Complete logging of all events is maintained in the repository. Audit reports may be either user driven or object driven.
User driven reports are available in MANAGE > Users.
Object driven reports are available in the History tab of any object, and the Repository as a whole has a History tab as well.
Additionally, audit logs may be downloaded using the REST API.
Audit Event Types
The object based (History tab) UI logs include:
-
Date/Time
-
User
-
Object and Context
-
Event Type
-
Description including IP Address.
Where the event types are defined as follows:
| Audit Event Type | Notes | Where to find the audit event |
|---|---|---|
| Created | A “Created” event is added when a user creates a new repository object, such as a folder or model. Creating a new configuration, glossary, physical data model, semantic mapping or data mapping also causes a new version of the model to be created. Therefore a “Created” event is created for the new version as well. A “Created” event is also added when a new model version is imported. | History tab of the newly created repository object, i.e. folder, model or version |
| A “Created” event is also added when the user creates a new glossary object, such as a term, or a physical data model object, such as schema, table, view, column, or primary key, etc. | History tab of the glossary model or physical data model andHistory tab of the newly created object | |
| A “Created” event is also added when a user creates a new user, group, data class, custom attribute, collection, worksheet or dashboard. | The audit event on the user, group, data class, custom attribute, collection, worksheet or dashboard can be found in the csv file generated by “Download user audit log”. | |
| Added child | An “Added child” event is added when a user creates a new repository object, such as folder or model. The newly created folder or model becomes a child of the folder where the new folder or model is placed in. Creating a new configuration, glossary, physical data model, semantic mapping or data mapping, or importing a new model version causes a new version of the object to be created. The new version becomes a child of the model. | History tab of the folder where the new folder or model is placed in andHistory tab of the model where the new version belongs to |
| An “Added child” event is also added when a user moves a repository object such as a folder or model from one folder < f1 > to another folder < f2 >. The repository object becomes a child of < f2 > | History tab of the destination folder < f2 > | |
| Deleted | A “Deleted” event is added when a user deletes a repository object, such as folder, model or version. | History tab of the folder where the deleted folder or model was in and History tab of the model where the deleted version used to belong to |
| A “Deleted” event is also added when the user removes a folder or model from a configuration | The “Deleted” audit event on the configuration can be found in the csv file generated by “Download audit log” which should also be found in the History tab of the configuration version | |
| A “Deleted” event is also added when the user deletes a glossary object, such as a term, or a physical data model object, such as schema, table, view, column, or primary key, etc. | History tab of the glossary model or physical data model | |
| A “Deleted” event is also added when a user deletes a user, group, data class, custom attribute, collection, worksheet or dashboard. | The audit event on the user, group, data class, custom attribute, collection, worksheet or dashboard can be found in the csv file generated by “Download user audit log”. | |
| Removed child | A “Removed child” event is added when a user deletes a repository object, such as folder or model from a folder, or deletes a version from a model. | History tab of the folder where the deleted folder or model was in and History tab of the model where the deleted version used to belong to |
| A “Deleted child” event is also added when a user moves a repository object such as a folder or model from one folder < f1 > to another folder < f2 >. | History tab of the source folder < f1 > | |
| Move | A “Move” event is added when a user moves a repository object such as a folder or model from one folder < f1 > to another folder < f2 >. | History tab of the repository object being moved |
| Set Attribute | A “Set attribute” event is added when a user updates an attribute of a repository object, such as folder, model or version. The attribute can be the name, description, import options, naming standards, etc. | History tab of the repository object being updated, i.e. folder, or version |
| A “Set attribute” event is also added when the user updates an updatable attribute of a object, such as name, description, and business name etc. | History tab of the object being updated andHistory tab of the model that the object belongs to | |
| A “Set attribute” event is also added when a user updates a user or group | The audit event on the user or group can be found in the csv file generated by “Download user audit log”. | |
| Set custom attribute | A “Set custom attribute” event is added when a user sets a custom attribute on an object | History tab of the object |
| Comment | A “Comment” event is added when a user enters a comment during another event, such as workflow transition, or setting attribute, etc. | History tab of the object |
| Link | A “Link” event is added when a user imports a new model version and sets the new version as the default version of a model | History tab of the external |
| A “Link” event is added when a user creates a relationship from one glossary term < term1 > to another glossary term < term2 > | History tab of the glossary term < term1 > | |
| A “Link” event is added when a user adds a user into a group or sets a default configuration to a group | The audit event on the user or group can be found in the csv file generated by “Download user audit log”. | |
| Unlink | A “Unlink” event is added when a user removes a relationship from one glossary term < term1 > to another glossary term < term2 > | History tab of the glossary term < term1 > |
| A “Unlink” event is added when a user removes a user from a group or cleared the default configuration on a group | The audit event on the user or group can be found in the csv file generated by “Download user audit log”. | |
| Workflow transition | A “Workflow transition” event is added when a user performs a workflow action which changed the status of the term | History tab of the glossary term |
| Authentication | An “Authentication” event is added when a user logs in successfully, fails to log in, logs out successfully, or the user’s session is expired due to inactivity. | The audit event on the user can be found in the csv file generated by “Download audit log” |
| Operation | An “Operation” event is added when a user starts an operation | The Operation audit events can be found in the csv file generated by “Download audit log” |
| Configuration | A “Configuration” event is added when a user lists a configuration models or traces lineage in a configuration | History tab of the configuration version |
| Assigned | An “Assigned” event is added when a user assigns a domain to a column of a Physical Data Model | History tab of the column |
| Unassigned | An “Unassigned” event is added when a user clears the domain on a column of a Physical Data Model | History tab of the column |
| Granted security role | A “Granted security role” event is added when a user assigns a security role to a custom attribute or repository object, or assigns a workflow object role to a custom model (e.g., glossary) or object (e.g., term). | The audit event on the custom attribute can be found in the csv file generated by “Download user audit log”.The audit event on the repository object can be found in the History tab of the repository object.The audit event on the glossary term can be found in the History tab of the term |
| Revoked security role | A “Revoked security role” event is added when a user removes a security role from a custom attribute or repository object, or removes a workflow object role from a custom model (e.g., glossary) or object (e.g., term). | The audit event on the custom attribute can be found in the csv file generated by “Download user audit log”.The audit event on the repository object can be found in the History tab of the repository object. |
| Added attachment | An “Added attachment” event is added when a user adds an attachment to a object | History tab of the object |
| Removed attachment | A “Removed attachment” event is added when a user removes an attachment from a object | History tab of the object |
| Edited | An “Edited” event is added when a user updates a data class, collection, worksheet or dashboard. | The audit event on the data class, collection, worksheet and dashboard can be found in the csv file generated by “Download user audit log” |
| An “Edited” event is also added when a user updates a certification, endorsement, warning or comment of a object | History tab of the object | |
| Added | An “Added” event is added when a user adds a label, data class, certification, endorsement, warning or comment to a object | History tab of the object |
| Removed | A “Removed” event is added when a user removes a label, data class, certification, endorsement, warning or comment from a object | History tab of the object |
Repository Audit Log
The audit events can be downloaded by selecting any folder in MANAGE > Repository via the History tab. In particular, one may select the entire Repository to get a complete log of all events in the repository.
Steps
-
Sign in as a user with at least the Application Administrator capability global role assignment.
-
Go to MANAGE > Repository
-
Select the folder or the Repository In the tree.
-
Go to the History tab.
-
From here you may filter by:
-
time PERIOD
-
USER
-
EVENT TYPE
-
search text FILTER.
-
Example
Sign in as Administrator, , select the Repository in the tree and go to the History tab.
In this case, we see events where the user Bob creates a hacker user who then deletes a model and signs out. Then Bob deletes that user. The audit history is maintained.
User Audit Log
The audit events can be downloaded via Manage Users > Download user audit log. They can also be seen on the User Profile's Activity Stream.
Steps
-
Sign in as a user with at least the Security Administrator capability global role assignment.
-
Go to MANAGE > Users
-
Right-click on a user and select Download user audit log.
-
A CSV file is produced.
Example
Sign in as Administrator, go to MANAGE > Users, Right-click on a user and select Download user audit log.
