User Audit Trail

Overview

The User Audit Trail allows an Administrator to track changes and identify patterns within users, user groups, roles, and anonymous logins. The User Audit Trail also allows you to perform the following options:

  • Apply filters to pinpoint search results
  • Click on an Event to display additional information
  • Create a .csv (comma separated values) file

The User Audit Trail

For additional information on the User Audit Trail feature, please see the User Audit Trail Events & Filters and the View & Export the User Audit Trail articles.


Important Notes

  • The User Audit Trail data is available from version 3.1 onwards or your go-live date, whichever is later.
  • Due to processing time, recent events will appear in the audit trail after a few minutes. 
  • You will notice a brief delay when deleting a subject from the Subject filter. If a subject is in multiple Orgs and an event (e.g., editing a username or email address) affects all Orgs, the event will be recorded in all Orgs. External Org User is displayed in the Performed By column if an admin triggers the event outside of the current Org.
  • Anonymous logins are not assigned an External Reference ID.
  • If multiple attributes are changed in a single event, the event description will appear on the table as Multiple Attributes Updated. The previous and updated values are displayed in full on the Additional Information pop-up.
  • The User Audit Trail only captures events that pertain to user management. Changes to workflow permissions are logged when they relate to user groups and roles, but deleting, creating, or otherwise modifying a workflow is not.
  • If a subject or entity is deleted before the event can be processed by Resolver®, it will appear in the User Audit Trail as Unknown [Subject Type/Entity Type] with id [id number]
  • The User Audit Trail does not capture Cascading events.  All items attached to a role (e.g., users, user groups, and object types) are deleted when the role is deleted.
  • Options are displayed randomly in the Subject, Event, and Performed By filter drop-down menus. The filter drop-down menus will be improved in an upcoming release.
  • Events are recorded in Resolver using your system's current local time zone but exported User Audit Trails use UTC.
  • Admins can export data from any time range; however, the API will only return the most recent 50,000 results. You can make an additional API request using the last event row's date in the .csv file as the dateStart value to obtain any truncated data. See the View & Export the User Audit Trail article for details.