Skip to main content

Audit Events

Audit events are tracked by Alteryx One and captured in the audit trail.

Account Administration

Event

Description

Additional Metadata

A product entitlement has been removed as a result of an expired contract

A product has been enabled in a workspace as a result of a change to the contract.

A product has been enabled in a workspace as a result of a change to the contract

A product has been disabled in a workspace as a result of an expired contract.

An API access token has been set up as a result of a contract change

An API access token has been disabled as a result of an expired contract.

assign_user_seats

1 or more users have been assigned a role.

userIdsWithUnassignedSeat

productPolicyId

create_audit_storage_connection

Audit to cloud storage connection is created.

bucketName

cloudStorageType (S3, Azure, GCS, etc)

create_billing_account

Creation of a billing account.

billingAccountId

billingAccount.getName()

delete_audit_storage_connection

Audit to cloud storage connection is deleted.

cloudStorageType (S3, Azure, GCS, etc)

(if successful)

bucketName

deprovision_product

A product entitlement has been removed as a result of an expired contract.

productName

productSKU

enable_api_access

An API access token has been set up as a result of a contract change.

licenseBillingService

insufficient_seats_quantity_for_role

An attempt to assign 1 or more users a role was rejected because there were insufficient seats for a specific role.

productPolicyId

userIdsWithUnassignedSeat

no_user_seats_assigned

An attempt to assign 1 or more users a role was rejected because the users were already assigned the specified role.

productPolicyIduserIds

no_user_seats_assigned

An attempt to assign 1 or more users a role was rejected because there were insufficient entitlements.

productPolicyIduserIds

no_user_seats_to_revoke

An attempt to remove seats occurred, but it was not successful as there are no seats to be revoked.

removedProductPolicyIds

removedUserIds

provision_product

A product entitlement has been provisioned as a result of a change to the contract.

productName

productSKU

revoke_user_seats_due_to_overages

An attempt to add assigned seats exceeded the contracted values and the seats causing overages have been revoked.

removedProductPolicyIds

removedUserIds

revoke_user_seats

Seats have been revoked.

removedProductPolicyIds

removedUserIds

update_audit_storage_connection

Audit to cloud storage connection is updated.

cloudStorageType (S3, Azure, GCS, etc)

new: {
 bucketName, 
 bucketRegion,
 roleArn
}

(if successful)

old: 
{  
  bucketName,
  bucketRegion,  
  roleArn 
}

update_billing_account

A modification to the name of the billing account.

billingAccountId

oldBillingAccountName

newBillingAccountName

update_entitlements_quantity

A modification to the number of effective entitlements.

oldEntitlementQuantity

newEntitlementQuantity

update_workspace_tier

A modification to the contract tier.

oldTierName

newTierName

workspaceName

Workflow

Event

Description

Additional Metadata

create_workflow

Creating a new workflow. workflowMode could be: Cloud Native, Standard.

assetId

workflowName

workflowMode

import_workflow

Importing workflow is complete.

assetId

workflowName

delete_workflow

Workflow is deleted.

assetId

workflowName

workflow_run_initiated

Initiating Full Run execution for workflow. initiatedFrom could be: Schedule, Plans, Cloud.

assetId

workflowName

initiatedFrom

export_workflow

Workflow is exported.

assetId

workflowName

update_workflow

Capturing any update to a workflow (when a new version was added for workflow).

assetId

workflowName

rename_workflow

Renaming workflow.

assetId

oldWorkflowName

newWorkflowName

set_workflow_version_name

Setting a name for specific workflow version.

assetId

versionId

versionName

remove_access_workflow

Removing access for workflow.

assetId

workflowName

removedAccessUserId

removedAccessUserEmail

share_access_workflow

Sharing access on workflow. permissionType could be: view/edit.

assetId

workflowName

shareeUserId

shareeEmail

permissionType

Scheduling

Event

Description

Additional Metadata

create_schedule_data_connection

Schedule data connection created.

asset_type

asset_id(s)

create_schedule

Schedule created.

asset_type

asset_id(s)

delete_schedule

Schedule deleted.

asset_type

asset_id(s)

disable_schedule

Schedule disabled.

asset_type

asset_id(s)

enable_schedule

Schedule enabled.

asset_type

asset_id(s)

modify_schedule

Schedule modified.

asset_type

asset_id(s)

update_schedule_data_connection

Schedule data connection updated.

asset_type

asset_id(s)

Plans

Event

Description

Additional Metadata

create_plan

Plan created.

assetId

planName

delete_plan

Plan deleted

assetId

planName

Email_Task_Added

Email task added to a Plan.

assetId

planName

HTTP_Task_Added

HTTP task added to a Plan.

assetId

planName

Email_Task_Recipient

Recipients added/deleted from an email task (To, CC, BCC).

assetId

planName

HTTP_Task_Edited

Configuration of an HTTP task in a plan edited.

assetId

planName

rename_plan

Plan renamed.

assetId

planName

assetId

initiatedFrom

share_access_plan

Plan shared. As a successful event is considered only plan shared, not dependencies.

assetId

planName

shareeUserId

shareeEmail

permissionType

export_plan

Plan exported.

assetId

planName

import_plan

Plan imported.

assetId

planName

transfer_owner_plan

Plan ownership transferred to another user.

assetId

planName

planOldOwner

planNewOwner

Plan_Output_Download

Output downloaded as part of a plan .

assetId

planName

Authentication

Event Key

Event Description

Additional Metadata Fields

create_oauth_token

Create OAuth 2.0 API token by user <userId> in workspace|account <workspaceId>|<accountId>.

create_session

Session <sessionId> created at location <location> using <browser>.

create_static_api_token

Create access token by user <userId> in workspace|account <workspaceId>|<accountId>.

create_user

Create user <email>.

delete_oauth_token

Delete OAuth 2.0 API token <tokenId> in workspace|account <workspaceId>|<accountId>.

delete_static_api_token

Delete access token <tokenId> from workspace <workspaceId>|<accountId>.

export_status_rescan_domain_trigger

The export status domain rescan has been triggered.

emailDomain

export_status_rescan_login

A user’s export status was rescanned during login.

exportStatus

export_status_rescan_trigger

The export status rescan has been triggered.

export_status_update

A user’s export status was updated by Amber Road event.

exportStatus, updatedStatus

force_reset_password

Force user <userId> to reset password on sign in.

reset_password

Reset password for user <userId>.

revoke_oauth_token

Revoke OAuth 2.0 API token <tokenId> in workspace|account <workspaceId>|<accountId>.

revoke_session

Revoke Session <sessionId> of user <userId>.

create_ip_list

Create IP List for account <accountId>.

create_sso_config

Create SSO config in workspace|account <workspaceId>|<accountId>.

update_sso_config

Update SSO config in workspace|account <workspaceId>|<accountId>.

update_ip_list

Update IP List for account <accountId>.

existingIpAddresses, updatedIpAddresses

update_password

Update user <userId> password.

update_user

Update user <userId>.

validate_one_time_passcode

Validate OTP for email <email>.

Authorization

Event Key

Event Description

Additional Metadata Fields

add_group_role

Add role [roleId] to group [groupId].

group object, [user objects], [role objects]

add_group_user

Add user [userGid] to group [groupId].

group object, [user objects], [role objects]

asset_transfer_event

Ownership of <assets> was transferred to PersonId-<PersonId> PersonEmail-<personEmail>.

assets, toPersonId, toPersonEmail

assign_role

Assign role <roleId> to users <userIds> in workspace <workspaceId>.

create_role

Create role <roleName> in workspace <workspaceId>.

disable_scim

SCIM connection disabled by [email].

disable_user

Disable user <personId> in workspace <workspaceId>.

enable_user

Enable user <personId> in workspace <workspaceId>.

generate_scim_token

SCIM token generated by [email].

invite_user

Invite user <email> to workspace|account <workspaceId>|<accountId>.

reinvite_user

Reinvite user(s) <personIds> to account <workspaceId>|<accountId>.

remove_group_role

Remove role [roleId] from group [groupId].

group object], [user objects], [role objects]

remove_group_user

Remove user [userGid] from group [groupId].

group object], [user objects], [role objects]

remove_user

Removed user <personIds> from account <accountId>.

or

Removed user <personIds> from workspace <workspaceId>.

revoke_role

Unassign role <roleId> from user <userId> in workspace <workspaceId>.

create_group

Add user [email] to group [groupId].

delete_group

Remove user [email] from group [groupId].

enable_scim

SCIM connection enabled by [email].

update_group

Group display name changed to [name].

update_role

Update role <roleId> in workspace <workspaceId>.

Workspace Management

Event Key

Event Description

Additional Metadata Fields

add_workspace

Create Workspace with name <name> and <max_user_number> max users for billingAccountId <accountId>.

or

Create Workspace with name <name> and <max_user_number> max users for tier <tier>.

delete_workspace

Delete workspace <workspaceId>.

update_workspace

Updated Workspace Details name to <name> and max users to <maxUserNumber> for workspaceId <workspaceId> and billingAccountId <accountId>.

workspace_setting_change

Update configuration in workspace <workspaceId>:<configurationName>.

configurationName, configurationValue, workspaceName