This applies for all API key types.

The type field specifies the key type:

  • SecurityAudit - Audit Logs API key
  • Import - Import API key
  • Export - Export API key
  • UserProvisioning - SCIM Provisioning

actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.

ownerId indicates the user ID of the user who created the API key. 

2024-01-01
{
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}

 

APIKeyRevoked

An API key was deleted.

This applies for all API key types.

The type field specifies the key type:

  • SecurityAudit - Audit Logs API key
  • Import - Import API key
  • Export - Export API key
  • UserProvisioning - SCIM Provisioning

 

actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.

ownerId indicates the user ID of the user who created the API key. 

2024-01-01
{
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
APIKeyRenamed

An API key was renamed. 

This applies for all API key types.

The type field specifies the key type:

  • SecurityAudit - Audit Logs API key
  • Import - Import API key
  • Export - Export API key
  • UserProvisioning - SCIM Provisioning

actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.

ownerId indicates the user ID of the user who created the API key. 

2024-01-01
{
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
APIKeyRenewed

An API key expiration date was updated. 

This applies for all API key types.

The type field specifies the key type:

  • SecurityAudit - Audit Logs API key
  • Import - Import API key
  • Export - Export API key
  • UserProvisioning - SCIM Provisioning

actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.

ownerId indicates the user ID of the user who created the API key. 

2024-01-01
{
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}

 

Data Export Event Type

 

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
DataExported

Data exported from any Pigment block using the Pigment Export API will be logged in this event.

If data is exported through the Pigment UI, only Dimension and Transaction Lists have this event.

2024-01-01
{
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
}
}

 

Application Security Settings Event Type

 

Audit Log Event Type  Description Earliest Possible Start Date Sample Payload
InheritanceSettingsUpdated

Data access rights inheritance options were updated in the application. 

In the settings field:

  • The value for  allowResetAccessRightsForSharedBlocksDependencies  is equal to true  when the setting to allow the use of RESETACCESSRIGHTS on Shared Blocks is activated.
  • The value for disableAccessRightsInheritanceForBlocksInApp is equal to true when the setting to remove inheritance throughout the entire application is activated.
2024-02-05
{
"application":
{
"id":"ABC123",
"name":"My Application"},
"settings":
{
"allowResetAccessRightsForSharedBlocksDependencies":false
}
}
AccessRightsRuleCreated

When a data access rights rule is created, this event is logged.

Details available in the payload:
settings contains the following parameters:

  • read: The value will be true if either the Read option or Read and Write option is selected
  • write: The value will be true if either the Write option only or Read and Write option is selected
  • applyRule: The value will be true if the rule is created to “apply”, false if the rule created is set to “do not apply

accessRightsMetric contains details (name, id, application) about the access rights type metric that is created for the configuration.

ruleAppliesTo contains details about the selected options for where the rule is set in the application. Depending on the settings for the rule, the following information will be logged:

  • all: The value will be true if the rule is set for All Metrics and List Properties in the application.
  • singleMetric :
    • This parameter will be logged if the rule is set for Specific Metric(s)
    • The specific Metric details will be logged in this parameter (metric id, name)
    • There will be a single event per metric where the rule is added
  • metricsUsingSpecificDimensions :
    • This parameter will be logged if the rule is set for All Metrics using specific Dimension(s)
    • The dimension details will be logged (dimension id, name)
  • listProperty:
    • This parameter will be logged if the rule is set on a list property through either the Specific List Properties or List Items Values options
    • There will be a single event per list property where the rule is added.
    • This parameter will contain the details of the dimension or transaction list where the rule is set 
    • This parameter will contain details of the property on which the rule is set (propertyId, propertyName)
    • If a dimension is mapped to a property on the list, this parameter will contain details of the mapped dimension (id and name), as well as the details of the property which the dimension is mapped to (mappedToId and mappedToName)
2024-03-11
{"application":
{"id":"ABC123","name":"My Application"},
"settings":
{
"read":true,
"write":true,
"applyRule":true,
"accessRightsMetric":
{
"id":"ABC123",
"name":"My access rights Metric",
"application":
{
"id":"ABC124",
"name":"My Application"
},
"entityType":"Metric"
},
"ruleAppliesTo":
{
"singleMetric":
{
"metric":
{
"id":"ABC123",
"name":"My Metric",
"application":
{
"id":"ABC123","name":"My Applicatio"},
"entityType":"Metric"
}}}}}

 

AccessRightsRuleDeleted

When a data access rights rule is deleted, this event is logged.

Details available in the payload:
settings contains the following parameters:

  • read: The value will be true if either the Read option or Read and Write option is selected
  • write: The value will be true if either the Write option only or Read and Write option is selected
  • applyRule: The value will be true if the rule is created to “apply”, false if the rule created is set to “do not apply

accessRightsMetric contains details (name, id, application) about the access rights type metric that is created for the configuration.

ruleAppliesTo contains details about the selected options for where the rule is set in the application. Depending on the settings for the rule, the following information will be logged:

  • all: The value will be true if the rule is set for All Metrics and List Properties in the application.
  • singleMetric :
    • This parameter will be logged if the rule is set for Specific Metric(s)
    • The specific Metric details will be logged in this parameter (metric id, name)
    • There will be a single event per metric where the rule is added
  • metricsUsingSpecificDimensions :
    • This parameter will be logged if the rule is set for All Metrics using specific Dimension(s)
    • The dimension details will be logged (dimension id, name)
  • listProperty:
    • This parameter will be logged if the rule is set on a list property through either the Specific List Properties or List Items Values options
    • There will be a single event per list property where the rule is added.
    • This parameter will contain the details of the dimension or transaction list where the rule is set 
    • This parameter will contain details of the property on which the rule is set (propertyId, propertyName)
    • If a dimension is mapped to a property on the list, this parameter will contain details of the mapped dimension (id and name), as well as the details of the property which the dimension is mapped to (mappedToId and mappedToName)
2024-03-11
{
"application":
{
"id":"ABC123",
"name":"My Application"
},
"settings":
{
"read":true,
"write":true,
"applyRule":true,
"accessRightsMetric":
{
"id":"ABC123",
"name":"My access rights Metric",
"application":
{
"id":"ABC123","name":"My Application"
},
"entityType":"Metric"
},
"ruleAppliesTo":
{
"metricsUsingSpecificDimensions":
{
"dimensions":
[{"id":"ABC123","name":"My Dimension",
"application":
{"id":"ABC123","name":"My Application"},
"entityType":"Dimension"},
{"id":"ABC123","name":"My Dimension 2",
"application":
{"id":"ABC123","name":"My Application"},"entityType":"Dimension"
}]}}}}

 


0 replies

Be the first to reply!

Reply