Activity Log Site Event Type Reference
This topic describes the Activity Log site event types and attributes.
Event type details
The following content describes site event types and attributes in Activity Log. Use the alphabetically sorted list of event types on the right, or ctrl/cmd-f to go directly to keywords you have in mind.
Note: Timestamps for events are recorded in ISO 8601 UTC.
Common attributes
The table contains common attributes for all Activity Log site events. For event-specific attributes, review the individual event tables in this topic.
| Attribute Name | Type | Description |
|---|---|---|
| actorUserId | integer | ID of the user who performed the action that initiated the event |
| actorUserLuid | string | LUID of the user who performed the action that initiated the event |
| eventOutcome | string | Represents the final outcome of the operation. Possible values are:
|
| eventOutcomeReason | string | Provides additional details about the event outcome |
| eventTime | string | Timestamp when the event occurred |
| initiatingUserId | integer | ID of the initiating user. For impersonation, it's the ID of the administrative user who initiated impersonation. For standard login, the value is the same as userId. |
| initiatingUserLuid | string | LUID of the initiating user. For impersonation, it's the LUID of the administrative user who initiated impersonation. For standard login, the value is the same as userLuid. |
| licensingRoleName | string | Name of the user's licensing role when the event occurred |
| serviceName | string | Name of service that initiated the event, such as vizportal, vizqlserver or sitesaml. |
| siteLuid | string | LUID of the Tableau site where the event occurred |
| siteRoleId | integer | The user's site role ID. The value 0 = SiteAdministratorExplorer, 1 = SupportUser, 2 = ExplorerCanPublish, 3 = Explorer, 7 = Guest, 8 = Unlicensed, 9 = Viewer, 10 = Creator, and 11 = SiteAdministratorCreator. |
| systemAdminLevel | integer | Indicates if the user is a system administrator. The value 10 = System Admin and 0 = Not a system admin. |
add_delete_user_to_group
The add_delete_user_to_group event is logged when a user is added or removed from a group.
| Attribute Name | Type | Description |
|---|---|---|
| groupID | integer | The ID of the group |
| groupLuid | string | The LUID of the group |
| groupOperation | string | Group operation, either add or delete user to a group |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| userId | integer | The ID of the user |
| userLuid | string | The LUID of the user |
content_owner_change
The content_owner_change event is logged when the content owner changes.
| Attribute Name | Type | Description |
|---|---|---|
| contentId | integer | The ID of the content that had the owner changed |
| contentLuid | string | LUID of the content that had the owner changed |
| contentName | string | Name of the content that had the owner changed |
| contentType | string | The type of content, such as data source, workbook or view |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| newOwnerId | integer | The ID of the new content owner |
| newOwnerLuid | string | The LUID of the new content owner |
| oldOwnerId | integer | The ID of the old content owner |
| oldOwnerLuid | string | The LUID of the old content owner |
create_delete_group
The create_delete_group event is logged when a group is created or deleted.
| Attribute Name | Type | Description |
|---|---|---|
| groupDomain | string | The domain of the group, such as local |
| groupID | integer | The ID of the group |
| groupLuid | string | The LUID of the group |
| groupName | string | The name of the group that had its permissions changed |
| groupOperation | string | Group operation, either create or delete |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
create_permissions
The create_permissions event is logged when a new explicit permission rule is created.
Note: Deprecated in October 2024. Use the set_permissions event instead.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
| capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
| capabilityValue | string | Description of the capability |
| contentId | integer | The ID of the content that had the permissions updated |
| contentLuid | string | The LUID of the content item |
| contentName | string | The name of the content that had the permissions updated |
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_all_permissions
The delete_all_permissions event is logged when all explicit permission rules for content are deleted, typically when content is deleted.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
| contentId | integer | The ID of the content that had the permissions updated |
| contentLuid | string | The LUID of the content |
| contentName | string | The name of the content that had the permissions updated |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_permissions
The delete_permissions event is logged when an explicit permission rule is deleted on content.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
| capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
| capabilityValue | string | Description of the capability |
| contentId | integer | The ID of the content that had the permissions updated |
| contentLuid | string | The LUID of the content |
| contentName | string | The name of the content that had the permissions updated |
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_permissions_grantee
The delete_permissions_grantee event is logged when all explicit permission rules for a user are deleted, typically when the user is deleted.
| Attribute Name | Type | Description |
|---|---|---|
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
display_sheet_tabs
The display_sheet_tabs event is logged when the "Tabbed Views" value is updated on a workbook.
| Attribute Name | Type | Description |
|---|---|---|
| displayTabs | boolean | Indicates whether sheets of the workbook are displayed as tabs or not |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| workbookId | integer | The ID of the workbook |
move_content
The move_content event is logged when content is moved, for example, moving a workbook between projects.
| Attribute Name | Type | Description |
|---|---|---|
| contentId | integer | The ID of the content that had the owner changed |
| contentLuid | string | LUID of the content that had the owner changed |
| contentName | string | Name of the content that had the owner changed |
| contentType | string | The type of content, such as data source, workbook or view |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| newContainerLuid | string | LUID of the new container |
| newContainerType | string | The new container type, such as a project |
| oldContainerLuid | string | LUID of the previous container |
| oldContainerType | string | The previous container type, such as a project |
project_lock_unlock
The project_lock_unlock event is logged when project permissions are locked or unlocked.
| Attribute Name | Type | Description |
|---|---|---|
| controllingProjectLuid | string | LUID of the project that controls permissions for the nested project |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| projectLuid | string | LUID of the project |
| projectOperation | string | Project operation, either lock or unlock |
The set_permissions event is logged when an explicit permissions rule is created or updated for a content item.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as project or workbook |
| capabilityId | integer | The ID of the capability. A capability is the ability to perform a certain action on a particular piece of content, such as view, filter, download or delete. |
| capabilityValue | string | Description of the capability |
| contentId | integer | The ID of the content that had the permissions set |
| contentLuid | string | The LUID of the content item |
| contentName | string | The name of the content that had the permissions set |
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| granteeValue | string | The set permissions value, such as “user allow” or “group allow” |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| permissionType | string | The permission type, either explicit or unspecified |
site_storage_usage
The site_storage_usage event logs the total storage capacity of the site in bytes, the amount of storage used and the percentage of the total consumed. Administrators can use this data to proactively monitor storage consumption and take action before reaching the site's storage limit.
| Attribute Name | Type | Description |
|---|---|---|
| actorUsername | string | Username of the user who performed the action that initiated the event |
| initiatingUsername | string | Username of the initiating user |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| totalPercentageStorageQuotaUsed | float | Total percentage of storage usage |
| totalStorageQuotaLimit | long | Total storage capacity in bytes |
| totalStorageQuotaUsed | long | Total storage used in bytes |
update_permissions
The update_permissions event is logged when an explicit permission rule is updated for a content item.
Note: Deprecated in October 2024. Use the set_permissions event instead.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
| capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
| capabilityValue | string | Description of the capability |
| contentId | integer | The ID of the content that had the permissions updated |
| contentLuid | string | The LUID of the content |
| contentName | string | The name of the content that had the permissions updated |
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| permissionType | string | The permission type, either explicit or unspecified |
update_permissions_template
The update_permissions_template event is logged when a permission template for a project is updated.
| Attribute Name | Type | Description |
|---|---|---|
| authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
| capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
| capabilityValue | string | Description of the capability |
| contentId | integer | The ID of the content that had the permissions updated |
| contentLuid | string | The LUID of the content |
| contentName | string | The name of the content that had the permissions updated |
| granteeId | integer | The ID of the grantee |
| granteeLuid | string | The LUID of the grantee |
| granteeType | string | The type of grantee, either user or group |
| granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| permissionType | string | The permission type, either explicit or unspecified |
| templateType | string | The type of permission template used to change permissions, such as workbook or data source |
user_create_delete
The user_create_delete event is logged when a user is created or deleted.
| Attribute Name | Type | Description |
|---|---|---|
| forUserName | string | The name of the user whose account was either created, updated or deleted |
| isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
| siteRole | string | Site role of the user. Determines the maximum level of access a user can have on the site |
| targetUserId | integer | The ID of the user whose account was either created, updated or deleted |
| targetUserLuid | string | The LUID of the user whose account was either created, updated or deleted |
| userOperation | string | The action performed on a user, either create, delete or site role change |