Audit Events
Audit events are tracked by Alteryx One and captured in the audit trail.
Account Administration
Event | Description | Additional Metadata |
---|---|---|
| A product has been enabled in a workspace as a result of a change to the contract. | |
| A product has been disabled in a workspace as a result of an expired contract. | |
| An API access token has been disabled as a result of an expired contract. | |
| 1 or more users have been assigned a role. | userIdsWithUnassignedSeat productPolicyId |
| Audit to cloud storage connection is created. | bucketName cloudStorageType (S3, Azure, GCS, etc) |
| Creation of a billing account. | billingAccountId billingAccount.getName() |
| Audit to cloud storage connection is deleted. | cloudStorageType (S3, Azure, GCS, etc) (if successful) bucketName |
| A product entitlement has been removed as a result of an expired contract. | productName productSKU |
| An API access token has been set up as a result of a contract change. | licenseBillingService |
| An attempt to assign 1 or more users a role was rejected because there were insufficient seats for a specific role. | productPolicyId userIdsWithUnassignedSeat |
| An attempt to assign 1 or more users a role was rejected because the users were already assigned the specified role. | productPolicyIduserIds |
| An attempt to assign 1 or more users a role was rejected because there were insufficient entitlements. | productPolicyIduserIds |
| An attempt to remove seats occurred, but it was not successful as there are no seats to be revoked. | removedProductPolicyIds removedUserIds |
| A product entitlement has been provisioned as a result of a change to the contract. | productName productSKU |
| An attempt to add assigned seats exceeded the contracted values and the seats causing overages have been revoked. | removedProductPolicyIds removedUserIds |
| Seats have been revoked. | removedProductPolicyIds removedUserIds |
| Audit to cloud storage connection is updated. | cloudStorageType (S3, Azure, GCS, etc) new: { bucketName, bucketRegion, roleArn } (if successful) old: { bucketName, bucketRegion, roleArn } |
| A modification to the name of the billing account. | billingAccountId oldBillingAccountName newBillingAccountName |
| A modification to the number of effective entitlements. | oldEntitlementQuantity newEntitlementQuantity |
| A modification to the contract tier. | oldTierName newTierName workspaceName |
Workflow
Event | Description | Additional Metadata |
---|---|---|
| Creating a new workflow. | assetId workflowName workflowMode |
| Importing workflow is complete. | assetId workflowName |
| Workflow is deleted. | assetId workflowName |
| Initiating Full Run execution for workflow. | assetId workflowName initiatedFrom |
| Workflow is exported. | assetId workflowName |
| Capturing any update to a workflow (when a new version was added for workflow). | assetId workflowName |
| Renaming workflow. | assetId oldWorkflowName newWorkflowName |
| Setting a name for specific workflow version. | assetId versionId versionName |
| Removing access for workflow. | assetId workflowName removedAccessUserId removedAccessUserEmail |
| Sharing access on workflow. | assetId workflowName shareeUserId shareeEmail permissionType |
Scheduling
Event | Description | Additional Metadata |
---|---|---|
| Schedule data connection created. | asset_type asset_id(s) |
| Schedule created. | asset_type asset_id(s) |
| Schedule deleted. | asset_type asset_id(s) |
| Schedule disabled. | asset_type asset_id(s) |
| Schedule enabled. | asset_type asset_id(s) |
| Schedule modified. | asset_type asset_id(s) |
| Schedule data connection updated. | asset_type asset_id(s) |
Plans
Event | Description | Additional Metadata |
---|---|---|
| Plan created. | assetId planName |
| Plan deleted | assetId planName |
| Email task added to a Plan. | assetId planName |
| HTTP task added to a Plan. | assetId planName |
| Recipients added/deleted from an email task (To, CC, BCC). | assetId planName |
| Configuration of an HTTP task in a plan edited. | assetId planName |
| Plan renamed. | assetId planName assetId initiatedFrom |
| Plan shared. As a successful event is considered only plan shared, not dependencies. | assetId planName shareeUserId shareeEmail permissionType |
| Plan exported. | assetId planName |
| Plan imported. | assetId planName |
| Plan ownership transferred to another user. | assetId planName planOldOwner planNewOwner |
| Output downloaded as part of a plan . | assetId planName |
Authentication
Event Key | Event Description | Additional Metadata Fields |
---|---|---|
| Create OAuth 2.0 API token by user <userId> in workspace|account <workspaceId>|<accountId>. | |
| Session <sessionId> created at location <location> using <browser>. | |
| Create access token by user <userId> in workspace|account <workspaceId>|<accountId>. | |
| Create user <email>. | |
| Delete OAuth 2.0 API token <tokenId> in workspace|account <workspaceId>|<accountId>. | |
| Delete access token <tokenId> from workspace <workspaceId>|<accountId>. | |
| The export status domain rescan has been triggered. | emailDomain |
| A user’s export status was rescanned during login. | exportStatus |
| The export status rescan has been triggered. | |
| A user’s export status was updated by Amber Road event. | exportStatus, updatedStatus |
| Force user <userId> to reset password on sign in. | |
| Reset password for user <userId>. | |
| Revoke OAuth 2.0 API token <tokenId> in workspace|account <workspaceId>|<accountId>. | |
| Revoke Session <sessionId> of user <userId>. | |
| Create IP List for account <accountId>. | |
| Create SSO config in workspace|account <workspaceId>|<accountId>. | |
| Update SSO config in workspace|account <workspaceId>|<accountId>. | |
| Update IP List for account <accountId>. | existingIpAddresses, updatedIpAddresses |
| Update user <userId> password. | |
| Update user <userId>. | |
| Validate OTP for email <email>. |
Authorization
Event Key | Event Description | Additional Metadata Fields |
---|---|---|
| Add role [roleId] to group [groupId]. | group object, [user objects], [role objects] |
| Add user [userGid] to group [groupId]. | group object, [user objects], [role objects] |
| Ownership of <assets> was transferred to PersonId-<PersonId> PersonEmail-<personEmail>. | assets, toPersonId, toPersonEmail |
| Assign role <roleId> to users <userIds> in workspace <workspaceId>. | |
| Create role <roleName> in workspace <workspaceId>. | |
| SCIM connection disabled by [email]. | |
| Disable user <personId> in workspace <workspaceId>. | |
| Enable user <personId> in workspace <workspaceId>. | |
| SCIM token generated by [email]. | |
| Invite user <email> to workspace|account <workspaceId>|<accountId>. | |
| Reinvite user(s) <personIds> to account <workspaceId>|<accountId>. | |
| Remove role [roleId] from group [groupId]. | group object], [user objects], [role objects] |
| Remove user [userGid] from group [groupId]. | group object], [user objects], [role objects] |
| Removed user <personIds> from account <accountId>. or Removed user <personIds> from workspace <workspaceId>. | |
| Unassign role <roleId> from user <userId> in workspace <workspaceId>. | |
| Add user [email] to group [groupId]. | |
| Remove user [email] from group [groupId]. | |
| SCIM connection enabled by [email]. | |
| Group display name changed to [name]. | |
| Update role <roleId> in workspace <workspaceId>. |
Workspace Management
Event Key | Event Description | Additional Metadata Fields |
---|---|---|
| Create Workspace with name <name> and <max_user_number> max users for billingAccountId <accountId>. or Create Workspace with name <name> and <max_user_number> max users for tier <tier>. | |
| Delete workspace <workspaceId>. | |
| Updated Workspace Details name to <name> and max users to <maxUserNumber> for workspaceId <workspaceId> and billingAccountId <accountId>. | |
| Update configuration in workspace <workspaceId>:<configurationName>. | configurationName, configurationValue, workspaceName |