Activity Log Event Type Reference
The following tables describe the Activity Log event types and attributes.
Event type details
The following content describes each event type in Activity Log. Use the alphabetically sorted list of event types on the right, or ctrl/cmd-f to go directly to keywords you have in mind.
Note: Timestamps for events are recorded in ISO 8601 UTC.
Common attributes
The following table contains common attributes for all Activity Log events. For event-specific attributes, review the individual event tables.
Attribute Name | Type | Description |
---|---|---|
actorUserId | integer | ID of the user who performed the action that initiated the event |
actorUserLuid | string | LUID of the user who performed the action that initiated the event |
eventTime | string | Timestamp when the event occurred |
initiatingUserId | integer | ID of the initiating user. For impersonation, it's the ID of the administrative user who initiated impersonation. For standard login, the value is the same as userId . |
initiatingUserLuid | string | LUID of the initiating user. For impersonation, it's the LUID of the administrative user who initiated impersonation. For standard login, the value is the same as userLuid . |
licensingRoleName | string | Name of the user's licensing role when the event occurred |
serviceName | string | Name of service that initiated the event, such as vizportal, vizqlserver or sitesaml. |
siteLuid | string | LUID of the Tableau site where the event occurred |
siteRoleId | integer | The user's site role ID. The value 0 = SiteAdministratorExplorer, 1 = SupportUser, 2 = ExplorerCanPublish, 3 = Explorer, 7 = Guest, 8 = Unlicensed, 9 = Viewer, 10 = Creator, and 11 = SiteAdministratorCreator. |
systemAdminLevel | integer | Indicates if the user is a system administrator. The value 10 = System Admin and 0 = Not a system admin. |
add_delete_user_to_group
The add_delete_user_to_group
event is logged when a user is added or removed from a group.
Attribute Name | Type | Description |
---|---|---|
groupID | integer | The ID of the group |
groupLuid | string | The LUID of the group |
groupOperation | string | Group operation, either add or delete user to a group |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
userId | integer | The ID of the user |
userLuid | string | The LUID of the user |
background_job
The background_job
event logs information about jobs run as background tasks. For each job, an event is created to record its various states, including initiation time, queueing, start time and success or failure.
Attribute Name | Type | Description |
---|---|---|
args | string | Arguments of the job |
duration | long | Duration of the job |
eventInitiatedTime | string | Start time of the job |
eventState | string | State of the job |
isRunNow | bool | Indicates whether the job was initiated manually, by clicking the ‘Run Now’ option on the site or using REST API, or if it was triggered by a schedule. Note: Starting in April 2024, jobs triggered by a schedule ( |
jobId | integer | ID of the job |
jobLuid | string | LUID of the job |
jobType | string | Identifies the background job type associated with the event Note: Starting in April 2024, only the |
notes | string | Notes of the job |
objLuid | string | Some tasks are specific to a particular workbook or data source. In such cases, the object_luid is the primary key of the relevant item, in either the workbooks or data sources tables, as indicated by obj_type. |
objName | string | Name of the associated object. Used in conjunction with obj_luid, as described there. |
objOwnerLuid | string | A foreign key reference to the user who owns the job target object |
objOwnerName | string | Name of the user who owns the job target object |
objRepositoryUrl | string | Uniquely identifies a workbook or data source and is used when referencing the object in a URL. The value is derived from the ASCII characters in the workbook or data source name. |
objRevision | string | The revision number. Starts with 1.0 and increments by 0.1 with each republication. |
objSize | integer | The number of bytes used in storing the job target object information |
objType | string | Either a workbook or data source. Used in conjunction with obj_luid. |
podName | string | Name of the Tableau pod that handled the job |
projectLuid | string | A foreign key reference to the project in which the job target object exists |
projectName | string | Name of the project that contains the job target object |
projectOwnerEmail | string | Email address of the user who owns the project containing the job target object |
projectOwnerLuid | string | A foreign key reference to the user who owns the project containing the job target object |
scheduleLuid | string | Schedule LUID of the task; may be null if the job was manually started |
scheduleName | sring | Schedule name of the task; may be null if the job was manually started |
siteId | integer | ID of the site |
siteName | string | Name of the Tableau site |
taskId | integer | ID of the task; may be null if the job was manually started. |
taskLuid | string | LUID of the task; may be null if the job was manually started. |
timeZone | integer | Time zone of the job |
content_owner_change
The content_owner_change
event is logged when the content owner changes.
Attribute Name | Type | Description |
---|---|---|
contentId | integer | The ID of the content that had the owner changed |
contentLuid | string | LUID of the content that had the owner changed |
contentName | string | Name of the content that had the owner changed |
contentType | string | The type of content, such as data source, workbook or view |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
newOwnerId | integer | The ID of the new content owner |
newOwnerLuid | string | The LUID of the new content owner |
oldOwnerId | integer | The ID of the old content owner |
oldOwnerLuid | string | The LUID of the old content owner |
create_delete_group
The create_delete_group
event is logged when a group is created or deleted.
Attribute Name | Type | Description |
---|---|---|
groupDomain | string | The domain of the group, such as local |
groupID | integer | The ID of the group |
groupLuid | string | The LUID of the group |
groupName | string | The name of the group that had its permissions changed |
groupOperation | string | Group operation, either create or delete |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
create_permissions
The create_permissions
event is logged when a new explicit permission rule is created.
Note: Deprecated in October 2024. Use the set_permissions event instead.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
capabilityValue | string | Description of the capability |
contentId | integer | The ID of the content that had the permissions updated |
contentLuid | string | The LUID of the content item |
contentName | string | The name of the content that had the permissions updated |
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_all_permissions
The delete_all_permissions
event is logged when all explicit permission rules for content are deleted, typically when content is deleted.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
contentId | integer | The ID of the content that had the permissions updated |
contentLuid | string | The LUID of the content |
contentName | string | The name of the content that had the permissions updated |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_permissions
The delete_permissions
event is logged when an explicit permission rule is deleted on content.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
capabilityValue | string | Description of the capability |
contentId | integer | The ID of the content that had the permissions updated |
contentLuid | string | The LUID of the content |
contentName | string | The name of the content that had the permissions updated |
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
delete_permissions_grantee
The delete_permissions_grantee
event is logged when all explicit permission rules for a user are deleted, typically when the user is deleted.
Attribute Name | Type | Description |
---|---|---|
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
display_sheet_tabs
The display_sheet_tabs
event is logged when the "Tabbed Views" value is updated on a workbook.
Attribute Name | Type | Description |
---|---|---|
displayTabs | boolean | Indicates whether sheets of the workbook are displayed as tabs or not |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
workbookId | integer | The ID of the workbook |
move_content
The move_content
event is logged when content is moved, for example, moving a workbook between projects.
Attribute Name | Type | Description |
---|---|---|
contentId | integer | The ID of the content that had the owner changed |
contentLuid | string | LUID of the content that had the owner changed |
contentName | string | Name of the content that had the owner changed |
contentType | string | The type of content, such as data source, workbook or view |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
newContainerLuid | string | LUID of the new container |
newContainerType | string | The new container type, such as a project |
oldContainerLuid | string | LUID of the previous container |
oldContainerType | string | The previous container type, such as a project |
project_lock_unlock
The project_lock_unlock
event is logged when project permissions are locked or unlocked.
Attribute Name | Type | Description |
---|---|---|
controllingProjectLuid | string | LUID of the project that controls permissions for the nested project |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
projectLuid | string | LUID of the project |
projectOperation | string | Project operation, either lock or unlock |
The set_permissions
event is logged when an explicit permissions rule is created or updated for a content item.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as project or workbook |
capabilityId | integer | The ID of the capability. A capability is the ability to perform a certain action on a particular piece of content, such as view, filter, download or delete. |
capabilityValue | string | Description of the capability |
contentId | integer | The ID of the content that had the permissions set |
contentLuid | string | The LUID of the content item |
contentName | string | The name of the content that had the permissions set |
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
granteeValue | string | The set permissions value, such as “user allow” or “group allow” |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
permissionType | string | The permission type, either explicit or unspecified |
site_storage_usage
The site_storage_usage
event logs the total storage capacity of the site in bytes, the amount of storage used and the percentage of the total consumed. Administrators can use this data to proactively monitor storage consumption and take action before reaching the site's storage limit.
Attribute Name | Type | Description |
---|---|---|
actorUsername | string | Username of the user who performed the action that initiated the event |
initiatingUsername | string | Username of the initiating user |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
totalPercentageStorageQuotaUsed | float | Total percentage of storage usage |
totalStorageQuotaLimit | long | Total storage capacity in bytes |
totalStorageQuotaUsed | long | Total storage used in bytes |
update_permissions
The update_permissions
event is logged when an explicit permission rule is updated for a content item.
Note: Deprecated in October 2024. Use the set_permissions event instead.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
capabilityValue | string | Description of the capability |
contentId | integer | The ID of the content that had the permissions updated |
contentLuid | string | The LUID of the content |
contentName | string | The name of the content that had the permissions updated |
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
permissionType | string | The permission type, either explicit or unspecified |
update_permissions_template
The update_permissions_template
event is logged when a permission template for a project is updated.
Attribute Name | Type | Description |
---|---|---|
authorisableType | string | The type of content that had its permissions changed, such as a project or workbook |
capabilityId | integer | The ID of the capability. A capability is the ability to perform actions on content, such as view, filter, download or delete |
capabilityValue | string | Description of the capability |
contentId | integer | The ID of the content that had the permissions updated |
contentLuid | string | The LUID of the content |
contentName | string | The name of the content that had the permissions updated |
granteeId | integer | The ID of the grantee |
granteeLuid | string | The LUID of the grantee |
granteeType | string | The type of grantee, either user or group |
granteeValue | string | The updated permissions value, such as 'user allow' or 'group allow' |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
permissionType | string | The permission type, either explicit or unspecified |
templateType | string | The type of permission template used to change permissions, such as workbook or data source |
user_create_delete
The user_create_delete
event is logged when a user is created or deleted.
Attribute Name | Type | Description |
---|---|---|
forUserName | string | The name of the user whose account was either created, updated or deleted |
isError | boolean | Indicates if the audit scenario was completed successfully or failed with an error |
siteRole | string | Site role of the user. Determines the maximum level of access a user can have on the site |
targetUserId | integer | The ID of the user whose account was either created, updated or deleted |
targetUserLuid | string | The LUID of the user whose account was either created, updated or deleted |
userOperation | string | The action performed on a user, either create, delete or site role change |