Security audit log

Time

When the event occurred

User

The logged in user who caused the event

Object type

On what object type has the vent occurred (Group. User, Project, Model, ...)

Object key

The exact object on which the event occurred

Project

The exact project in which the event occurred

Action type

Which event occurred

Action parameter1

Additional info if all other headers aren't enough

Action parameter2

Additional info if all other headers aren't enough

Action parameter3

Additional info if all other headers aren't enough

AssumptionGroup

Property change

Name

DataParameter

Deleted

Except when deleted by deleting a workspace, model or project

Property change

Everything except description

DataParameterVariant

Line-item data change

Delete

Except when deleted by deleting a workspace, project or data parameter

Dimension

Created

Deleted

Except when deleted by deleting a project

Property change

Everything except description

ExternalDataSource

Deleted

Except when deleted by deleting a project

Level

Created

Deleted

Property change

Everything

Model

Property change

Only modelConfig changes are logged

Deleted

Except when deleted by deleting a project

Node

Property change

Everything except description and displayConfig

PlanningWorkflow

Deleted

Except when deleted by deleting a project

ProjectVariable

Created

Property change

Both name and value

Deleted

Except when deleted by deleting a project

ScenarioExportTemplate

Deleted

Except when deleted by deleting a project

SimulationRun

Property change

The values name, baseline and parentSimulationRun

Deleted

Except when deleted by deleting a project or workspace

SimulationRunVariable

Created

Property change

Includes the value of the original.

This also logged when we create a variable override, to log the changes between the project’s and scenario’s values.

Deleted

Except when deleted by deleting a project, model, workspace or scenario

SimulationWorkspace

Property change

Everything in the simulationConfig

Deleted

Except when deleted by deleting a project

WorkflowStep

Deleted

Except when deleted by deleting a workflow or project

Adding permissions

Added permission

For which user/group is the permission added

/

/

SINCE BEGINNING

Adding a role to the user or group

Added role

name of the role

/

/

SINCE BEGINNING

Adding an user to a group

Added user to group

user

/

/

SINCE BEGINNING

Creating an user or group

Created

'preAuth', 'SAML', 'openIdConnect' or no parameter

/

/

SINCE BEGINNING

Create project variables

Created

‘value'

variable value

/

5.8.0

Update project variables

Property change

parameter type either ‘name’ or ‘value’

parameter old value

parameter new value

5.8.0

Scenario variable

Created

/

/

/

5.8.0

Update scenario variable

Property change

‘value’

Value of project variable the scenario variable is overriding

scenario variable value

5.8.0

Delete scenario variable

Deleted

/

/

/

5.8.0

Dimension row added

Property change

dimRowAdded

name of each level and the value added to the level (including extended levels)

/

5.8.0

Removing permissions

Removed permission

For which user/group is the permission removed

/

/

SINCE BEGINNING

Removing a role from the user or group

Removed role

name of the role

/

/

SINCE BEGINNING

Removing user from the group

Removed user from the group

user

/

/

SINCE BEGINNING

Deleting an user or group

Deleted

/

/

/

SINCE BEGINNING

Node deletion

Deleted

names of the node, its model and project

/

/

4.0.0

Model deleted

Deleted

name of the model, name of the project space

/

/

5.8.0

Workspace deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Data source deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Workflow deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Submission deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Dimension deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Templates deleted

Deleted

the name of the project space it belongs to

/

/

5.8.0

Project variable deleted

Deleted

/

/

/

5.8.0

Scenario variable deleted

Deleted

/

/

/

5.8.0

A line item variant is deleted

Deleted

data parameter variant's key

/

/

5.8.0

Changing the project or application setting

Changed setting

A detailed description on which setting was changed, what was the previous value and what is the new value

/

/

SINCE BEGINNING

Changing password of the user

Password changed

/

/

/

SINCE BEGINNING

Changed data access permissions on a dimension or level (value)

Data permissions

/

/

/

3.1.0

Moving a node

Node changed models

old model

new model

/

4.0.0

A line item variant is updated

Line-item data change

/

/

/

5.0.0

A line item was selected or unselected from a scenario

Line item selection

'selected' or 'unselected'

parameter's key

/

3.1.0

A line item variant is ‘selected’ or 'unselected' from being associated with a scenario

Line-item selection

'selected' or 'unselected'

data parameter variants's key

/

5.0.0

User enabled or disabled

Property change

'enabled'

old value

new value

3.7.0

User creates, deletes or reverts a version

Versioning action

'versioned', 'shared', 'unshared', 'deleted version' or 'reverted'

optional: the created version or version you are reverting from

optional: workflow's key if it was a submission

3.1.0

User links or unlinks levels

Object linking

'extended' or 'extension removed'

the key of the level that we extending by or removing extension to

/

3.1.0

User removes a value from a level

Property change

'levelValueRemove'

the value

3.1.0

User changes a value of a level

Property change

'levelValueChange'

the value

3.1.0

User change a parent value of a value

Property change

'levelValueParentChange'

the value

<old_parent> → <new_parent>

3.1.0

User renames an object

Property change

'name'

old name

new name

3.1.0

User changes a property on an object

Property change

name of the property

new value

3.1.0

User moves a line item from one group to another

Property change

'movedFromGroup' or 'movedToGroup'

the group

3.1.0

User does an action on a debug page

Special admin action

action name

HTTP method used

3.1.0

User logged in

User logged in

'preAuth', 'SAML', ' openIdConnect' or no parameter

/

/

SINCE BEGINNING

User failed to login

Failed login

User that failed to login

empty or ''credentials OK - user blocked' or 'credentials OK - IP blocked'

/

SINCE BEGINNING

User uploads a file that may change a DS or dimension table

File upload

/

/

/

3.1.0

User downloaded log files

Log download

'server.log' or 'securityAudit.csv'

/

/

3.1.0

User was denied access to modify data

Data permissions write denied

Level value

Data permission class name

/

3.8.8

User performed an action that caused time dimension data to be regenerated

Time dimension change

[<start_date>...<end_date>]...Q<year_start_quarter>

/

/

3.1.0

User saved or discarded the workspace

Workspace save action

'save', 'discard', 'saveAs'

/

/

3.1.0

User changed data of a line item

Line item data change

/

/

/

3.1.0

User changed data of a line item variant

Line item data change

/

/

/

5.0.0

User changes line item name

Property change

‘name’

old name

new name

5.0.0

User changes line item slider minimum

Property change

‘sliderMin’

old value

new value

5.8.0

User changes line item slider maximum

Property change

‘sliderMax’

old value

new value

5.8.0

User changes line item slider step

Property change

‘sliderStep’

old value

new value

5.8.0

User created new API key

API key created

/

/

/

3.6.0

A user’s session ends either through an explicit logout or an inactivity timeout.

NOTE: If the session ends to an inactivity logout it can take 30 - 40 minutes for it to be registered as having expired in the log. Thus the time of the log entry can not be seen as the time the session actually expired.

User logged out

Username of the user associated with the session

/

/

5.8.0

User changed the dimension table from a data source table

Property change

‘dimensionTable’

‘autoDim’

Audit key of the data source table

5.8.0

User blocked, due to too many unsuccessful consecutive logins

User blocked

'unsuccessful logins'

/

/

SINCE BEGINNING

Blocked user manually unblocked

User unblocked

'on boot' or no parameter

/

/

SINCE BEGINNING

Blocking IPs due to too many unsuccessful consecutive logins from the same IP

IP blocked

The blocked IP

/

/

SINCE BEGINNING

Chart exported

File export

‘Formatted export’ or ‘Raw export’

/

/

5.8.0

Workspace Export

File export

‘Formatted export’ or ‘Raw export’

/

/

5.8.0

Line item Download Excel

File Export

‘Data parameter download’,

DataParameter audit key

/

5.8.0

Assumption group Download Excel

Note: A separate log line will be made for each line item in the assumption group

File Export

‘Assumption group download’

AssumptionGroup audit key

/

5.8.0

Download excel for all assumption groups

Note: A separate log line will be made for each line item in the each of the assumption groups

File Export

‘Bulk workspace download’

Workspace audit key

/

5.8.0

Node data preview download

File Export

Audit key of either the Baseline or SimulationRun associated with the data preview

/

/

5.8.0

Project export

File Export

/

/

/

5.8.0

Tampered project import

Tampered project import

Detailed reason, one of the following:

• Missing signature

• Signature does not match content

• Invalid signature

/

/

6.0.0

host header poisoning - The supplied host header is not included in the allowlist

Bad Host Header

Actual host header

/

/

3.3.0

Jdbc / Odata table import

External Datasource import

imported tables names

/

/

4.0.0