Event types reported by the activity service
Activity reporting provides a useful audit trail for actions that change role-based access control (RBAC) entities, such as users, directory groups, and user roles.
User and authentication token events
In the PE console, you can view records related to local and remote users on the Activity tab of the user's page. Remote user pages only show the Role membership and Revocation events. All user pages can show authentication token events.
| Event | Description | Example |
|---|---|---|
| Creation | A new local user is created. An initial value for each metadata field is reported. | Created with login set to
"jean". |
| Metadata | Any change to the login,
display name, or email
keys. |
Display name set to "Jean
Jackson". |
| Role membership | A user is added or removed from a role. The display name and user ID of the affected user are displayed. These events are also shown on the Activities tab of the role's page. | User Jean Jackson
(973c0cee-5ed3-11e4-aa15-123b93f75cba) added to role
Operators. |
| Authentication | The user logged in. The display name and user ID of the affected user are displayed. | User Jean Jackson
(973c0cee-5ed3-11e4-aa15-123b93f75cba) logged
in. |
| Password reset token | A token is generated to reset the user's password. The display name and user ID of the affected user are shown. | A password reset token was generated for
user Jean Jackson
(973c0cee-5ed3-11e4-aa15-123b93f75cba). |
| Password changed | A user successfully changed their password with a password reset token. | Password reset for user Jean Jackson
(973c0cee-5ed3-11e4-aa15-123b93f75cba). |
| Revocation | A user is revoked or reinstated. | User revoked. |
| Event | Description | Example |
|---|---|---|
| Creation | A token is generated for the user. The Creation event appears on the page of the user who owns the token. | Amari Perez
(c84bae61-f668-4a18-9a4a-5e33a97b716c) generated an
authentication token. |
| Direct revocation | An individual token was revoked. This event appears on the page of the user who requested the revocation, not the user whose token was revoked. | Administrator
(42bf351c-f9ec-40af-84ad-e976fec7f4bd) revoked an authentication
token belonging to Amari Perez
(c84bae61-f668-4a18-9a4a-5e33a97b716c), issued at
2016-02-17T21:53:23.000Z and expiring at
2016-02-17T21:58:23.000Z. |
| Revocation by username | Revoked all tokens belonging to a specific user name. This event appears on the page of the user who requested the revocation, not the user whose token was revoked. | Administrator
(42bf351c-f9ec-40af-84ad-e976fec7f4bd) revoked all
authentication tokens belonging to Amari Perez
(c84bae61-f668-4a18-9a4a-5e33a97b716c). |
Directory user group events
These events are listed in the console on the Activity tab of the user group's page.
| Event | Description | Example |
|---|---|---|
| Importation | A directory group is imported. The initial value for each metadata field is reported (these cannot be updated in the console). | Created with display name set to
"Engineers". |
| Role membership | A group is added to or removed from a role. These events are also shown on the role's page. The group's display name and ID are provided. | Group Engineers
(7dee3acc-5ed4-11e4-aa15-123b93f75cba) added to role
Operators. |
User role events
These events are listed in the console on the Activity tab of the role's page.
| Event | Description | Example |
|---|---|---|
| Metadata | A role's display name or
description changes. |
Description set to "Sysadmins with full privileges
for node groups." |
| Members | A group is added to or removed from a role. The display name and ID of the user or group are provided. These events are also displayed on the user's or group's page. | User Kalo Hill
(76483e62-5ed4-11e4-aa15-123b93f75cba) removed from role
Operators. |
| Permissions | A permission is added to or removed from a role. | Permission
users:edit:76483e62-5ed4-11e4-aa15-123b93f75cba added to role
Operators. |
The activity service also records a Delete event when a role is removed. However, information about Delete events are only available through the activity service API Events endpoints.
Orchestrator events
These events are listed in the console on the Activity tab of the node's page.
| Event | Description | Example |
|---|---|---|
| Agent runs | Puppet ran as part of an orchestration job. This includes Puppet runs started from the orchestrator or the PE console. | Request Puppet agent run on node.example.com via
orchestrator job 12. |
| Task runs | Tasks ran as part of orchestration jobs that were set up in the console or on the command line. | Request echo task on
neptune.example.com via orchestrator job 9,607 |
Directory service settings events
These events are not exposed in the console. You must use the activity service API Events endpoints to get information about these events.
| Event | Description | Example |
|---|---|---|
| Update settings (except password) | A setting changed in the directory service settings, other than the password. | User rdn set to "ou=users". |
| Update directory service password | The directory service password changed. | Password updated. |