Audit log events and metadata (Beta)

This feature is currently in open Beta and subject to quick, iterative changes. As a result, the latest product version may differ from the contents of this document.

The Sigma Audit Log is a connection that provides metadata related to user-initiated events that occur within your Sigma organization.

This document details audit log event categories, event types, and entry metadata. For information about accessing the audit log, see Access and explore audit logs.

Documentation memo

Event categories

Event types and entry data

Object interaction entries

Related resources

Documentation memo

This document references the audit log with its default column settings and connection configurations. If settings and configurations were customized by an Admin user, column visibility and naming in your audit log may differ.

To confirm column visibility and identify the default columns defined in this document, refer to the Column tab in your audit log. You can cross-reference your audit log's custom “friendly names” with cloud data warehouse (CDW) or database management system (DBMS) column IDs provided in the event metadata tables throughout this document.

Event categories

The audit log records user events in the following categories:

ACCESS_SIGMA: User access and interactions with passwords
USER_ACCOUNTS: Admin interactions with member accounts and user invitations in the Administration > People page and Administration > Account Types page
ACCOUNT_TYPES: Admin interactions with account type configurations and member assignments in the Administration > Account Types page
TEAMS: Admin interactions with team settings and member assignments in the Administration > Teams page
CONNECTIONS: Admin interactions with database connection configurations in the Administration > Connections page
OBJECT_INTERACTIONS: User interactions with workbooks, datasets, and workspaces

Event types and metadata

Base entry metadata (all entries)

All audit entries—regardless of event category or type—include the following base metadata:

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Data description
Organization Id	ORGANIZATION_ID	UUID associated with your Sigma instance
Sigma Url	SIGMA_URL	URL of the application page where the event request occurred
Request time	REQUEST_TIME	Date and time of the event request in UTC
Request Id	REQUEST_ID	UUID associated with the event request
Schema Version	SCHEMA_VERSION	Database schema model version
Cloud Provider	CLOUD_PROVIDER	Cloud service provider for your Sigma instance
User Id	USER_ID	System-generated ID associated with the user account responsible for the event request
User Email	USER_EMAIL	Email assigned to the user account responsible for the event request
User Ip	USER_IP	IP address associated with the device on which the event request occurred
User Agent	USER_AGENT	Software and browser details associated with the event request
Event Category	EVENT_CATEGORY	Event request category (primary event classification)
Event Type	EVENT_TYPE	Event request type (secondary event classification)
Event Status	EVENT_STATUS	Event response status
Event Status Reason Code	EVENT_STATUS_REASON_CODE	Reason code for the event response Provided for select events when Event Status = SUCCESS, and provided for all events when Event Status = FAILURE

User access entries

User access entries (Event Category column = ACCESS_SIGMA) record events related to user access and interactions with passwords. An entry’s Event Type and Auth Type depend on the authentication method and 2-factor authentication (2FA) requirement configured in the Admin > Authentication page.

User access events

Event type (column value)	Additional metadata (column name and possible values)	Event status (column value)	Event entry trigger
NEW_USER_SIGNUP	Auth Type = PasswordLogin SamlLogin OAuthLogin	SUCCESS	New user registration submitted through page linked in user invite email → successful login
NEW_USER_SIGNUP	Auth Type = PasswordLogin SamlLogin OAuthLogin	FAILURE	New user registration submitted through page linked in user invite email → failed login Failed logins using SAML or OAuth may be logged as the LOGIN event type
LOGIN	Auth Type = PasswordLogin	SUCCESS	Valid email and password entered in sign-in page → successful login Applicable when password authentication is enabled and 2FA is disabled
LOGIN	Auth Type = PasswordLogin	FAILURE	Invalid email or password entered in sign-in page → failed login Applicable when password authentication is enabled and 2FA is enabled or disabled
LOGIN	Auth Type = PasswordLoginMfaTriggered	SUCCESS	Valid email and password entered in sign-in page → 2FA email successfully sent Applicable when password authentication and 2FA are both enabled
LOGIN	Auth Type = PasswordLoginMfaVerify	SUCCESS	2FA code entered and verified → successful login Applicable when password authentication and 2FA are both enabled
LOGIN	Auth Type = PasswordLoginMfaVerify	FAILURE	2FA code entered but not verified → failed login Applicable when password authentication and 2FA are both enabled
LOGIN	Auth Type = SamlLogin OAuthLogin	SUCCESS	Successful SAML authentication or OAuth authorization → successful login Applicable when SAML or OAuth is enabled
LOGIN	Auth Type = SamlLogin OAuthLogin	FAILURE	Failed SAML authentication or OAuth authorization → failed login Applicable when SAML or OAuth is enabled
LOGOUT	Auth Type = Logout	SUCCESS	Sign out selected in user menu → successful logout
PASSWORD_RESET	Auth Type = PasswordResetRequest	SUCCESS	Successful password reset request using Forgot Password feature in sign-in page
PASSWORD_RESET	Auth Type = PasswordResetRequest	FAILURE	Failed password reset request using Forgot Password feature in sign-in page → password reset email failed to send
PASSWORD_RESET	Auth Type = PasswordReset	SUCCESS	New password submitted through page linked in password reset email → successful password reset
PASSWORD_RESET	Auth Type = PasswordReset	FAILURE	New password submitted through page linked in password reset email → failed password reset
PASSWORD_UPDATE	Auth Type = PasswordUpdate	SUCCESS	New password submitted through Change Password modal in Your Profile > Details page → successful password update
PASSWORD_UPDATE	Auth Type = PasswordUpdate		New password submitted through Change Password modal in Your Profile > Details page → failed password update

User access metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Description
Auth Type	AUTH_TYPE	Type of authentication or authorization request associated with the event

User account entries

User account entries (Event Category column = USER_ACCOUNTS) record events related to admin interactions with member accounts and user invitations in the Administration > People and Administration > Account Types page.

User account events

Event type (column value)	Additional metadata (column names)	Event status (column value)	Event entry trigger
USER_INVITE_SENT	Target User Emails Account Type ID User Kind	SUCCESS	New user invite submitted through Invite People to Use Sigma modal in Administration > People page → invite email successfully sent
USER_INVITE_SENT	Target User Emails Account Type ID User Kind	FAILURE	New user invite submitted through Invite People to Use Sigma modal in Administration > People page → invite email failed to send
USER_INVITE_RESENT	Target User Emails	SUCCESS	Resend Invite selected in user action menu () in Administration > People > Pending Invitations tab → invite email successfully resent
USER_INVITE_RESENT	Target User Emails	FAILURE	Resend Invite selected in user action menu () in Administration > People > Pending Invitations tab → invite email failed to resend
USER_INVITE_REVOKED	Target User Emails	SUCCESS	Revoke Invite selected in user action menu () in Administration > People > Pending Invitations tab → successful user invite expiration
USER_INVITE_REVOKED	Target User Emails	FAILURE	Revoke Invite selected in user action menu () in Administration > People > Pending Invitations tab → failed user invite expiration
USER_UPDATED	Target User Ids Account Type ID User Kind	SUCCESS	User member type or account type edited in Administration > People > [user_name] page → successful user update Reassign account type selected in user action menu () in Administration > People page → account type reassignment confirmed in modal → successful user update Reassign account type () function selected with bulk user selection in Administration > People page → account type reassignment confirmed in modal → successful bulk user update User assigned to account type in Administration > Account Types > [account_name] page → successful user update
USER_UPDATED	Target User Ids Account Type ID User Kind	FAILURE	User member type or account type edited in Administration > People > [user_name] page → failed user update Reassign account type selected in user action menu () in Administration > People page → account type reassignment confirmed in modal → failed user update Reassign account type () function selected with bulk user selection in Administration > People page → account type reassignment confirmed in modal → failed bulk user update User assigned to account type in Administration > Account Types > [account_name] page → failed user update
USER_ARCHIVED	Target User Ids	SUCCESS	Deactivate selected in user action menu () in Administration > People > Members tab → successful user deactivation Deactivate () function selected with bulk user selection in Administration > People > Members tab → user deactivation confirmed in modal → successful bulk user deactivation
USER_ARCHIVED	Target User Ids	FAILURE	Deactivate selected in user action menu () in Administration > People > Members tab → failed user deactivation Deactivate () function selected with bulk user selection in Administration > People > Members tab → user deactivation confirmed in modal → failed bulk user deactivation
USER_UNARCHIVED	Target User Ids	SUCCESS	Reactivate selected in user action menu () in Administration > People > Members tab → successful user activation
USER_UNARCHIVED	Target User Ids	FAILURE	Reactivate selected in user action menu () in Administration > People > Members tab → failed user activation

User account metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Metadata description
Target User Ids	TARGET_USER_IDS	System-generated IDs associated with affected user accounts
Target User Emails	TARGET_USER_EMAILS	Email address associated with user invite
Account Type Id	ACCOUNT_TYPE_ID	UUID associated with the account type affected by or related to the event
User Kind	USER_KIND	Member type assigned to affected user accounts

Account type entries

Account type entries (Event Category column = ACCOUNT_TYPES) record events related to admin interactions with account type configurations and member assignments in the Administration > Account Types page.

Account type events

Event type (column value)	Additional metadata (column names)	Event status (column value)	Event entry trigger
ACCOUNT_TYPE_CREATED	Features Added Features Removed	SUCCESS	New account type configured in Administration > Account Types > New Account Type page → successful account type creation
ACCOUNT_TYPE_CREATED	Features Added Features Removed	FAILURE	New account type configured in Administration > Account Types > New Account Type page → failed account type creation
ACCOUNT_TYPE_UPDATED	AccountType ID Features Added Features Removed	SUCCESS	Account type permissions edited in Administration > Account Types > [account_name] page → successful account type update
ACCOUNT_TYPE_UPDATED		FAILURE	Account type permissions edited in Administration > Account Types > [account_name] page → failed account type update
ACCOUNT_TYPE_DELETED	AccountType Id Delegate AccountType Id	SUCCESS	Delete selected in account type action menu () in Administration > Account Types page → successful account type deletion
ACCOUNT_TYPE_DELETED	AccountType Id Delegate AccountType Id	FAILURE	Delete selected in account type action menu () in Administration > Account Types page → failed account type deletion

Account type metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Metadata description
Account Type Id	ACCOUNT_TYPE_ID	UUID associated with the account type
Delegate Account Type Id	DELEGATE_ACCOUNT_TYPE_ID	New UUID associated with the account type
Features Added	FEATURES_ADDED	Permissions included in the account type
Features Removed	FEATURES_REMOVED	Permissions excluded from the account type

Team entries

Team entries (Event Category column = TEAMS) record events related to admin interactions with team settings and member assignments in the Administration > Teams page.

Team events

Event type (column value)	Additional metadata (column names)	Event status (column value)	Event entry trigger
TEAM_CREATED	Target User Ids Change Type Team Name Team Kind Create Team Folder Is Team Admin	SUCCESS	New team added in Administration > Teams > New Team page → successful team creation
TEAM_CREATED		FAILURE	New team added in Administration > Teams > New Team page → failed team creation
TEAM_UPDATED	Target User Ids Change Type Team Id Is Team Admin	SUCCESS	Member added to or removed from team in Administration > Teams > [team_name] page → successful team update
TEAM_UPDATED		FAILURE	Member added to or removed from team in Administration > Teams > [team_name] page → failed team update
TEAM_DELETED	Team Id	SUCCESS	Delete Team selected in Administration > Teams > [team_name] page → successful team deletion
TEAM_DELETED	Team Id	FAILURE	Delete Team selected in Administration > Teams > [team_name] page → failed team deletion

Team metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Description
Target User Ids	TARGET_USER_IDS	System-generated IDs associated with affected user accounts
Change Type	CHANGE_TYPE	Type of membership change
Team Id	TEAM_ID	UUID associated with the team
Team Name	TEAM_NAME	Team name assigned to the team
Team Kind	TEAM_KIND	Team type associated with the team
Create Team Folder	CREATE_TEAM_FOLDER	Team workspace added during team creation (true/false)
Is Team Admin	IS_TEAM_ADMIN	Team admin role reassigned to user account responsible for the event (true/false)

Connection entries

Connection entries (Event Category column = CONNECTIONS) record events related to admin interactions with the CDW or DBMS connection configurations in the Administration > Connections page.

Connection events

Event type (column value)	Additional metadata (column names)	Event status (column value)	Event entry trigger
CONNECTION_CREATED	Connection Type Connection Name Connection Details Connection Description Connection Timeoutsecs Default Connection Use Oauth Cron Spec Timezone	SUCCESS	New connection configured in Administration > Connections > Add new connection page → successful connection creation
CONNECTION_CREATED		FAILURE	New connection configured in Administration > Connections > Add new connection page → failed connection creation
CONNECTION_UPDATED	Connection Id Connection Type Connection Name Connection Details Connection Description Connection Timeoutsecs Default Connection Use Oauth Cron Spec Timezone	SUCCESS	Connection edited Administration > Connections > [connection_name] > Edit connection page → successful connection update
CONNECTION_UPDATED		FAILURE	Connection edited Administration > Connections > [connection_name] > Edit connection page → failed connection update
CONNECTION_ARCHIVED	Connection Id	SUCCESS	Delete Connection selected in Administration > Connections > [connection_name] page → successful connection deletion
CONNECTION_ARCHIVED	Connection Id	FAILURE	Delete Connection selected in Administration > Connections > [connection_name] page → failed connection deletion

Connection metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Description
Connection Id	CONNECTION_ID	UUID associated with the connection
Connection Type	CONNECTION_TYPE	CDW or DBMS provider associated with the connection
Connection Name	CONNECTION_NAME	Connection name assigned to the connection
Connection Details	CONNECTION_DETAILS	Connection credentials (host, account, warehouse, user, role)
Connection Timeoutsecs Default	CONNECTION_TIMEOUTSECS_DEFAULT	Connection timeout duration assigned to the connection
Connection Use Oauth	CONNECTION_USE_OAUTH	OAuth access configuration
Cron Spec	CRON_SPEC	Auto indexing schedule for the connection
Timezone	TIMEZONE	Auto indexing schedule's time zone

Object interaction entries

Object interaction entries (Event Category = OBJECT_INTERACTION) record events related to user interactions with workbooks, datasets, and workspaces.

Object interaction events

Event type (column value)	Additional metadata (column names)	Event status (column value)	Event entry trigger
OBJECT_CREATED (exploration/workbook)	Inode Id Parent Inode Id Object Type Object Name Object Description Source Inode Id Source Version Is Reusable	SUCCESS	New exploration/workbook opened using Create New feature in homepage → successful exploration/workbook creation New exploration/workbook opened from a connection → successful exploration/workbook creation New exploration/workbook opened using New Document feature in My Documents page → successful exploration/workbook creation Existing workbook duplicated in My Documents or Workspace page → successful workbook creation Template selected in the Templates page → successful exploration creation
OBJECT_CREATED (exploration/workbook)		FAILURE	New exploration/workbook opened using Create New feature in homepage → failed exploration/workbook creation New exploration/workbook opened from a connection → failed exploration/workbook creation New exploration/workbook opened using New Document feature in My Documents page → failed exploration/workbook creation Existing workbook duplicated in My Documents or Workspace page → failed workbook creation Template selected in the Templates page → failed exploration creation
OBJECT_CREATED (dataset)	Connection Id Inode Id Parent Inode Id Object Type Object Name Source Inode Id Source Version	SUCCESS	New dataset opened using Create New feature in homepage → successful dataset creation New dataset saved from a connection → successful dataset creation New dataset opened using New Document feature in My Documents page → successful dataset creation
OBJECT_CREATED (dataset)		FAILURE	New dataset opened using Create New feature in homepage → failed dataset creation New dataset saved from a connection → failed dataset creation New dataset opened using New Document feature in My Documents page → failed dataset creation
OBJECT_CREATED (workspace)	Inode Id Object Type Object Name	SUCCESS	New workspace added using Create Workspace feature in Workspaces page → successful workspace creation
OBJECT_CREATED (workspace)	Inode Id Object Type Object Name	FAILURE	New workspace added using Create Workspace feature in Workspaces page → failed workspace creation
OBJECT_UPDATED	Inode Id Object Name Object Description Is Run As Service Account (workbook only)	SUCCESS	Workbook, dataset, or workspace name edited → successful document update
OBJECT_UPDATED		FAILURE	Workbook, dataset, or workspace name edited → failed document update
OBJECT_ARCHIVED	Inode Id	SUCCESS	Delete selected in header menu in open workbook or dataset → successful document deletion Delete selected in workbook or dataset menu () in Home, Recents, Favorites, Shared with Me, My Documents, or Workspaces page → successful document deletion Delete selected in workspace menu () in Workspaces page → successful workspace deletion
OBJECT_ARCHIVED	Inode Id	FAILURE	Delete selected in header menu in open workbook or dataset → failed document deletion Delete selected in workbook or dataset menu () in Home, Recents, Favorites, Shared with Me, My Documents, or Workspaces page → failed document deletion Delete selected in workspace menu () in Workspaces page → failed workspace deletion
OBJECT_UNARCHIVED	Inode Id Object Type Object Name	SUCCESS	Workbook, dataset, or workspace selected in Trash page → recovery preferences submitted in modal → successful document recovery
OBJECT_UNARCHIVED	Inode Id Object Type Object Name	FAILURE	Workbook, dataset, or workspace selected in Trash page → recovery preferences submitted in modal → failed document recovery
OBJECT_OPENED	Inode Id Object Type Object Name	SUCCESS	Exploration, workbook, or dataset selected (systemwide) → document successfully opened
OBJECT_OPENED	Inode Id Object Type Object Name	FAILURE	Exploration, workbook, or dataset selected (systemwide) → document failed to open
OBJECT_UPLOADED	Object Type Object Name	SUCCESS	CSV file uploaded to a workbook or dataset → successful data upload
OBJECT_UPLOADED	Object Type Object Name	FAILURE	CSV file uploaded to a workbook or dataset → failed data upload

Object interaction metadata

Column name (default “friendly name”)	Column ID (CDW/DBMS column ID)	Description
Connection Id	CONNECTION_ID	UUID associated with the connection
Inode Id	INODE_ID	UUID associated with the inode containing the object's metadata
Parent Inode id	PARENT_INODE_ID	UUID associated with the parent inode referencing the object's inode
Object Type	OBJECT_TYPE	Type of object created
Object Name	OBJECT_NAME	System- or user-generated name associated with the object
Source Inode Id	SOURCE_INODE_ID	Inode ID of the object's source (if created from an existing object)
Source Version	SOURCE_VERSION	Source code version of the object's source (if created from an existing object)
Is Reusable	IS_REUSABLE	Workbook saved as a reusable dataset (true/false)
Is Run as Service Account	IS_RUN_AS_SERVICE_ACCOUNT	Workbook configured to execute queries using a service account (true/false)

Related resources

Access and explore audit logs

Was this page helpful?

Yes No

Audit log events and metadata (Beta)

Contents

Documentation memo

Event categories

Event types and metadata

Base entry metadata (all entries)

User access entries

User access events

User access metadata

User account entries

User account events

User account metadata

Account type entries

Account type events

Account type metadata

Team entries

Team events

Team metadata

Connection entries

Connection events

Connection metadata

Object interaction entries

Object interaction events

Object interaction metadata

Related resources