Audit log query construction
You construct audit log queries for specific types of account management actions by combining the type, action, and modifier filter parameters.
note
Failed login attempts and failed switch to different accounts are not captured and logged only for internal use.
For information about constructing queries for specific types of actions performed in Master Data Hub, refer to the topic REST APIs.
| Action type | type | action | modifier |
|---|---|---|---|
| Enable account features (admin level) | account | EDIT | |
| Enable, change, or disable Account Usage Agreement | account | EDIT | NONE |
| Enable, change, or disable single sign-on (SSO) | account | EDIT | NONE |
| Enable or disable Session Lock and Terminate | account | EDIT | NONE |
| Enable or disable Session Concurrency | account | EDIT | NONE |
| Enable or disable two-factor authentication (account level) | account | EDIT | NONE |
| Force sign out account | account | LOGOUT | NONE |
| Modify an account password policy | account | EDIT | NONE |
| Modify CORS settings | account | EDIT | NONE |
| Log in/Switch accounts — success Note: Because logging into the platform is technically considered an account switch, this action encompasses both account switching at initial sign in and after logging in. Additionally, failed log in attempts are not captured. | account | ON_ENTRY | SUCCESS |
| Update Assure setting | account | EDIT | NONE |
| Modify an account Support Access Role | as.account.access | EDIT | NONE |
| Add Trusted IP Address on an account | account-ip_address | ADD | TRUSTEDIP Note: As of the January 2021 release, this audit log record shows a "TRUSTEDIP" modifier. Any historical records created prior to this date continue to show the previous WHITELISTING term. Searching for the account IP address type without a modifier produces entries for both the new TRUSTEDIP and the retired WHITELISTING modifier. |
| Delete Trusted IP Address from an account | account-ip_address | DELETE | TRUSTEDIP Note: As of the January 2021 release, the audit log record shows a TRUSTEDIP modifier. Any historical records created prior to this date continue to show the previous WHITELISTING term. Searching for the account IP address type without a modifier produces entries for both the new TRUSTEDIP and the retired WHITELISTING modifier. |
| Edit Trusted IP Address in an account | account-ip_address | EDIT | TRUSTEDIP **Note:**As of the January 2021 release, this audit log record shows a TRUSTEDIP modifier. Any historical records created before this date continues to show the previous WHITELISTING term. Searching for the account IP address type without a modifier produces entries for both the new TRUSTEDIP and the retired WHITELISTING modifier. |
| Add an API application | api.application | ADD | NONE |
| Update an API application | api.application | UPDATE | NONE |
| Add an authentication source | api.authentication_source | ADD | NONE |
| Remove an authentication source | api.authentication_source | DELETE | NONE |
| Update an authentication source | api.authentication_source | UPDATE | NONE |
| Add an API contract | api.contract | ADD | NONE |
| Update an API contract | api.contract | UPDATE | NONE |
| Add an API deployment | api.deployment | ADD | NONE |
| Deploy or Redeploy an API | api.deployment | DEPLOY | NONE |
| Remove an API deployment | api.deployment | DELETE | NONE |
| Update an API deployment | api.deployment | UPDATE | NONE |
| Add, update, or delete API policy rules | api.deployment_policies | ADD, UPDATE, DELETE | NONE |
| Add an API Key | api.key | ADD | NONE |
| Remove an API Key | api.key | DELETE | NONE |
| Update an API Key | api.key | UPDATE | NONE |
| Edit and save account properties | as.account.properties | SAVE | NONE |
| Add an account group | as.accountgroup | ADD | NONE |
| Delete an account group | as.accountgroup | DELETE | NONE |
| Add a cloud to an account group | as.accountgroup.resource | ADD | NONE |
| Delete a cloud from an account group | as.accountgroup.resource | DELETE | NONE |
| Add a connector to an account group | as.accountgroup.resource | ADD | NONE |
| Delete a connector from an account group | as.accountgroup.resource | DELETE | NONE |
| Add an integration pack to an account group | as.accountgroup.resource | ADD | NONE |
| Delete an integration pack from an account group | as.accountgroup.resource | DELETE | NONE |
| Add a published component to an account group | as.accountgroup.resource | ADD | NONE |
| Delete a published component from an account group | as.accountgroup.resource | DELETE | NONE |
| Add a role to an account group | as.accountgroup.resource | ADD | NONE |
| Delete a role from an account group | as.accountgroup.resource | DELETE | NONE |
| Add user to account group | as.accountgroup.user | ADD | NONE |
| Update user roles in account group | as.accountgroup.user | UPDATE | ROLE |
| Remove user from account group | as.accountgroup.user | DELETE | NONE |
| Add Basic Authentication user | api-basic_auth_user | ADD | NONE |
| Update Basic Authentication user | api-basic_auth_user | UPDATE | NONE |
| Delete Basic Authentication user | api-basic_auth_user | DELETE | NONE |
| Add Basic Authentication group | api-basic_auth_group | ADD | NONE |
| Update Basic Authentication group | api-basic_auth_group | UPDATE | NONE |
| Delete Basic Authentication group | api-basic_auth_group | DELETE | NONE |
| Add Basic Authentication role | api-basic_auth_role | ADD | NONE |
| Update Basic Authentication role | api-basic_auth_role | UPDATE | NONE |
| Delete Basic Authentication role | api-basic_auth_role | DELETE | NONE |
| Add a Runtime | as.atom | INSTALL | TOKEN or NONE |
| Add a Gateway | as.atom | INSTALL | TOKEN or NONE |
| Atom properties update | as.atom | UPDATE | MANUAL |
| Atom response to properties update request | as.atom | UPDATE | RESPONSE |
| Apply a pending Atom update | as.atom | UPDATE | NONE |
| Delete Atom | as.atom | DELETE | NONE |
| Delete node from the Runtime cluster or Runtime cloud cluster | as.atom | NODE_OFFBOARD | NONE |
| Edit Atom Counters | as.atom | UPDATE | MANUAL |
| forced Atom to appear online | as.atom | FORCE | ONLINE |
| Restart Atom | as.atom | RESTART | NONE |
| Pause listeners | as.atom | PAUSE | MANUAL |
| Resume listeners | as.atom | RESUME | MANUAL |
| Restart listeners | as.atom | START | MANUAL |
| Revert a Runtime update | as.atom | ROLLBACK | NONE |
| Uninstall the runtime, Runtime cluster, or Runtime cloud | as.atom | UNINSTALL | NONE |
| Retrieve disk space usage for a Runtime cloud attachment | as.atom.disk.space | NONE | NONE |
| Download a Runtime log, Worker log, or process run artifact | as.atom.log | DOWNLOAD | NONE |
| Download the Shared Web Server log | as.atom.log | DOWNLOAD | SHAREDWESERVERLOG |
| Attach packaged component to an environment Note: Attachment happens automatically the first time a packaged component for a given component is deployed to a given environment. Entries are not created for subsequent deployments to the same environment. For general deployment-related audit information, use the Deployed Package object. | as.atom.process | ATTACH | NONE |
| Undeploy packaged component from an environment Note: Captures the specific "Undeploy" action for a currently deployed packaged component. | as.atom.process | DETACH | NONE |
| Stop Worker | as.atom.process | ADD | RESPONSE |
| Edit and save Atom properties | as.atom.properties | SAVE | NONE |
| Start purge process using the Atom Purge object | as.atom.purge | NONE | NONE |
| Atom schedule update | as.atom.rc_schedule | SAVE | NONE |
| Delete Runtime cloud | as.cloud | DELETE | NONE |
| Create a private runtime cloud | as.cloud | CREATE | NONE |
| Update a private runtime cloud | as.cloud | UPDATE | NONE |
| Delete a private runtime cloud | as.cloud | DELETE | NONE |
| Update default cloud attachment properties for the runtime cloud cluster | as.cloud.log | UPDATE | MANUAL |
| Copy component | as.component | COPY | NONE |
| Delete component | as.component | DELETE | NONE |
| Apply a pending Connector update | as.connector | UPDATE | NONE |
| Rollback of connector update | as.connector | ROLLBACK | NONE |
| Download document — failure | as.document | DOWNLOAD | FAILURE |
| Download document — success | as.document | DOWNLOAD | SUCCESS |
| View document — failure | as.document | VIEW | FAILURE |
| View document — success | as.document | VIEW | SUCCESS |
| Attach Atom to environment | as.environment | ATTACH | NONE |
| Delete environment | as.environment | DELETE | NONE |
| Detach Atom from environment | as.environment | DETACH | NONE |
| Update environment name | as.environment | UPDATE | NAME |
| Update environment role | as.environment | UPDATE | ROLE |
| Edit and save Atom or environment extension values | as.extensions | EDIT | NONE |
| Edit and save integration pack extension values | as.extensions.process | EDIT | NONE |
| Edit and save forked execution properties | as.forkedexecution.properties | SAVE | NONE |
| Generate installer token | as.installer | ADD | NONE |
| Manual integration pack update | as.ipack | UPDATE | MANUAL |
| Roll back of Java version | as.java_upgrade | ROLLBACK | EQUALS |
| Upgrade Runtimes, Runtime clusters, or Runtime clouds, Authentication Brokers, and API Gateways to Boomi's latest supported version of Java | as.java_upgrade | UPDATE | NONE |
| Delete a packaged component version | as.packaged.component | DELETE | NONE |
| Restore a deleted version of a packaged component | as.packaged.component | RESTORE | NONE |
| Manually run the process | as.process.manual_execution | EXECUTE | MANUALNote: When a document is rerun, the modifier also shows the RERUN_s=true/false property. |
| Edit and save process properties | as.process.properties | SAVE | NONE |
| Manually run test process | as.process.test_execution | EXECUTE | MANUAL |
| Update schedule | as.schedules | UPDATE | NONE |
| Resume schedule | as.schedules | RESUME | ALL or SINGLE |
| Stop schedule | as.schedules | STOP | ALL or SINGLE |
| Add a tracked field | as.tracking | ADD | NONE |
| Modify a tracked field | as.tracking | UPDATE | NONE |
| Delete a tracked field | as.tracking | DELETE | NONE |
| Add a role | role | ADD | NONE |
| Remove a role | role | DELETE | NONE |
| Update a role | role | UPDATE | NONE |
| Add new user to account | user | ADD | NONE |
| Enable or disable two-factor authentication (user level) | user | UPDATE | AUTHENTICATION |
| Modify a user sign-in password | user | UPDATE | AUTHENTICATION |
| Modify an SSO User Federation ID | user | UPDATE | NONE |
| Remove user from account | user | DELETE | NONE |
| Accept Terms and Conditions | user | TC_ACCEPT | SUCCESS |
| Lock or unlock user | user | UPDATE | AUTHENTICATION |
| Update existing user role | user | UPDATE | ROLE |
| Update user email | user | UPDATE | |
| Enable or disable API Token (user level) | user.token | UPDATE | AUTHENTICATION |
| Enable or disable user API Token (admin level) | user.token | UPDATE | AUTHENTICATION |
| Generate API Token | user.token | ADD | AUTHENTICATION |
| Rename API Token | user.token | UPDATE | AUTHENTICATION |
| Revoke API Token | user.token | DELETE | AUTHENTICATION |
| Revoke API Tokens after removing a user from an account or an account group, removing an account from an account group, or deleting an account group | user.token | DELETE | AUTHENTICATION |
| Create a Runtime Release schedule for a runtime, Runtime cluster, or Runtime cloud | as.atom.rc_schedule | SAVE | NONE |
| Update a set Runtime Release schedule for a runtime, Runtime cluster, or Runtime cloud | as.atom.rc_schedule | SAVE | NONE |
| Delete a set Runtime Release schedule for a runtime, Runtime cluster, or Runtime cloud | as.atom.rc_schedule | SAVE | NONE |
| Refresh Secrets on runtime, Runtime cluster, or Runtime cloud | as.atom | EDIT | MANUAL |
Was this topic helpful?
