Audit logs

更新时间:
复制 MD 格式

Use audit logs to track who logged in, accessed resources, performed operations, or changed permissions across your organization.

Prerequisites

Before you begin, confirm the following:

  • Audit logs are only available in the Advanced Edition and Professional Edition.

  • You must be an organization administrator, or have a custom role that includes Intelligent O&M permissions.

  • Each log category displays a maximum of 10,000 entries.

  • Retention periods vary by log category:

    • Login: 30 days

    • Access: 30 days

    • Operation: 90 days

    • Permission: 1 year

Access the audit log page

image

Log categories and filters

The audit log page has four tabs: Login, Access, Operation, and Permission. Each tab lists log entries matching your filter criteria. Every entry identifies the operator—the user who triggered the event.

To answer questions like "Who exported this dataset?" or "Who changed permissions on this dashboard?", apply filters in the relevant tab and export results as an Excel file. For the full list of supported operation types, refer to the Operation Type Mapping Table.xlsx.

Login

The Login tab records login-related activity across your organization. Each entry includes the operation time, account name, nickname, login type, user IP, and user ID.

Note

Login-related logs are retained for 30 days, and a maximum of 10,000 entries are displayed.

image

Use the following filters to find specific entries:

  • Date range: The time period for the logs. Quick-select Yesterday, Last 7 Days, or This Month.

  • Operator: The nickname of the user who initiated the action. Select from the drop-down list or enter a custom value.

  • Login type: The type of login action. Select All, log out, or log in.

    Note

    If a user attempts to access a page without the required permissions, an unauthorized access record appears in the Operation tab instead.

    image..png

Access

The Access tab records access-related activity across your organization. Each entry includes the operation time, resource name, resource type, workspace, operator's account name, access device, access source, access account, and access type.

Note

Access-related logs are retained for 30 days, and a maximum of 10,000 entries are displayed.

image

Use the following filters to find specific entries:

  • Date range: The time period for the logs. Quick-select Yesterday, Last 7 Days, or This Month.

  • Operator: The nickname of the user who initiated the action. Select from the drop-down list or enter a custom value.

  • Access type: The type of access. Select All, data export, Download, or View.

  • Workspace: The workspace where the action occurred. Select any workspace in your organization.

  • Resource type: The affected resource type. Select data portal, dashboard, large screen dashboard, spreadsheet, ad-hoc analysis, self-service query, data preparation, data entry, dataset, or data source.

  • Access device: The client used for the action. Select mobile client or PC client.

  • Access source: The method used to access the resource. Select Normal Access, embedded report, public report, or Embedded Card.

Operation

The Operation tab records operation-related activity across your organization. Each entry includes the operation time, workspace, resource type, resource name, account, operator, and operation type.

Note

Operation-related logs are retained for 90 days, and a maximum of 10,000 entries are displayed.

image

Use the following filters to find specific entries:

  • Date range: The time period for the logs. Quick-select Yesterday, Last 7 Days, or This Month.

  • Operator: The nickname of the user who initiated the action. Select from the drop-down list or enter a custom value.

  • Operation type: The type of operation performed. Select Add, Delete, Modify, Publish Report, Save Report, Unpublish Resource, or Other.

  • Workspace: The workspace where the action occurred. Select any workspace in your organization.

  • Resource type: The affected resource type. Select data portal, dashboard, large screen dashboard, spreadsheet, ad-hoc analysis, self-service query, data preparation, data entry, dataset, or data source.

Permission

The Permission tab records permission-related activity across your organization. Each entry includes the operation time, workspace, resource type, resource name, account, operator, operation type, impact type, and affected object.

Note

Permission-related logs are retained for 1 year, and a maximum of 10,000 entries are displayed.

image

Use the following filters to find specific entries:

  • Date range: The time period for the logs. Quick-select Yesterday, Last 7 Days, or This Month.

  • Operator: The nickname of the user who initiated the action. Select from the drop-down list or enter a custom value.

  • Permission type: The type of permission operation. Select grant permission, Modify Authorization, revoke permission, Make Public, Unpublish, or Other.

  • Workspace: The workspace where the action occurred. Select any workspace in your organization.

  • Resource type: The affected resource type. Select data portal, dashboard, large screen dashboard, spreadsheet, ad-hoc analysis, self-service query, data preparation, data entry, dataset, or data source.