Skip to main content

Access Control - Tracking User Actions (v6.0 and up)

Access Control includes the AuditTrail database table. The AuditTrail database table presents an audit log that can be used to track access control user actions. This table resides in the new CxDB schema under 'accesscontrol': [CxDB].[accesscontrol].[AuditTrail].

6436227786.jpg

A typical use case for using the audit log is if a user is suddenly denied access and cannot log in, you can look at the audit log to see who disabled the user and when. Another use case is if a user transfers from one team to another for an unknown reason, you can see who transferred the user and when.

The following user actions are audited in the AuditTrail database table:

Event Type

Action

UserCreated

User-created

UserUpdated

User updated (update doesn't include 'roles added or removed')

UserDeleted

User deleted

SuccessfulLogin

Successful login

FailedLogin

Failed login

TeamMemberAdded

Team member added

TeamMemberDeleted

Team member deleted

UserRolesUpdated

User roles updated (update includes 'roles added,' 'roles removed,' or 'roles added and removed')

WindowsDomainDeleted

Windows domain deleted

WindowsDomainUpdated

Windows domain updated

WindowsDomainCreated

Windows domain created

LdapServerDeleted

LDAP Server deleted

LdapServerUpdated

LDAP Server updated

LdapServerCreated

LDAP Server created

SamlServiceProviderUpdated

Saml Service Provider updated

SamlIdentityProviderCreated

Saml Identity Provider created

SamlIdentityProviderUpdated

Saml Identity Provider updated

SamlIdentityProviderDeleted

Saml Identity Provider deleted

RoleCreated

Role created (creation includes 'with permissions' or 'without permissions')

RoleUpdated

Role updated (update includes 'no permissions added or removed,' 'permissions removed,' or 'permissions added')

RoleDeleted

Role deleted

TenantDeleted

Tenant deleted

ApiAuthExceptionEvent

An exception is thrown when an anonymous user performs a request or when the user session is invalid.

SignOut

The user signs out.

TeamDeleted

Team deleted

TeamCreated

Team created

SmtpServerCreated

SMTP Server created

SmtpServerDeleted

SMTP Server deleted

SmtpServerUpdated

SMTP Server updated

TenantCreated

New tenant created

TenantUpdated

Tenant updated

PasswordChanged

Password changed by the admin, forgotten by the user, or updated by the user.

The following information for each user action is listed in the AuditTrail database table:

Field

Description

Id

The event Id

UserId

The user ID of the one who acted.

NOTE: If the UserId is NULL, the system acts automatically.

UserName

The user name of the one who acted.

NOTE: In case the UserId is NULL, the UserName is System, except in case of FailedLogin (UserName doesn’t exist), whereas the UserName is the one provided by the user.

Type

The type of user action performed (see the 'User Actions Type' table above).

Details

Details will differ per user action type.

Example 1: For a FailedLogin action, the failed user will be contained in the 'UserName,' and the Authentication Provider type will be in the 'Details.'

Example 2: For a TeamMemberAdded action, the user name & team name are contained in the 'Details.'

Timestamp

Time/date of the user action.

OriginIpAddress

The user’s IP address is logged for every action.

NOTE: This can be especially useful for a FailedLogin – to understand how it occurred and where it came from.

Some generic events are also logged into the audit trail table:

Event Type

OidcApiResourceAddedEvent

OidcApiResourceDeletedEvent

OidcApiResourceUpdatedEvent

EntityCreatedEvent

EntityDeletedEvent

EntityUpdatedEvent

OidcClientAddedEvent

OidcClientDeletedEvent

OidcClientUpdatedEvent

A new data pattern was designed for detailed column information. The column contains a JSON object with the important information collected.

Refer to the table below to understand the detailed column content information.

Key

Description

TenantId

Tenant Id.

AuthenticationProvider

Authentication Provider content information.

Username

This is the username of the user account that acted.

Id

This is the ID of the user account that acted.

Info

Generic information related to the action. Example:

UserUpdate is displayed if the user's status changes and the status is updated.