Auditing Platform Events

For audit purposes, you can get a list of events that have occurred on the GoodData platform. To do so, use the audit events API.

The audit events are stored for seven days.

A domain admin can list the audit events for the whole domain and for any user in their domain. A user can list only their own events.

Event Properties

An event has the following properties:

  • id is the unique ID of the event.
  • userLogin is the login name (email address) of the user who performed the event.
  • userIp is the IP address of the user who performed the event.
  • success indicates whether the event was successful (true/false).
  • type is the event type.
  • occurred is the timestamp when the event occurred.
  • recorded is the timestamp when the event was recorded by the system.
  • (For some event types only) params is a string/string map of additional context information.
  • (For some event types only) links is a string/string map of the affected resources.

Event Types

TypeDescriptionAdditional parameters in paramsAffected resources in links
ACCOUNT_LOCKA user failed to succesfully login and triggered an account lock.

lockType is the type of lock that was applied (rate_limit).

(For lockType=rate_limit only) subtype is the type of rate_limit lock applied (perIpLimited or perUsernameAndIpLimited).

enabledTimestamp is the timestamp at which the account is unlocked.

 
CONNECTION

A connection was established.

For example, connecting to the GoodData platform using a Data Warehouse proxy triggers this event.

 

component is the component that the connection was established to.

connection_id is the ID of the connection.

DATA_ACCESSA user accessed workspace data.

type is the resource used for accessing data (elements, validElements, dataResult, datawarehouse).

(For type=datawarehouse only) connection_id  is the unique ID of the connection with the Data Warehouse instance.

(For type=datawarehouse only) execution_id is the unique ID of each execution. More than one DATAWAREHOUSE_DATA_ACCESS event with different execution_id's in one connection can be present.

workspace is the URI of the workspace whose data was accessed.

(For type=datawarehouse only) datawarehouse is the URI of the Data Warehouse instance the user tried to access data on.

DATA_EXPORT

A workspace dashboard was exported to PDF.

A workspace report was exported to PDF, PNG, XLSX, CSV, or raw CSV.

format is the export format (such as application/pdf for PDF, application/raw for raw CSV, and so on).

preview identifies whether the data export was performed in preview mode (true/false).

workspace is the URI of the workspace where the exported dashboard or report belongs to.

datawarehouse is the URI of the Data Warehouse instance the data was exported from.

workspace is the URI of the workspace where the data export was performed.

(For exported dashboards only) dashboard is the URI of the exported dashboard.

DATAWAREHOUSE_LOGOUT

A user logged out from the Data Warehouse instance.

connection_id is the unique ID of the connection with the Data Warehouse instance.

timeout identifies whether the logout was forced by the proxy timeout (true/false).

datawarehouse is the URI of the Data Warehouse instance the user logged out from.

DATAWAREHOUSE_USER_ADD

A user was added to the Data Warehouse instance.

 

datawarehouse is the URI of the Data Warehouse instance the user was added to.

profile is the URI of the user's profile who was added to the Data Warehouse instance.

DATAWAREHOUSE_USER_REMOVEA user was removed from the Data Warehouse instance. 

datawarehouse is the URI of the Data Warehouse instance the user was removed from.

profile is the URI of the user's profile who was removed from the Data Warehouse instance.

ETL_ADD_MANUAL_EXECUTE

A user manually executed Automated Data Distribution (ADD; see Automated Data Distribution Reference) either by manually executing an ADD process schedule or by executing an ADD process.

 

workspace is the URI of the workspace where the executed ADD process was placed.

process is the URI of the executed ADD process.

execution is the URI of the ADD process execution.

instance is the URI of the Data Warehouse instance where ADD ran.

ETL_PROCESS_CREATEA user created an ETL process. 

workspace is the URI of the workspace where the ETL process was created.

process is the URI of the created ETL process.

ETL_PROCESS_DELETEA user deleted an ETL process. 

workspace is the URI of the workspace where the ETL process was deleted from.

process is the URI of the deleted ETL process.

ETL_PROCESS_MANUAL_ EXECUTEA user manually executed an ETL process. 

workspace is the URI of the workspace where the executed ETL process was placed.

process is the URI of the executed ETL process.

execution is the URI of the ETL process execution.

ETL_PROCESS_UPDATEA user updated an ETL process. 

workspace is the URI of the workspace where the ETL process was updated.

process is the URI of the updated ETL process.

ETL_SCHEDULE_CHANGEA user changed an ETL schedule. 

workspace is the URI of the workspace where the changed ETL schedule was placed.

process is the URI of the ETL process that contains the changed ETL schedule.

schedule is the URI of the changed ETL schedule.

ETL_SCHEDULE_MANUAL_ EXECUTEA user manually executed an ETL schedule. 

workspace is the URI of the workspace where the executed ETL schedule was placed.

process is the URI of the ETL process that contains the executed ETL schedule.

schedule is the URI of the executed ETL schedule.

execution is the URI of the ETL schedule execution.

INVITATION_RESENTAn invitation to join a workspace was re-sent to a user.invited is the email of the invited user.

workspace is the URI of the workspace to which the user was invited.

role is the URI of the role under which the user was invited to the workspace (see User Roles).

INVITATION_SENTAn invitation to join a workspace was sent to a user.invited is the email of the invited user.

workspace is the URI of the workspace to which the user was invited.

role is the URI of the role under which the user was invited to the workspace (see User Roles).

LOGINA user logged in to the GoodData platform.

loginType is the type of login (basic authentication login, username/password login, SSO, SFTP, and so on).

component is the component that the user logged in to (web app, WebDAV, Data Warehouse).

(For loginType=sftp only) workspace is the URI of the workspace to which the user logged in via SFTP.

PROJECT_USER_ADDA user was added to the workspace. 

workspace is the URI of the workspace to which the user was added.

profile is the URI of the user's profile who was added.

PROJECT_USER_STATUS_CHANGEThe status in a user's profile changed.status is the changed status (ENABLED/DISABLED) of the user.

workspace is the URI of the workspace in which the user's status changed.

profile is the URI of the user's profile.

SCHEDULED_MAIL_SENDA scheduled email was sent.bcc is the email addresses of the users who are specified in the Bcc field of the scheduled email.

workspace is the URI of the workspace from which the scheduled email was sent.

SSO_LOGOUTA user was logged out.  
SSO_PROVIDER_CREATEAn SSO provider was created through the API.

providerName is the name of the SSO provider.

providerType is the type of the SSO provider.

domainId is the ID of the domain the SSO provider belongs to.

 
SSO_PROVIDER_DELETEAn SSO provider was deleted through the API.

providerName is the name of the SSO provider.

providerType is the type of the SSO provider.

domainId is the ID of the domain the SSO provider belongs to.

 
SSO_PROVIDER_UPDATEAn SSO provider was updated through the API.

providerName is the name of the SSO provider.

providerType is the type of the SSO provider.

domainId is the ID of the domain the SSO provider belongs to.

 
SST_CREATEA Super Secured Token (SST) was created and saved for a user.

verify_level specifies how the SST should be returned to the client, in an HTTP cookie or a custom HTTP header (see API for logging in to the GoodData platform).

profile is the URI of the user's profile for whom the SST was created.

STANDARD_LOGOUTA user logged out.  
USER_CREATEA user account was created.

login is the login of the created user.

domain is the domain that the created user belongs to.

profile is the URI of the created user's profile.
USER_DELETEA user account was deleted.

login is the login of the deleted user.

domain is the domain that the deleted user belongs to.

profile is the URI of the deleted user's profile.
USER_IP_WHITELIST_CHANGE

The IP whitelisting setting (see GoodData IP Addresses and IP Whitelisting) in a user's profile changed.

 

profile is the URI of the user's profile.

USER_PASSWORD_CHANGEA user's password was changed, created, or reset.

login is the login of the user.

domain is the domain that the user belongs to.

 

USER_PROFILE_CHANGEA user's profile changed. 

profile is the URI of the user's profile.

USER_PROVISIONED_BY_SAML

A user was provisioned by SAML login (SAML provider).

This event covers all provisioning steps: provisioning a user, provisioning a user in the workspace, provisioning a user group. If one of the steps fails, the event is considered unsuccessful.

saml_provider is the provider that did the provisioning.

project_id is the ID of the workspace where the user was provisioned (present only if dataproduct_id and client_id are not specified).

(Optional) dataproduct_id and client_id are the data product ID and the client ID, respectively, where the user was provisioned.

project_role is the user role in the provisioned workspace (see User Roles) (if not specified, the default role was assigned).

user_groups is the provisioned user groups of the user (if not specified, no user groups were provisioned).