Activity Log Tenant Event Type Reference
This topic describes the Activity Log tenant event types and attributes. For information about site events, see Activity Log Site Event Type Reference.
Event type details
The following content describes tenant event types and attributes in the Activity Log. Use the alphabetically sorted list of event types on the right, or ctrl/cmd-f to go directly to keywords you have in mind.
Note: Timestamps for events are recorded in ISO 8601 UTC.
The table contains common attributes for all Activity Log tenant events. For event-specific attributes, review the individual event tables in this topic.
| Attribute Name | Type | Description |
|---|---|---|
| eventOutcome | string | Represents the final outcome of the operation. Possible values are:
|
| eventOutcomeReason | string | Provides additional details about the event outcome |
| eventTime | string | Timestamp when the event occurred |
| initiatingSessionId | string | ID of user's session which initiated the operation |
| initiatingUrl | string | URL associated with the request that initiated the operation, such as the URL of a REST API endpoint that was invoked. |
| initiatingUserAgent | string | User-Agent HTTP header associated with the request that initiated the operation |
| initiatingUserDisplayName | string | Display name of the user who initiated the operation |
| initiatingUserEmail | string | Email address of the user who initiated the operation |
| initiatingUserIpAddress | string | Remote client IP address of the request that initiated the operation. Either a valid IPv4 or IPv6 address. |
| initiatingUserId | string | ID of the user who initiated the operation |
| initiatingUserRole | string | Role or privilege level that allowed the initiating user to perform the operation |
| podUri | string | Uniform Resource Identifier (URI) of pod where the operation occurred |
| siteId | string | ID of site where the operation occurred |
| siteName | string | Name of site where the operation occurred |
| siteUri | string | Uniform Resource Identifier (URI) of site where the operation occurred |
| tenantId | string | ID of tenant where the operation occurred |
| tenantName | string | Name of tenant where the operation occurred |
| tenantUri | string | Uniform Resource Identifier (URI) of tenant where the operation occurred |
| traceUuid | string | Auto-generated UUID identical across all the events in a batch, such as multiple permissions changed by a single user action. |
batch_revoke_personal_access_token
The batch_revoke_personal_access_token event occurs when a tenant is suspended or deleted, or a user is removed.
| Attribute Name | Type | Description |
|---|---|---|
| patUserId | string | ID of the user whose PATs were revoked. Not included if PATs were revoked for the entire tenant. |
batch_revoke_session
The batch_revoke_sessions event occurs when all sessions associated with a tenant or user are revoked.
| Attribute Name | Type | Description |
|---|---|---|
| sessionUserId | string | ID of the user whose sessions were revoked. Not included if sessions were revoked for the entire tenant. |
create_or_update_oidc_config
The create_or_update_oidc_config event occurs when the OIDC configuration is changed.
| Attribute Name | Type | Description |
|---|---|---|
| isSecretUpdated | bool | Indicates whether the secret has been updated. The actual secret value isn't recorded. This attribute helps admins track changes in their organisation, such as those affecting system functionality or ensuring scheduled secret rotations are carried out properly. |
| newSettingsValue | string | New OIDC configuration settings |
| oldSettingsValue | string | Previous OIDC configuration settings |
| resourceId | string | Resource ID of an OIDC configuration |
create_or_update_saml_config
The create_or_update_saml_config event occurs when the SAML configuration is changed.
| Attribute Name | Type | Description |
|---|---|---|
| newSettingsValue | string | New SAML configuration settings |
| oldSettingsValue | string | Previous SAML configuration settings |
| resourceId | string | Resource ID of a SAML configuration |
create_personal_access_token
The create_personal_access_token event occurs when a personal access token (PAT) is generated.
| Attribute Name | Type | Description |
|---|---|---|
| expiresAt | string | Timestamp when the PAT expires. Not included if the creation attempt failed. |
| tokenId | string | ID of the PAT created. Not included if the creation attempt failed. |
| tokenName | string | Name of the PAT |
create_private_connection
The create_private_connection event occurs when a private connection is created in a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| description | string | Description of the private connection created |
| endpointServiceName | string | Endpoint service name of the private connection created |
| name | string | Name of the private connection created |
| privateConnectionId | string | ID of the private connection created |
| region | string | AWS Region where the private connection is created |
create_site
The create_site event occurs when a site is created in a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
create_tenant
The create_tenant event occurs when a tenant is created.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
create_user
The create_user event occurs when a new user is created in a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| string | Email of the user added to the tenant | |
| language | string | Language code of the user added to the tenant |
| locale | string | Locale code of the user added to the tenant |
| userId | string | Unique identifier of the user added to the tenant |
| userName | string | Username of the user added to the tenant |
delete_oidc_config
The delete_oidc_config event occurs when the OIDC configuration is deleted.
| Attribute Name | Type | Description |
|---|---|---|
| idpConfigurationId | string | ID of the IdP configuration |
| idpConfigurationName | string | Name of the IdP configuration |
| resourceId | string | Resource ID of the OIDC configuration |
delete_private_connection
The delete_private_connection event occurs when a private connection is deleted in a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| privateConnectionId | string | ID of the deleted private connection |
delete_saml_config
The delete_saml_config event occurs when the SAML configuration is deleted.
| Attribute Name | Type | Description |
|---|---|---|
| idpConfigurationId | string | ID of the IdP configuration |
| idpConfigurationName | string | Name of the IdP configuration |
| resourceId | string | Resource ID of the SAML configuration |
delete_site
The delete_site event occurs when a site is deleted from a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
delete_tenant
The delete_tenant event occurs when a tenant is deleted.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
delete_user
The delete_user event occurs when a user is deleted from a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| string | Email of the user removed | |
| userId | string | ID of the user removed |
| userName | string | Username of the user removed |
get_sites
The get_sites event occurs when a list of sites under a tenant is requested.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
get_users
The get_user event occurs when a list of users within a tenant or site is requested.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
list_personal_access_tokens
The list_personal_access_tokens event occurs when all valid personal access tokens (PATs) in Tableau Cloud Manager (TCM) are requested.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
merge_tenant
The merge_tenant event occurs when a Tableau Cloud Manager tenant is merged into another tenant. This consolidation allows cloud admins to manage all sites under one tenant and benefit from unified governance.
| Attribute Name | Type | Description |
|---|---|---|
| sourceTenantId | string | ID of source tenant in the merge operation |
| sourceTenantName | string | Name of the source tenant in the merge operation |
| sourceTenantUri | string | Uniform Resource Identifier (URI) of the source tenant in the merge operation |
migrate_site
The migrate_site event occurs when a site is migrated to a tenant.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
personal_access_token_login
The personal_access_token_login event occurs when a personal access token (PAT) is used to sign in to Tableau Cloud Manager.
| Attribute Name | Type | Description |
|---|---|---|
| newSessionId | string | ID of the session created by this login request. Not included if the login failed. |
| tokenId | string | ID of the PAT used to log in |
| tokenName | string | Name of the PAT |
reactivate_site
The reactivate_site event occurs when a site in a tenant is reactivated.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
revoke_personal_access_token
The revoke_personal_access_token event occurs when a personal access token (PAT) is revoked in Tableau Cloud Manager.
| Attribute Name | Type | Description |
|---|---|---|
| tokenId | string | ID of the PAT revoked |
| tokenName | string | Name of the PAT |
revoke_session
The revoke_session event occurs when a user is logged out due to a revoked session, such as a user explicitly logging out or the session expiring.
| Attribute Name | Type | Description |
|---|---|---|
| This event only uses common attributes. For more information, see the Common attributes section in this topic. | ||
site_limits_change
The site_limits_change event occurs when site-level licence capacity limits for site roles (Creator, Explorer or Viewer) are changed.
| Attribute Name | Type | Description |
|---|---|---|
| newCreatorCapacity | integer | New value for the Creator site role limit. Not included if the new limit is the default cloud limit. |
| newCreatorCapacityIsDefaultCloudLimit | bool | New Creator limit was set to the default cloud limit |
| newExplorerCapacity | integer | New value for the Explorer site role limit. Not included if the new limit is the default cloud limit. |
| newExplorerCapacityIsDefaultCloudLimit | bool | New Explorer limit is set to the default cloud limit |
| newViewerCapacity | integer | New value for the Viewer site role limit. Not included if the new limit is the default cloud limit. |
| newViewerCapacityIsDefaultCloudLimit | bool | New Viewer limit is set to the default cloud limit |
| oldCreatorCapacity | integer | Previous value for the Creator site role limit. Not included if the previous limit was the default cloud limit. |
| oldCreatorCapacityIsDefaultCloudLimit | bool | Previous Creator limit was set to the default cloud limit |
| oldExplorerCapacity | integer | Previous value for the Explorer site role limit. Not included if the previous limit was the default cloud limit. |
| oldExplorerCapacityIsDefaultCloudLimit | bool | Previous Explorer limit was set to the default cloud limit |
| oldViewerCapacity | integer | Previous value for the Viewer site role limit. Not included if the previous limit was the default cloud limit. |
| oldViewerCapacityIsDefaultCloudLimit | bool | Previous Viewer limit was set to the default cloud limit |
suspend_site
The suspend_site event occurs when a site in a tenant is suspended.
| Attribute Name | Type | Description |
|---|---|---|
| suspensionSource | string | Source for the site suspension |
tcm_activity_log_access
The tcm_activity_log_access event occurs when Tableau Cloud Manager (TCM) Activity Log data is accessed.
| Attribute Name | Type | Description |
|---|---|---|
| eventProcessedTimeEnd | string | End time (based on the events' processed timestamp) of the data accessed. If not included, assume all available data was accessed. |
| eventProcessedTimeStart | string | Start time (based on the events' processed timestamp) of the data accessed. If not included, assume all available data was accessed. |
| eventTypeAccessed | string | Type of events accessed. If not included, assume all available data was accessed. |
update_personal_access_token
The update_personal_access_token event occurs when a personal access token (PAT) is updated.
| Attribute Name | Type | Description |
|---|---|---|
| expiresAt | string | Timestamp when the PAT expires |
| tokenId | string | ID of the PAT created. Not included if the creation attempt failed. |
| tokenName | string | Name of the PAT |
update_private_connection
The update_private_connection event occurs when a private connection is updated.
| Attribute Name | Type | Description |
|---|---|---|
| newDescription | string | Description of private connection after update |
| newSiteIds | string | Comma-separated list of site IDs, representing the private connection after the update. |
| oldDescription | string | Description of private connection before update |
| oldSiteIds | string | Comma-separated list of site IDs, representing the private connection before the update. |
| privateConnectionId | string | ID of the updated private connection |
update_session
The update_session event occurs when the expiry time of a session is updated.
| Attribute Name | Type | Description |
|---|---|---|
| expiresAt | string | New expiry time of the session |
update_tenant
The update_tenant event occurs when the tenant name or status is updated.
| Attribute Name | Type | Description |
|---|---|---|
| newStatus | string | Tenant status after the update |
| newTenantName | string | Tenant name after the update |
| newTenantOrg62Id | string | Tenant Org62 ID after the update |
| newTenantUri | string | Tenant Uniform Resource Identifier (URI) after the update |
| oldStatus | string | Tenant status before the update |
| oldTenantOrg62Id | string | Tenant Org62 ID before the update |
update_user
The update_user event occurs when an existing user in the tenant is updated.
| Attribute Name | Type | Description |
|---|---|---|
| newEmail | string | New email of the user |
| newLanguage | string | New language code of the user |
| newLocale | string | New locale code of the user |
| oldEmail | string | Previous email of the user |
| oldLanguage | string | Previous language code of the user |
| oldLocale | string | Previous locale code of the user |
| userId | string | Unique ID of the user added |
| userName | string | Username of the user added to the tenant |
update_user_site_role
The update_user_site_role event occurs when a user’s access to a site is updated, either by adding, changing or removing their site role.
| Attribute Name | Type | Description |
|---|---|---|
| string | Email of the user added to the tenant | |
| newIdp | string | New authentication method assigned to the site user, or null if the user is being removed from the site. |
| newRole | string | New role of the user on the site, or null if the user is being removed from the site. |
| oldIdp | string | Previous authentication method assigned to the site user, or null if the user didn't previously have a role on the site. |
| oldRole | string | Previous role of the user on the site, or null if the user didn’t previously have a role on the site. |
| userId | string | The unique identifier of the user |
| userName | string | Username of the user added to the site |
update_user_tenant_role
The update_user_tenant_role event occurs when a user’s access to a tenant is updated by adding, changing or removing the cloud administrator role.
| Attribute Name | Type | Description |
|---|---|---|
| string | Email of the user added to the tenant | |
| newIdp | string | New authentication method assigned to the tenant user, or null if the user is being removed from the tenant. |
| newRole | string | New role of the user on the tenant, or null if the user is being removed from the tenant. |
| oldIdp | string | Previous authentication method assigned to the tenant user, or null if the user didn't previously have a role on the tenant. |
| oldRole | string | Previous role of the user on the tenant, or null if the user didn’t previously have a role on the tenant. |
| userId | string | The unique identifier of the user |
| userName | string | Username of the user added to the tenant |
user_login_create_session
The user_login_create_session event occurs when a user signs in to Tableau Cloud Manager (TCM) through the sign-in page or other interactive login.
| Attribute Name | Type | Description |
|---|---|---|
| expiresAt | string | Timestamp when the session expires. Not included if the creation attempt failed. |
| idpId | string | ID of the IdP, indicating how the user is authenticated. |
| idpName | string | Name of the IdP, indicating how the user is authenticated. |
| newSessionId | string | New ID of the session key. Not included if the creation attempt failed. |