Workspace audit log event types

Monitor and debug workspace activity with detailed audit logs. Each event captures who did what, when, and how - from user logins to role changes. Explore the available event types and their Payload schemas below.

user_access

Login and logout events for users in the workspace.

Event subtypes
ValueDescription
loginA user logged in
logoutA user logged out

Payload schema

FieldTypeDescription
methodstringHow the user logged in, enum: dashboard, sso, api, google
locationstringThe geolocation based on the logged IP address
ipAddressstringThe captured IP address of the user

custom_role

Tracks when custom roles are created, updated, or deleted in your workspace. Learn more about custom roles.

Event subtypes
ValueDescription
role_createdA custom role has been created
role_updatedA custom role has been updated
role_deletedA custom role has been deleted

Payload schema

FieldTypeDescription
roleNamestringThe name of the custom role
previousRoleNamestringThe previous name of the custom role

workspace_membership

Tracks when users join or leave the workspace, and when their roles change within it.

Event subtypes
ValueDescription
user_addedA user has been added to the workspace
user_removedA user has been removed from the workspace
user_role_updatedA user’s role has been updated

Payload schema

FieldTypeDescription
targetUserobjectThe affected user, with properties id and email
methodstringHow access was managed, enum: sso, dashboard, admin, access_request
userTypestringType of user, enum: member, guest, reviewer, client
roleNamestringThe role assigned to the user
previousRoleNamestringThe previous role (for role updates)

site_membership

Tracks when users are added to or removed from a specific site, and when their site-specific roles change or their granular access to resources. This is similar to workspace membership events, but focused on site-level access instead of workspace-level access.

Event subtypes
ValueDescription
user_addedA user has been added to a site
user_removedA user has been removed from a site
user_role_updatedA user’s site role has been updated
user_granular_access_updatedA user’s granular access has been updated for a specific resource

Payload schema

FieldTypeDescription
siteobjectThe affected site, with properties id and slug
targetUserobjectThe affected user, with properties id and email
methodstringHow access was managed, enum: sso, invite, scim, dashboard, admin, access_request
userTypestringType of user, enum: member, guest, reviewer, client
roleNamestringThe role assigned to the user
previousRoleNamestringThe previous role (for role updates)
granularAccessobjectThe granular access settings for the user, with properties id, name, type, restricted

workspace_invitation

Tracks the lifecycle of workspace invitations from when they’re sent to when they’re accepted, declined, or canceled.

Event subtypes
ValueDescription
invite_sentA workspace invite was sent
invite_acceptedA workspace invite was accepted
invite_updatedA workspace invite was updated
invite_canceledA workspace invite was canceled
invite_declinedA workspace invite was declined
access_request_acceptedA guest access request was accepted

Payload schema

FieldTypeDescription
targetUserobjectThe invited user, with properties id and email
methodstringHow the invitation was managed, enum: sso, dashboard, admin
userTypestringType of user invited, enum: member, guest, reviewer, client
roleNamestringThe role assigned to the user in the invitation
previousRoleNamestringThe previous role (for updated invitations)
targetUsersarrayList of users approved from a guest access request with an id and email