Audit log events and metadata (Beta)

🚩

This information is part of a premium beta feature that’s subject to quick, iterative changes. As a result, the latest product version may differ from the contents of this document.

The Sigma Audit Log is a connection that provides metadata related to user-initiated events that occur within your Sigma organization.

This document details audit log event categories, event types, and entry metadata. For more information about audit logging with Sigma, see the following:

Documentation memo

This document references the audit log with its default column settings and connection configurations. If settings and configurations were customized by an Admin user, column visibility and naming in your audit log may differ.

To confirm column visibility and identify the default columns defined in this document, refer to the Column tab in your audit log. If necessary, you can cross-reference your audit log's custom β€œfriendly names” with cloud data warehouse (CDW) or database management system (DBMS) column IDs provided in the event metadata tables throughout this document.

Event categories

The audit log records user events in the following categories:

ACCESS_SIGMA
User access and interactions with passwords
USER_ACCOUNT
Admin interactions with member accounts and user invitations in the Administration > People page and Administration > Account Types page
ACCOUNT_TYPE
Admin interactions with account type configurations and member assignments in the Administration > Account Types page
TEAM
Admin interactions with team settings and member assignments in the Administration > Teams page
CONNECTION
Admin interactions with database connection configurations in the Administration > Connections page
OBJECT_INTERACTION
User interactions with workbooks, datasets, and workspaces

Event types and metadata

Base entry metadata (all entries)

All audit entriesβ€”regardless of event category or typeβ€”include the following base metadata:

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Organization IdORGANIZATION_IDUUID associated with your Sigma instance
Sigma UrlSIGMA_URLURL of the application page where the event request occurred
Request timeREQUEST_TIMEDate and time of the event request in UTC
Request IdREQUEST_IDUUID associated with the event request
Schema VersionSCHEMA_VERSIONDatabase schema model version
Cloud ProviderCLOUD_PROVIDERCloud service provider for your Sigma instance
User IdUSER_IDSystem-generated ID associated with the user account responsible for the event request
User IdUSER_EMAILEmail assigned to the user account responsible for the event request
User IpUSER_IPIP address associated with the device on which the event request occurred
User AgentUSER_AGENTSoftware and browser details associated with the event request
Event CategoryEVENT_CATEGORYEvent request category (primary event classification)
Event TypeEVENT_TYPEEvent request type (secondary event classification)
Event StatusEVENT_STATUSEvent response status
Event Status Reason CodeEVENT_STATUS_REASON_CODE

Reason code for the event response


Provided for select events when Event Status = SUCCESS, and provided for all events when Event Status = FAILURE

User access entries

User access entries (Event Category column = ACCESS_SIGMA) record events related to user access and interactions with passwords. An entry’s Event Type and Auth Type depend on the authentication method and 2-factor authentication (2FA) requirement configured in the Admin > Authentication page.

User access events

Event typeEvent status and entry triggersAdditional metadata columns
NEW_USER_SIGNUP
SUCCESS
New user registration submitted through page linked in user invite email β†’ successful login
FAILURE
New user registration submitted through page linked in user invite email β†’ failed login
Failed logins using SAML or OAuth may be logged as the LOGIN event type
Auth Type =
PasswordLogin
SamlLogin
OAuthLogin
LOGIN
SUCCESS
Valid email and password entered in sign-in page β†’ successful login
Applicable when password authentication is enabled and 2FA is disabled
FAILURE
Invalid email or password entered in sign-in page β†’ failed login
Applicable when password authentication is enabled and 2FA is enabled or disabled
Auth Type =
PasswordLogin
LOGIN
SUCCESS
Valid email and password entered in sign-in page β†’ 2FA email successfully sent
Applicable when password authentication and 2FA are both enabled
Auth Type =
PasswordLoginMfaTriggered
LOGIN
SUCCESS
2FA code entered and verified β†’ successful login
Applicable when password authentication and 2FA are both enabled
FAILURE
2FA code entered but not verified β†’ failed login
Applicable when password authentication and 2FA are both enabled
Auth Type =
PasswordLoginMfaVerify
LOGIN
SUCCESS
Successful SAML authentication or OAuth authorization β†’ successful login
Applicable when SAML or OAuth is enabled
FAILURE
Failed SAML authentication or OAuth authorization β†’ failed login
Applicable when SAML or OAuth is enabled
Auth Type =
SamlLogin
OAuthLogin
LOGOUT
SUCCESS
Sign out selected in user menu β†’ successful logout
Auth Type =
Logout
PASSWORD_RESET
SUCCESS
Successful password reset request using Forgot Password feature in sign-in page

FAILURE
Failed password reset request using Forgot Password feature in sign-in page β†’ password reset email failed to send
Auth Type =
PasswordResetRequest
PASSWORD_RESET
SUCCESS
New password submitted through page linked in password reset email β†’ successful password reset
FAILURE
New password submitted through page linked in password reset email β†’ failed password reset
Auth Type =
PasswordReset
PASSWORD_UPDATE
SUCCESS
New password submitted through Change Password modal in Your Profile > Details page β†’ successful password update
FAILURE
New password submitted through Change Password modal in Your Profile > Details page β†’ failed password update
Auth Type =
PasswordUpdate

User access metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Auth TypeAUTH_TYPEType of authentication or authorization request associated with the event

User account entries

User account entries (Event Category column = USER_ACCOUNTS) record events related to admin interactions with member accounts and user invitations in the Administration > People and Administration > Account Types page.

User account events

Event typeEvent status and entry triggersAdditional metadata columns
USER_INVITE_SENT
SUCCESS
New user invite submitted through Invite People to Use Sigma modal in Administration > People page β†’ invite email successfully sent
FAILURE
New user invite submitted through Invite People to Use Sigma modal in Administration > People page β†’ invite email failed to send

Target User Emails

Account Type ID

User Kind

USER_INVITE_RESENT
SUCCESS
Resend Invite selected in user action menu () in Administration > People > Pending Invitations tab β†’ invite email successfully resent
FAILURE
Resend Invite selected in user action menu () in Administration > People > Pending Invitations tab β†’ invite email failed to resend
Target User Emails
USER_INVITE_REVOKED
SUCCESS
Revoke Invite selected in user action menu () in Administration > People > Pending Invitations tab β†’ successful user invite expiration
FAILURE
Revoke Invite selected in user action menu () in Administration > People > Pending Invitations tab β†’ failed user invite expiration
Target User Emails
USER_UPDATED
SUCCESS
User member type or account type edited in Administration > People > {user_name} page β†’ successful user update
Reassign account type selected in user action menu () in Administration > People page β†’ account type reassignment confirmed in modal β†’ successful user update
Reassign account type () function selected with bulk user selection in Administration > People page β†’ account type reassignment confirmed in modal β†’ successful bulk user update
User assigned to account type in Administration > Account Types > {account_name} page β†’ successful user update
FAILURE
User member type or account type edited in Administration > People > {user_name} page β†’ failed user update
Reassign account type selected in user action menu () in Administration > People page β†’ account type reassignment confirmed in modal β†’ failed user update
Reassign account type () function selected with bulk user selection in Administration > People page β†’ account type reassignment confirmed in modal β†’ failed bulk user update
User assigned to account type in Administration > Account Types > {account_name} page β†’ failed user update

Target User Ids

Account Type ID

User Kind

USER_ARCHIVED
SUCCESS
Deactivate selected in user action menu () in Administration > People > Members tab β†’ successful user deactivation
Deactivate () function selected with bulk user selection in Administration > People > Members tab β†’ user deactivation confirmed in modal β†’ successful bulk user deactivation
FAILURE
Deactivate selected in user action menu () in Administration > People > Members tab β†’ failed user deactivation
Deactivate () function selected with bulk user selection in Administration > People > Members tab β†’ user deactivation confirmed in modal β†’ failed bulk user deactivation
Target User Ids
USER_UNARCHIVED
SUCCESS
Reactivate selected in user action menu () in Administration > People > Members tab β†’ successful user activation
FAILURE
Reactivate selected in user action menu () in Administration > People > Members tab β†’ failed user activation
Target User Ids

User account metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Target User IdsTARGET_USER_IDSSystem-generated IDs associated with affected user accounts
Target User EmailsTARGET_USER_EMAILSEmail address associated with user invite
Account Type IdACCOUNT_TYPE_IDUUID associated with the account type affected by or related to the event
User KindUSER_KINDMember type assigned to affected user accounts

Account type entries

Account type entries (Event Category column = ACCOUNT_TYPES) record events related to admin interactions with account type configurations and member assignments in the Administration > Account Types page.

Account type events

Event typeEvent status and entry triggersAdditional metadata columns
ACCOUNT_TYPE_CREATED
SUCCESS
New account type configured in Administration > Account Types > New Account Type page β†’ successful account type creation
FAILURE
New account type configured in Administration > Account Types > New Account Type page β†’ failed account type creation

Features Added

Features Removed

ACCOUNT_TYPE_UPDATED
SUCCESS
Account type permissions edited in Administration > Account Types > {account_name} page β†’ successful account type update
FAILURE
Account type permissions edited in Administration > Account Types > {account_name} page β†’ failed account type update

AccountType ID

Features Added

Features Removed

ACCOUNT_TYPE_DELETED
SUCCESS
Delete selected in account type action menu () in Administration > Account Types page β†’ successful account type deletion
FAILURE
Delete selected in account type action menu () in Administration > Account Types page β†’ failed account type deletion

AccountType Id

Delegate AccountType Id

Account type metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Account Type IdACCOUNT_TYPE_IDUUID associated with the account type
Delegate Account Type IdDELEGATE_ACCOUNT_TYPE_IDNew UUID associated with the account type
Features AddedFEATURES_ADDEDPermissions included in the account type
Features RemovedFEATURES_REMOVEDPermissions excluded from the account type

Team entries

Team entries (Event Category column = TEAMS) record events related to admin interactions with team settings and member assignments in the Administration > Teams page.

Team events

Event typeEvent status and entry triggersAdditional metadata columns
TEAM_CREATED
SUCCESS
New team added in Administration > Teams > New Team page β†’ successful team creation
FAILURE
New team added in Administration > Teams > New Team page β†’ failed team creation

Target User Ids

Change Type

Team Name

Team Kind

Create Team Folder

Is Team Admin

TEAM_UPDATED
SUCCESS
Member added to or removed from team in Administration > Teams > {team_name} page β†’ successful team update
FAILURE
Member added to or removed from team in Administration > Teams > {team_name} page β†’ failed team update

Target User Ids

Change Type

Team Id

Is Team Admin

TEAM_DELETED
SUCCESS
Delete Team selected in Administration > Teams > {team_name} page β†’ successful team deletion
FAILURE
Delete Team selected in Administration > Teams > {team_name} page β†’ failed team deletion
Team Id

Team metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Target User IdsTARGET_USER_IDSSystem-generated IDs associated with affected user accounts
Change TypeCHANGE_TYPEType of membership change
Team IdTEAM_IDUUID associated with the team
Team NameTEAM_NAMETeam name assigned to the team
Team KindTEAM_KINDTeam type associated with the team
Create Team FolderCREATE_TEAM_FOLDERTeam workspace added during team creation (true/false)
Create Team FolderIS_TEAM_ADMINTeam admin role reassigned to user account responsible for the event (true/false)

Connection entries

Connection entries (Event Category column = CONNECTIONS) record events related to admin interactions with the CDW or DBMS connection configurations in the Administration > Connections page.

Connection events

Event typeEvent status and entry triggersAdditional metadata columns
CONNECTION_CREATED
SUCCESS
New connection configured in Administration > Connections > Add new connection page β†’ successful connection creation
FAILURE
New connection configured in Administration > Connections > Add new connection page β†’ failed connection creation

Connection Type

Connection Name

Connection Details

Connection Description

Connection Timeoutsecs Default

Connection Use Oauth

Cron Spec

Timezone

CONNECTION_UPDATED
SUCCESS
Connection edited Administration > Connections > {connection_name} > Edit connection page β†’ successful connection update
FAILURE
Connection edited Administration > Connections > {connection_name} > Edit connection page β†’ failed connection update

Connection Id

Connection Type

Connection Name

Connection Details

Connection Description

Connection Timeoutsecs Default

Connection Use Oauth

Cron Spec

Timezone

CONNECTION_ARCHIVED
SUCCESS
Delete Connection selected in Administration > Connections > {connection_name} page β†’ successful connection deletion
FAILURE
Delete Connection selected in Administration > Connections > {connection_name} page β†’ failed connection deletion

Connection Id

Connection metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Connection IdCONNECTION_IDUUID associated with the connection
Connection TypeCONNECTION_TYPECDW or DBMS provider associated with the connection
Connection NameCONNECTION_NAMEConnection name assigned to the connection
Connection DetailsCONNECTION_DETAILSConnection credentials (host, account, warehouse, user, role)
Connection Timeoutsecs DefaultCONNECTION_TIMEOUTSECS_DEFAULTConnection timeout duration assigned to the connection
Connection Use OauthCONNECTION_USE_OAUTHOAuth access configuration
Cron SpecCRON_SPECAuto indexing schedule for the connection
TimezoneTIMEZONEAuto indexing schedule's time zone

Object interaction entries

Object interaction entries (Event Category = OBJECT_INTERACTION) record events related to user interactions with workbooks, datasets, and workspaces.

Object interaction events

Event typeEvent status and entry triggersAdditional metadata columns
OBJECT_CREATED
(exploration/workbook)
SUCCESS
New exploration/workbook opened using Create New feature in homepage β†’ successful exploration/workbook creation
New exploration/workbook opened from a connection β†’ successful exploration/workbook creation
New exploration/workbook opened using New Document feature in My Documents page β†’ successful exploration/workbook creation
Existing workbook duplicated in My Documents or Workspace page β†’ successful workbook creation
Template selected in the Templates page β†’ successful exploration creation
FAILURE
New exploration/workbook opened using Create New feature in homepage β†’ failed exploration/workbook creation
New exploration/workbook opened from a connection β†’ failed exploration/workbook creation
New exploration/workbook opened using New Document feature in My Documents page β†’ failed exploration/workbook creation
Existing workbook duplicated in My Documents or Workspace page β†’ failed workbook creation
Template selected in the Templates page β†’ failed exploration creation

Inode Id

Parent Inode Id

Object Type

Object Name

Object Description

Source Inode Id

Source Version

Is Reusable

OBJECT_CREATED
(dataset)
SUCCESS
New dataset opened using Create New feature in homepage β†’ successful dataset creation
New dataset saved from a connection β†’ successful dataset creation
New dataset opened using New Document feature in My Documents page β†’ successful dataset creation
FAILURE
New dataset opened using Create New feature in homepage β†’ failed dataset creation
New dataset saved from a connection β†’ failed dataset creation
New dataset opened using New Document feature in My Documents page β†’ failed dataset creation

Connection Id

Inode Id

Parent Inode Id

Object Type

Object Name

Source Inode Id

Source Version

OBJECT_CREATED
(workspace)
SUCCESS
New workspace added using Create Workspace feature in Workspaces page β†’ successful workspace creation
FAILURE
New workspace added using Create Workspace feature in Workspaces page β†’ failed workspace creation

Inode Id

Object Type

Object Name

OBJECT_UPDATED
SUCCESS
Workbook, dataset, or workspace name edited β†’ successful document update
FAILURE
Workbook, dataset, or workspace name edited β†’ failed document update

Inode Id

Object Name

Object Description

Is Run As Service Account (workbook only)

OBJECT_ARCHIVED
SUCCESS
Delete selected in header menu in open workbook or dataset β†’ successful document deletion
Delete selected in workbook or dataset menu () in Home, Recents, Favorites, Shared with Me, My Documents, or Workspaces page β†’ successful document deletion
Delete selected in workspace menu () in Workspaces page β†’ successful workspace deletion
FAILURE
Delete selected in header menu in open workbook or dataset β†’ failed document deletion
Delete selected in workbook or dataset menu () in Home, Recents, Favorites, Shared with Me, My Documents, or Workspaces page β†’ failed document deletion
Delete selected in workspace menu () in Workspaces page β†’ failed workspace deletion
Inode Id
OBJECT_UNARCHIVED
SUCCESS
Workbook, dataset, or workspace selected in Trash page β†’ recovery preferences submitted in modal β†’ successful document recovery
FAILURE
Workbook, dataset, or workspace selected in Trash page β†’ recovery preferences submitted in modal β†’ failed document recovery

Inode Id

Object Type

Object Name

OBJECT_OPENED
SUCCESS
Exploration, workbook, or dataset selected (systemwide) β†’ document successfully opened
FAILURE
Exploration, workbook, or dataset selected (systemwide) β†’ document failed to open

Inode Id

Object Type

Object Name

OBJECT_UPLOADED
SUCCESS
CSV file uploaded to a workbook or dataset β†’ successful data upload
FAILURE
CSV file uploaded to a workbook or dataset β†’ failed data upload

Object Type

Object Name

Object interaction metadata

Column name
(default "friendly name")
Column ID
(CDW/DBMS column ID)
Description
Connection IdCONNECTION_IDUUID associated with the connection
Inode IdINODE_IDUUID associated with the inode containing the object's metadata
Parent Inode idPARENT_INODE_IDUUID associated with the parent inode referencing the object's inode
Object TypeOBJECT_TYPEType of object created
Object NameOBJECT_NAMESystem- or user-generated name associated with the object
Source Inode IdSOURCE_INODE_IDInode ID of the object's source (if created from an existing object)
Source VersionSOURCE_VERSIONSource code version of the object's source (if created from an existing object)
Is ReusableIS_REUSABLEWorkbook saved as a reusable dataset (true/false)
Is Run as Service AccountIS_RUN_AS_SERVICE_ACCOUNTWorkbook configured to execute queries using a service account (true/false)