In order to increase the transparency and visibility of activities performed in the system, Adobe Experience Platform allows you to audit user activity for various services and capabilities in the form of “audit logs”. These logs form an audit trail that can help with troubleshooting issues on Platform, and help your business effectively comply with corporate data stewardship policies and regulatory requirements.
In a basic sense, an audit log tells who performed what action, and when. Each action recorded in a log contains metadata that indicates the action type, date and time, the email ID of the user who performed the action, and additional attributes relevant to the action type.
The metadata for the actions Add user and Remove user within the Role resource will not contain the email ID of the user who performed the action. Instead, the logs will display the system generated email ID (system@adobe.com).
This document covers audit logs in Platform, including how to view and manage them in UI or API.
The following table outlines which actions on which resources are recorded by audit logs:
Resource | Actions |
---|---|
Access control policy (attribute based access control) |
|
Account (Adobe) |
|
Attribution AI instance |
|
Audit logs |
|
Class |
|
Computed attribute |
|
Customer AI instance |
|
Dataset |
|
Datastream |
|
Data types |
|
Destination |
|
Field group |
|
Identity graph |
|
Identity namespace |
|
Merge policy |
|
Product profile |
|
Query |
|
Query template |
|
Role (attribute based access control) |
|
Sandbox |
|
Scheduled query |
|
Schema |
|
Segment |
|
Source data flow |
|
Work order |
|
When the feature is enabled for your organization, audit logs are automatically collected as activity occurs. You do not need to manually enable log collection.
In order to view and export audit logs, you must have the View User Activity Log access control permission granted (found under the Data Governance category). To learn how to manage individual permissions for Platform features, please refer to the access control documentation.
You can view audit logs for different Experience Platform features within the Audits workspace in the Platform UI. The workspace shows a list of recorded logs, by default sorted from most recent to least recent.
Audit logs are retained for 365 days after which they will be deleted from the system. Therefore, you can only go back for a maximum period of 365 days. If you require data of more than 365 days, you should export logs at a regular cadence to meet your internal policy requirements.
Select an event from the list to view its details in the right rail.
Since this a new feature, the data displayed only goes back to March 2022. Depending on the resource selected, earlier data may be available from January 2022.
Select the funnel icon () to display a list of filter controls to help narrow results. Only the last 1000 records are displayed irrespective of the various filters selected.
The following filters are available for audit events in the UI:
Filter | Description |
---|---|
Category | Use the dropdown menu to filter displayed results by category. |
Action | Filter by action. The actions available for each service can be seen in the resource table above. |
User | Enter the complete user ID (for example, johndoe@acme.com ) to filter by user. |
Status | Filter by whether the action was allowed (completed) or denied due to lack of access control permissions. |
Date | Select a start date and/or an end date to define a date range to filter results by. Data can be exported with a 90-day lookback period (for example, 2021-12-15 to 2022-03-15). This can differ by event type. |
To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.
The returned audit log data contains the following information on all queries that meet your chosen filter criteria.
Column name | Description |
---|---|
Timestamp | The exact date and time of the action performed in a month/day/year hour:minute AM/PM format. |
Asset Name | The value for the Asset Name field depends on the category chosen as a filter. |
Category | This field matches the category selected in the filter dropdown. |
Action | The available actions depend on the category chosen as a filter. |
User | This field provides the user ID that executed the query. |
To export the current list of audit logs, select Download log.
In the dialog that appears, select your preferred format (either CSV or JSON), then select Download. The browser downloads the generated file and saves it to your machine.
You can enable audit alerts to receive notifications for the following rules:
Select the desired alert from the list to subscribe to receive notifications. For more information on alerts, see the guide on subscribing to alerts using the UI.
All actions that you can perform in the UI can also be done using API calls. See the API reference document for more information.
To learn how to manage audit logs for activities in Adobe Admin Console, refer to the following document.
This guide covered how to manage audit logs in Experience Platform. For more information on how to monitor Platform activities, see the documentation on Observability Insights and monitoring data ingestion.
To reinforce your understanding of audit logs in Experience Platform, watch the following video:
Audit logs provide transparency and visibility into all activities on Adobe Experience Platform based applications, helping you to comply with corporate data stewardship policies and regulatory requirements. This accountability and transparency will also help you to troubleshoot issues on platform by giving you easy access to who did what and when. Access to the logs is governed by Experience Platform access control and requires administrators to add the view user activity log permission to relevant users through the admin console. Once access is provided, you can go into the platform interface, and then the left rail, click on the audits link to view the logs. Here, you can see the list of logged actions ordered by most recent activity. For each logged action, the system captures and exposes key metadata, including the name of the asset acted upon, type of action, and the user ID of who performed the action. Additional details such as asset identifiers and IP addresses are available in this sidebar. You can filter the logs and export the logs as CSV or JSON for additional discovery and analysis. For example, your IT department could upload the data into a log aggregator for analysis across your tech stack. All these actions can also be executed through the API, and that includes controls to query, filter and export logs based on key facets. You can learn more about the API usage in our Experience League and Developer Portal documentation. Here’s a list of actions that are captured in the logs today and includes key configuration activity in schemas, data sets, sandbox management and activation. We plan to extend this list and include more critical event types and metadata over time. In summary, audit logs help you to comply with corporate data stewardship policies and regulatory requirements, and to troubleshoot. Thank you. -