Skip to main content
IAM Audit Logs record all identity and access management activities in your organization. Use them to track user management, role assignments, group changes, and permission checks.

How to View IAM Audit Logs

Go to Audit & Compliance → IAM Audit Logs

How to Filter IAM Audit Logs

Use the filter panel to narrow down results:
  • Search: Filter by user email or resource
  • Status: Show only successful or failed operations
  • Date Range: Specify start and end dates
  • User Email: Filter by specific user
  • Action: Filter by action type (e.g., role_assign, user_invite)
  • Resource: Filter by resource type (e.g., user, role, group)
Click the filter icon to expand advanced filters. Click any row to see full details including the changes made.

How to View Log Details

Click on any log entry to expand and see:
  • Full timestamp
  • User who performed the action
  • Action type and target resource
  • Success or failure status
  • Detailed changes (before/after values when applicable)
  • IP address and user agent

Common IAM Actions

User Management:
  • user_invite - User invitation sent
  • user_remove - User removed from organization
  • user_update - User details updated
Role Management:
  • role_create - New role created
  • role_update - Role permissions modified
  • role_delete - Role deleted
  • role_assign - Role assigned to user or group
  • role_revoke - Role removed from user or group
Group Management:
  • group_create - New group created
  • group_update - Group details modified
  • group_delete - Group deleted
  • group_member_add - User added to group
  • group_member_remove - User removed from group
Permission Checks:
  • permission_check - Permission verification (logged when access is denied)

Troubleshooting

  1. Expand the date range - the change may be older than expected
  2. Search by the user’s email who made the change
  3. Filter by resource type (user, role, group)
  4. Clear all filters and browse chronologically
permission_check entries with failed status indicate users attempted actions they don’t have permission for. Review if:
  • The user needs additional roles
  • The role is missing required permissions
You need the iam:tenant:iam:audit:read permission to view IAM audit logs. Contact your administrator.

FAQ

Audit Logs track all system operations (API calls, cluster changes, deployments). IAM Audit Logs specifically track identity and access changes (users, roles, groups, permissions).
Yes. Filter by action role_assign and search for the target user’s email. The log shows who performed the assignment.
Yes. When a user attempts an action without permission, it’s logged as permission_check with failed status.
Yes. Click on the log entry to expand details. For role updates, you can see which permissions were added or removed.
Retention period depends on your plan. Contact support for specific details or extended retention needs.