Audit Permissions Using the Activity Log
Permission auditing allows system administrators to monitor which users have modified access controls to Tableau content. There are two ways to modify access control: explicit changes (by changing permission capabilities on a project or content item) and effective changes (by changing user site roles, group membership, moving content, and so on). All of these changes are recorded, so administrators can certify that security and access controls are maintained.
For more information about how permission rules are evaluated, see Effective permissions.
Every action that modifies user or group access to content will get a log entry. Each log entry is structured in a JSON format, with specific keys representing different pieces of information. A log entry contains two parts:
Metadata: Contains information about when and where an action occurred and what user performed the action.
Action: Contains information about what piece of content had its permissions changed, what capabilities were changed, and to what values the capabilities were changed.
Note: Activity Log records changes made through the Permissions Dialog UI and REST API. For more information about API methods, see Permissions Methods(Link opens in a new window).
The Activity Log entries are not formatted, and the keys are not sorted in any particular order in the logs. When auditing permissions, you can combine Activity Log data with other data sources
The following is an example log entry showing a group was allowed to connect to a data source.
contentName: “Superstore ExtractNeal3”
comment: “Update Permissions”
The log entry captures essential information regarding the event, including:
eventTypeshows an update permissions event occurred
permissionTypeshows an explicit change to permissions
contentIdshows the ID of the content that was modified
authorizableTypeshows the content type, in this case, a data source
capabilityValueshows the capability that was changed
granteeIdshows the grantee that was affected
actorUserIdshows the ID of the user who performed the change
eventTimeshows the date and time of the change
Log entries contain various event types for permissions changes. The following table lists each event type and when they’re recorded. For more information about event types and their attributes, see Activity Log Event Type Reference.
|add_delete_user_to_group||Logged when a user is added or removed from a group|
|content_owner_change||Logged when the content owner changes|
|create_delete_group||Logged when a group is created or deleted|
|create_permissions||Logged when a new explicit permission rule is created|
|delete_all_permissions||Logged when all explicit permission rules for content are deleted, typically when content is deleted|
|delete_permissions_grantee||Logged when all explicit permission rules for a user are deleted, typically when the user is deleted|
|delete_permissions||Logged when an explicit permission rule is deleted on content|
|display_sheet_tabs||Logged when the "Tabbed Views" value is updated on a workbook|
|move_content||Logged when content is moved|
|project_lock_unlock||Logged when project permissions are locked or unlocked|
|update_permissions||Logged when an explicit permission rule is updated for a content item|
|update_permissions_template||Logged when a permission template for a project is updated|
|user_create_delete||Logged when a user is created or deleted|