When you call the Audit Log API to return specific data on your user activity in Pigment, it returns audit events. The audit event is a JSON with standard fields and a payload containing details that vary depending on the event type. This article describes audit event structures, and provides details on the event types that occur in your Pigment Workspace.
For more information on the Audit Logs API, check out these topics:
All audit events returned by the Audit Logs API has a standard structure. You can read more details about this in the article Calling the Audit Log API. The following is a list of event types returned by the Audit Logs API.
User event types
Audit Log Event Type | Description | Sample Payload |
|---|
UserInvited
| User invited into the organization. If the user is invited into the organization, and SAML SSO is configured, then you can interpret this event to mean that the user is activated. | {
"id": "ABC124",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}
|
UserAccountTypeUpdated
| The user account type changed. Any changes to the Workspace Primary Owner account type is not logged here. | {
"userId": "ABC123",
"userName": "John Doe",
"userEmail": "JOHN.DOE@ACME.COM",
"newAccountType": "Workspace Admin",
"previousAccountType": "Builder"
}
|
UserDeactivated
| User deactivated. This event is logged either through the member’s page or through SCIM provisioning. | {
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}
|
UserReactivated
| User reactivated following their account being deactivated. This event is logged either through the member’s page or through SCIM provisioning. | {
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}
|
UserPasswordChanged
| A user reset their password. This event only appears if the user performs an action using the reset password email. If the password is reset administratively, this event won’t appear. An example of this would be when a user can’t receive password reset emails, and is provided with a temporary password. | {
"id": "ABC123",
"name": "John Doe",
"email": "JOHN.DOE@ACME.COM"
}
|
UserLoggedIn
| User logged into the Pigment Workspace. Pigment Support Account does not generate this event (there is the event SupportSessionStarted instead). | No payload is available for this event because the event is generated for the actor. |
UserLoggedOut
| User logged out of the Pigment Workspace. Pigment Support Account does not generate this event. | No payload is available for this event because the event is generated for the actor. |
SupportSessionStarted
| Pigment Support account has started a session in the Workspace. | No payload is available for this event because the event is generated for the actor. |
Group event types
Audit Log Event Type | Description | Sample Payload |
|---|
UserGroupCreated
| A Group was created. | {
"id": "ABC123",
"name": "My Group"
}
|
UserGroupDeleted
| A Group was deleted. | {
"id": "ABC123",
"name": "My Group"
}
|
UserGroupMembershipUpdated
| A Member was added to or removed from a Group from the Groups page.
If the Member was added to the Group, the details of the Group will be in the field called newGroup.
If the Member was removed from the Group, the details of the Group will be in the field called previousGroup. | {
"userId":"ABC123",
"userEmail":"JOHn.DOE@ACME.COM",
"newGroup":
{
"id":"ABC123",
"name":"My Group"
}
}
|
UserGroupApplicationRoleUpdated
| A Group was assigned to a Role in an Application or removed from a Role in an Application from the Groups page, or the Application Role was changed.
When an Application Role is removed from a Group, the payload will only contain the group and application fields - no record of the removed Application Role will be logged. | {
"group":
{
"id":"ABC123",
"name":"My Group"
},
"application":
{
"id":"ABC123",
"name":"My Application"
},
"previousApplicationRole":"Admin",
"newApplicationRole":"Modeler"
}
|
Application event types
Audit Log Event Type | Description | Sample Payload |
|---|
ApplicationSnapshotCreated
| This event is logged whenever a Member has taken a Snapshot. Note, a Snapshot creation might have failed but this event will still be logged. The status of the Snapshot created will be available on Pigment in the Snapshots page. The parameter snapshotGroup refers to the Group that contains the Applications being snapshot. If it is a single Application being snapshot, the Group will just contain a single Application details in the applications parameter. Every Application with a Snapshot will have two parameters: | {
"snapshotGroup":
{
"groupId":"ABC123",
"friendlyName":"My Snapshot",
"applications":
[
{
"seedApplication":
{
"id":"ABC123",
"name":"My Application 1"
}
,
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application 1"
}
},
{"seedApplication":
{"id":"ABC123",
"name":"My Application 2"
},
"snapshotApplication":
{"id":"ABC123",
"name":"My Application 2"
}
},
{"seedApplication":
{"id":"ABC123",
"name":"My Application 3"
},
"snapshotApplication":
{"id":"ABC123",
"name":"My Application 3"
}}]}}
|
ApplicationSnapshotDeleted
| This event is logged whenever a Member has deleted a Snapshot or removed an Application from a Snapshot. The parameter snapshotGroup refers to the Group that contains the Applications being snapshot. If it is a single Application being snapshot, the Group will just contain a single Application details in the applications parameter. Every Application with a Snapshot will have two parameters: The deletedSnapshotApplications field will contain details of the Applications that were deleted or removed from the Snapshot. The name of the deleted Snapshot Application is not available, just the Application ID. | {
"snapshotGroup":
{
"groupId":"ABC123",
"friendlyName":"My Snapshot",
"applications":
[{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{"id":"ABC123
,"name":""
}}]}
,"deletedSnapshotApplications":
[{"id":"ABC123",
"name":""
}]}
|
ApplicationSnapshotUpdated
| This event is logged whenever a Member has renamed a Snapshot. There will be two parameters to represent the Group: The Snapshot Group refers to the group that contains the Applications being snapshot. If it is a single Application being snapshot, the Group will just contain a single Application details in the applications parameter. Every Application with a Snapshot will have two parameters: The type parameter at the end of the payload will state the type of update, in this case a “Rename”. | {
"previousSnapshotGroup":
{
"groupId":
"ABC123",
"friendlyName":"My Application",
"applications":
[{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}},
{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}},
{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}}]},
"newSnapshotGroup":
{
"groupId":"ABC123",
"friendlyName":"My Application ",
"applications":
[{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}},
{"seedApplication":
{"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}},
{
"seedApplication":
{
"id":"ABC123",
"name":"My Application"
},
"snapshotApplication":
{
"id":"ABC123",
"name":"My Application"
}}]},
"type":"Rename"
}
|
View event types
Audit Log Event Type | Description | Sample Payload |
|---|
ViewAccessed
| Whenever a Member lands on a View in a Metric, Table, Dimension or Transaction List, this event is logged. It’s logged even if the View is used in a widget on a Board. Even if the Member doesn’t have the required Access Rights set up on the View, but obtains a URL to land on the View, this action is logged. | {
"entity": {
"id": "ABC123",
"name": "View 1",
"application": {
"id": "ABC123",
"name": "My Application"
},
"entityType": "View",
"block": {
"id": "ABC123",
"name": "My Metric"
}
}
}
|
ViewCreated
| A View was created in Pigment. The event will appear with the BlockCreated event, as a View is also created whenever a Block is created. | {
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
}
}
|
ViewUpdated
| A view configuration was updated. There’s a parameter in the payload type which uses these values to specify updates: settings: Formatting, configuration change, pivoting.
rename: View was renamed.
There can be multiple unique ViewUpdated events logged from a single action, depending on the type update that occurred on the Pigment View. | {
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
},
"type": "Settings"
}
|
ViewDeleted
| A View was deleted. No corresponding deleted View event is available when a Block is deleted. | {
"entity": {
"id": "ABC123",
"name": "My View",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "View"
}
}
|
Temporary Views in Pigment
Certain actions in Pigment can result in events from temporary Views being logged. For example, this can happen when you use the Formula Playground, or create a draft View, which is not saved, and then share the View URL with another Member in the Application.
You can identify these from the name of the View from within the entity. It has a suffix containing a random ID. In the example below, the suffix is 111aa1a1:
{
"entity":
{
"id":"ABC123",
"name":"My View - 111aa1a1",
"application":
{
"id":"ABC123",
"name":"test app"
},
"entityType":"View",
"block":
{
"id":"ABC123",
"name":"My Metric"}
}
}
Metric event types
Audit Log Event Type | Description | Sample Payload |
|---|
MetricCreated
| A Metric was created. If the Metric is a security Metric, it has the following additional parameter settings: | {
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}
|
MetricUpdated
| A Metric was updated, for example, renamed. The type of update is specified in the type parameter: rename: Metric was renamed.
settings: Metric configuration changed, for example Block settings.
formula: Formula on the Metric was changed.
If the Metric is a security Metric, it has the following additional parameter settings: | {
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "test app"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
},
"type": "Settings"
}
|
MetricDeleted
| A Metric was deleted.
If the Metric is a security Metric, it has the following additional parameter settings: | {
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}
|
MetricDataChanged
| The data in a Metric changed due to an input or import. If the Metric is a security Metric, it has the following additional parameter settings: | {
"entity": {
"id": "ABC123",
"name": "My Metric",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Metric"
},
"settings": {
"isSecurityBlock": false,
"dataType": "BlockDataType_Number"
}
}
|
Temporary Metrics in Pigment
Using the Formula Playground in Pigment can result in the audit trail logging Metric events on temporary metrics. You can identify these from the name of the Metric from within the entity . It has a prefix Formula Playground.
For example:
{
"entity":
{
"id":"ABC123",
"name":"Formula Playground ABC123",
"application":
{
"id":"ABC123",
"name":"My App"
},
"entityType":"Metric"
},
"settings":
{
"isSecurityBlock":false,
"dataType":"BlockDataType_Number"
}
}
Table event types
Audit Log Event Type | Description | Sample Payload |
|---|
TableDeleted
| A Table was deleted. | {
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}
|
TableCreated
| A Table was created. | {
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}
|
TableUpdated
| A Table was updated, for example a Metric was added. The type of update is specified in the update_type parameter: | {
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "test app"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}
|
Boards event types
Audit Log Event Type | Description | Sample Payload |
|---|
BoardUpdated
| A Board was updated, for example, adding a widget, and so on. When the permissions on a Board is updated, this event is also logged. | {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}
|
BoardCreated
| A Board was created. | {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}
|
BoardDeleted
| A Board was deleted. | {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}
|
BoardAccessed
| A Board was accessed by a Member.
Note: event tracked since the 2024-10-22 | {
"entity": {
"id": "ABC123",
"name": "My Board",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Board"
}
|
List event types
Audit Log Event Type | Description | Sample Payload |
|---|
DimensionListCreated
| A Dimension List was created. If the Dimension is a Role Dimension, there will be an additional parameter setting: | {
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}
|
DimensionListUpdated
| A Dimension List was updated. The type of update is specified in the update_type parameter: rename: Dimension List was renamed.
settings: List settings updated, for example Properties added.
Block settings. formula: Formula on the List property was changed.
If the Dimension is a Role dimension, it has the following additional parameter setting: | {
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My Ap"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}
|
DimensionListDeleted
| A Dimension List was deleted.
If the Dimension is a Role dimension, it has the following additional parameter setting: | {
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}
|
DimensionDataChanged
| The data on a Dimension changed, for example, due to an input or an import. This event is also logged if the order of items on a List was changed. If the Dimension is a Role dimension, it has the following additional parameter setting: | {
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
},
"settings": {
"isSecurityBlock": false
}
}
|
TransactionListCreated
| A Transaction List was created. | {
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My Application"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
}
}
|
TransactionListDataChanged
| The data on a Transaction List changed, for example, due to an input or an import. This event is also logged if the order of items on a List was changed. | {
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
}
}
|
TransactionListDeleted
| A Transaction List was deleted. | {
"entity": {
"id": "ABC123",
"name": "My Table",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Table"
},
"settings": {
"isSecurityBlock": false
}
}
|
TransactionListUpdated
| A Transaction List was updated. The type of update is specified in the update_type parameter: rename: Dimension List was renamed.
settings: List settings updated, for example properties added.
Block settings. formula: Formula on the List Property was changed.
| {
"entity": {
"id": "ABC123",
"name": "My Transaction List",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "TransactionList"
},
"settings": {
"isSecurityBlock": false
},
"type": "Settings"
}
|
API Key Management event types
Audit Log Event Type | Description | Sample Payload |
|---|
APIKeyCreated
| An API key was created. This applies for all API key types. The type field specifies the key type: actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.
ownerId indicates the user ID of the user who created the API key.
| {
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
|
APIKeyRevoked
| An API key was deleted. This applies for all API key types. The type field specifies the key type: actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.
ownerId indicates the user ID of the user who created the API key.
| {
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
|
APIKeyRenamed
| An API key was renamed. This applies for all API key types. The type field specifies the key type: actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.
ownerId indicates the user ID of the user who created the API key.
| {
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
|
APIKeyRenewed
| An API key expiration date was updated. This applies for all API key types. The type field specifies the key type: actOnBehalfOfKeyOwner confirms if the API key uses the credentials of the user who owns the API key (represented by the ownerID). It has a value of true or false.
ownerId indicates the user ID of the user who created the API key.
| {
"id": "ABC123",
"type": "SecurityAudit",
"name": "My API Key",
"expirationDate": "2025-01-04T14:42:14.397Z",
"actOnBehalfOfKeyOwner": true,
"ownerId": "ABC123"
}
|
IpAllowListCreated
| An IP allow list was created. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
IpAllowListUpdated
| An IP allow list was updated. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
IpAllowListDeleted
| An IP allow list was deleted. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
AssignedApiKeysUpdated
| An IP allow list was linked manualy to an API key. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
DefaultIpAllowListSet
| An IP allow list was set as default allow list. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
DefaultIpAllowListCleared
| The default allow list was cleared. | {
"id": "ABC123",
"name": "IP allow list name",
"description": "IP allow list description",
"ipRanges": [
"1.1.1.0/24"
],
"isDefaultForApiKey": true,
"createdAt": "2025-02-04T13:33:46.744Z",
"assignedApiKeyIds": []
}
|
Data Export event type
Audit Log Event Type | Description | Sample Payload |
|---|
DataExported
| Data exported from any Pigment block using the Pigment Export API will be logged in this event. If data is exported through the Pigment UI, only Dimension and Transaction Lists have this event. | {
"entity": {
"id": "ABC123",
"name": "My Dimension",
"application": {
"id": "ABC123",
"name": "My App"
},
"entityType": "Dimension"
}
}
|
Application Security Settings event type
Audit Log Event Type | Description | Sample Payload |
|---|
InheritanceSettingsUpdated
| Data access rights inheritance options were updated in the application. In the settings field: The value for allowResetAccessRightsForSharedBlocksDependencies is equal to true when the setting to allow the use of RESETACCESSRIGHTS on Shared Blocks is activated. The value for disableAccessRightsInheritanceForBlocksInApp is equal to true when the setting to remove inheritance throughout the entire Application is activated.
| {
"application":
{
"id":"ABC123",
"name":"My Application"},
"settings":
{
"allowResetAccessRightsForSharedBlocksDependencies":false
}
}
|
AccessRightsRuleCreated
| When a data access rights rule is created, this event is logged.
Details available in the payload:
settings contains the following parameters: read: The value will be true if either the Read option or Read and Write option is selected
write: The value will be true if either the Write option only or Read and Write option is selected
applyRule: The value will be true if the rule is created to “apply”, false if the rule created is set to “do not apply”
accessRightsMetric contains details (name, id, application) about the access rights type Metric that is created for the configuration.
ruleAppliesTo contains details about the selected options for where the rule is set in the application. Depending on the settings for the rule, the following information will be logged:
| {"application":
{"id":"ABC123","name":"My Application"},
"settings":
{
"read":true,
"write":true,
"applyRule":true,
"accessRightsMetric":
{
"id":"ABC123",
"name":"My access rights Metric",
"application":
{
"id":"ABC124",
"name":"My Application"
},
"entityType":"Metric"
},
"ruleAppliesTo":
{
"singleMetric":
{
"metric":
{
"id":"ABC123",
"name":"My Metric",
"application":
{
"id":"ABC123","name":"My Applicatio"},
"entityType":"Metric"
}}}}}
|
AccessRightsRuleDeleted
| When a data access rights rule is deleted, this event is logged.
Details available in the payload:
settings contains the following parameters: read: The value will be true if either the Read option or Read and Write option is selected
write: The value will be true if either the Write option only or Read and Write option is selected
applyRule: The value will be true if the rule is created to “apply”, false if the rule created is set to “do not apply”
accessRightsMetric contains details (name, id, application) about the access rights type Metric that is created for the configuration.
ruleAppliesTo contains details about the selected options for where the rule is set in the Application. Depending on the settings for the rule, the following information will be logged:
| {
"application":
{
"id":"ABC123",
"name":"My Application"
},
"settings":
{
"read":true,
"write":true,
"applyRule":true,
"accessRightsMetric":
{
"id":"ABC123",
"name":"My access rights Metric",
"application":
{
"id":"ABC123","name":"My Application"
},
"entityType":"Metric"
},
"ruleAppliesTo":
{
"metricsUsingSpecificDimensions":
{
"dimensions":
[{"id":"ABC123","name":"My Dimension",
"application":
{"id":"ABC123","name":"My Application"},
"entityType":"Dimension"},
{"id":"ABC123","name":"My Dimension 2",
"application":
{"id":"ABC123","name":"My Application"},"entityType":"Dimension"
}]}}}}
|