Event types reported by the activity service

Activity reporting provides a useful audit trail for actions that change role-based access control (RBAC) entities, such as users, directory groups, and user roles.

User and authentication token events

In the PE console, you can view records related to local and remote users on the Activity tab of the user's page. Remote user pages only show the Role membership and Revocation events. All user pages can show authentication token events.

Event Description Example
Creation A new local user is created. An initial value for each metadata field is reported. Created with login set to "jean".
Metadata Any change to the login, display name, or email keys. Display name set to "Jean Jackson".
Role membership A user is added or removed from a role. The display name and user ID of the affected user are displayed. These events are also shown on the Activities tab of the role's page. User Jean Jackson (973c0cee-5ed3-11e4-aa15-123b93f75cba) added to role Operators.
Authentication The user logged in. The display name and user ID of the affected user are displayed. User Jean Jackson (973c0cee-5ed3-11e4-aa15-123b93f75cba) logged in.
Password reset token A token is generated to reset the user's password. The display name and user ID of the affected user are shown. A password reset token was generated for user Jean Jackson (973c0cee-5ed3-11e4-aa15-123b93f75cba).
Password changed A user successfully changed their password with a password reset token. Password reset for user Jean Jackson (973c0cee-5ed3-11e4-aa15-123b93f75cba).
Revocation A user is revoked or reinstated. User revoked.
The user page also reports these authentication token events:
Event Description Example
Creation A token is generated for the user. The Creation event appears on the page of the user who owns the token. Amari Perez (c84bae61-f668-4a18-9a4a-5e33a97b716c) generated an authentication token.
Direct revocation An individual token was revoked. This event appears on the page of the user who requested the revocation, not the user whose token was revoked. Administrator (42bf351c-f9ec-40af-84ad-e976fec7f4bd) revoked an authentication token belonging to Amari Perez (c84bae61-f668-4a18-9a4a-5e33a97b716c), issued at 2016-02-17T21:53:23.000Z and expiring at 2016-02-17T21:58:23.000Z.
Revocation by username Revoked all tokens belonging to a specific user name. This event appears on the page of the user who requested the revocation, not the user whose token was revoked. Administrator (42bf351c-f9ec-40af-84ad-e976fec7f4bd) revoked all authentication tokens belonging to Amari Perez (c84bae61-f668-4a18-9a4a-5e33a97b716c).

Directory user group events

These events are listed in the console on the Activity tab of the user group's page.

Event Description Example
Importation A directory group is imported. The initial value for each metadata field is reported (these cannot be updated in the console). Created with display name set to "Engineers".
Role membership A group is added to or removed from a role. These events are also shown on the role's page. The group's display name and ID are provided. Group Engineers (7dee3acc-5ed4-11e4-aa15-123b93f75cba) added to role Operators.

User role events

These events are listed in the console on the Activity tab of the role's page.

Event Description Example
Metadata A role's display name or description changes. Description set to "Sysadmins with full privileges for node groups."
Members A group is added to or removed from a role. The display name and ID of the user or group are provided. These events are also displayed on the user's or group's page. User Kalo Hill (76483e62-5ed4-11e4-aa15-123b93f75cba) removed from role Operators.
Permissions A permission is added to or removed from a role. Permission users:edit:76483e62-5ed4-11e4-aa15-123b93f75cba added to role Operators.

The activity service also records a Delete event when a role is removed. However, information about Delete events are only available through the activity service API Events endpoints.

Orchestrator events

These events are listed in the console on the Activity tab of the node's page.

Event Description Example
Agent runs Puppet ran as part of an orchestration job. This includes Puppet runs started from the orchestrator or the PE console. Request Puppet agent run on node.example.com via orchestrator job 12.
Task runs Tasks ran as part of orchestration jobs that were set up in the console or on the command line. Request echo task on neptune.example.com via orchestrator job 9,607

Directory service settings events

These events are not exposed in the console. You must use the activity service API Events endpoints to get information about these events.

Event Description Example
Update settings (except password) A setting changed in the directory service settings, other than the password. User rdn set to "ou=users".
Update directory service password The directory service password changed. Password updated.