Skip to main content

The audit log for dbt Cloud Enterprise

To review actions performed by people in your organization, dbt provides logs of audited user and system events in real time. The audit log appears as events happen and includes details such as who performed the action, what the action was, and when it was performed. You can use these details to troubleshoot access issues, perform security audits, or analyze specific events.

You must be an Account Admin or an Account Viewer to access the audit log and this feature is only available on Enterprise plans.

The dbt Cloud audit log stores all the events that occurred in your organization in real-time, including:

  • For events within 90 days, the dbt Cloud audit log has a selectable date range that lists events triggered.
  • For events beyond 90 days, Account Admins and Account Viewers can export all events by using Export All.

Accessing the audit log

To access the audit log, click on your account name in the left side menu and select Account settings.

Audit log menuAudit log menu

Understanding the audit log

On the audit log page, you will see a list of various events and their associated event data. Each of these events show the following information in dbt:

  • Event name: Action that was triggered
  • Agent: User who triggered that action/event
  • Timestamp: Local timestamp of when the event occurred

Event details

Click the event card to see the details about the activity that triggered the event. This view provides important details, including when it happened and what type of event was triggered. For example, if someone changes the settings for a job, you can use the event details to see which job was changed (type of event: job_definition.Changed), by whom (person who triggered the event: actor), and when (time it was triggered: created_at_utc). For types of events and their descriptions, see Events in audit log.

The event details provide the key factors of an event:

NameDescription
account_idAccount ID of where the event occurred
actorActor that carried out the event - User or Service
actor_idUnique ID of the actor
actor_ipIP address of the actor
actor_nameIdentifying name of the actor
actor_typeWhether the action was done by a user or an API request
created_atUTC timestamp of when the event occurred
event_typeUnique key identifying the event
event_contextThis key will be different for each event and will match the event_type. This data will include all the details about the object(s) that was changed.
idUnique ID of the event
serviceService that carried out the action
sourceSource of the event - dbt Cloud UI or API

Audit log events

The audit log supports various events for different objects in dbt Cloud. You will find events for authentication, environment, jobs, service tokens, groups, user, project, permissions, license, connection, repository, and credentials.

Authentication

Event NameEvent TypeDescription
Auth Provider Changedauth_provider.ChangedAuthentication provider settings changed
Credential Login Succeededauth.CredentialsLoginSucceededUser successfully logged in with username and password
SSO Login Failedauth.SsoLoginFailedUser login via SSO failed
SSO Login Succeededauth.SsoLoginSucceededUser successfully logged in via SSO

Environment

Event NameEvent TypeDescription
Environment Addedenvironment.AddedNew environment successfully created
Environment Changedenvironment.ChangedEnvironment settings changed
Environment Removedenvironment.RemovedEnvironment successfully removed

Jobs

Event NameEvent TypeDescription
Job Addedjob_definition.AddedNew Job successfully created
Job Changedjob_definition.ChangedJob settings changed
Job Removedjob_definition.RemovedJob definition removed

Service Token

Event NameEvent TypeDescription
Service Token Createdservice_token.CreatedNew Service Token was successfully created
Service Token Revokedservice_token.RevokedService Token was revoked

Group

Event NameEvent TypeDescription
Group Addeduser_group.AddedNew Group successfully created
Group Changeduser_group.ChangedGroup settings changed
Group Removeduser_group.RemovedGroup successfully removed

User

Event NameEvent TypeDescription
Invite Addedinvite.AddedUser invitation added and sent to the user
Invite Redeemedinvite.RedeemedUser redeemed invitation
User Added to Accountaccount.UserAddedNew user added to the account
User Added to Groupuser_group_user.AddedAn existing user is added to a group
User Removed from Accountaccount.UserRemovedUser removed from the account
User Removed from Groupuser_group_user.RemovedAn existing user is removed from a group
Verification Email Confirmeduser.jit.email.ConfirmedEmail verification confirmed by user
Verification Email Sentuser.jit.email.SentEmail verification sent to user created via JIT

Project

Event NameEvent TypeDescription
Project Addedproject.AddedNew project added
Project Changedproject.ChangedProject settings changed
Project Removedproject.RemovedProject is removed

Permissions

Event NameEvent TypeDescription
User Permission Addedpermission.AddedNew user permissions are added
User Permission Removedpermission.RemovedUser permissions are removed

License

Event NameEvent TypeDescription
License Mapping Addedlicense_map.AddedNew user license mapping is added
License Mapping Changedlicense_map.ChangedUser license mapping settings are changed
License Mapping Removedlicense_map.RemovedUser license mapping is removed

Connection

Event NameEvent TypeDescription
Connection Addedconnection.AddedNew Data Warehouse connection added
Connection Changedconnection.ChangedData Warehouse Connection settings changed
Connection Removedconnection.RemovedData Warehouse connection removed

Repository

Event NameEvent TypeDescription
Repository Addedrepository.AddedNew repository added
Repository Changedrepository.ChangedRepository settings changed
Repository Removedrepository.RemovedRepository removed

Credentials

Event NameEvent TypeDescription
Credentials Added to Projectcredentials.AddedProject credentials added
Credentials Changed in Projectcredentials.ChangedCredentials changed in project
Credentials Removed from Projectcredentials.RemovedCredentials removed from project

Git integration

Event NameEvent TypeDescription
GitLab Application Changedgitlab_application.changedGitLab configuration in dbt Cloud changed

Webhooks

Event NameEvent TypeDescription
Webhook Subscriptions Addedwebhook_subscription.addedNew webhook configured in settings
Webhook Subscriptions Changedwebhook_subscription.changedExisting webhook configuration altered
Webhook Subscriptions Removedwebhook_subscription.removedExisting webhook deleted

Semantic Layer

Event NameEvent TypeDescription
Semantic Layer Config Addedsemantic_layer_config.addedSemantic Layer config added
Semantic Layer Config Changedsemantic_layer_config.changedSemantic Layer config (not related to credentials) changed
Semantic Layer Config Removedsemantic_layer_config.removedSemantic Layer config removed
Semantic Layer Credentials Addedsemantic_layer_credentials.addedSemantic Layer credentials added
Semantic Layer Credentials Changedsemantic_layer_credentials.changedSemantic Layer credentials changed. Does not trigger semantic_layer_config.changed
Semantic Layer Credentials Removedsemantic_layer_credentials.removedSemantic Layer credentials removed

Extended attributes

Event NameEvent TypeDescription
Extended Attribute Addedextended_attributes.addedExtended attribute added to a project
Extended Attribute Changedextended_attributes.changedExtended attribute changed or removed

Account-scoped personal access token

Event NameEvent TypeDescription
Account Scoped Personal Access Token Createdaccount_scoped_pat.createdAn account-scoped PAT was created
Account Scoped Personal Access Token Deletedaccount_scoped_pat.deletedAn account-scoped PAT was deleted

IP restrictions

Event NameEvent TypeDescription
IP Restrictions Toggledip_restrictions.toggledIP restrictions feature enabled or disabled
IP Restrictions Rule Addedip_restrictions.rule.addedIP restriction rule created
IP Restrictions Rule Changedip_restrictions.rule.changedIP restriction rule edited
IP Restrictions Rule Removedip_restrictions.rule.removedIP restriction rule deleted

Searching the audit log

You can search the audit log to find a specific event or actor, which is limited to the ones listed in Events in audit log. The audit log successfully lists historical events spanning the last 90 days. You can search for an actor or event using the search bar, and then narrow your results using the time window.

Use search bar to find content in the audit logUse search bar to find content in the audit log

Exporting logs

You can use the audit log to export all historical audit results for security, compliance, and analysis purposes:

  • For events within 90 days — dbt Cloud will automatically display the 90-day selectable date range. Select Export Selection to download a CSV file of all the events that occurred in your organization within 90 days.

  • For events beyond 90 days — Select Export All. The Account Admin or Account Viewer will receive an email link to download a CSV file of all the events that occurred in your organization.

View audit log export optionsView audit log export options
0