Skip to main content

The audit log for dbt Cloud Enterprise

To review actions performed by people in your organization, dbt provides logs of audited user and system events in real time. The audit log appears as events happen and includes details such as who performed the action, what the action was, and when it was performed. You can use these details to troubleshoot access issues, perform security audits, or analyze specific events.

You must be an Account Admin to access the audit log and this feature is only available on Enterprise plans.

The dbt Cloud audit log stores all the events that occurred in your organization in real-time, including:

  • For events within 90 days, the dbt Cloud audit log has a selectable date range that lists events triggered.
  • For events beyond 90 days, Account Admins can export all events by using Export All.

Accessing the audit log

To access the audit log, click the gear icon in the top right, then click Audit Log.

Audit log menuAudit log menu

Understanding the audit log

On the audit log page, you will see a list of various events and their associated event data. Each of these events show the following information in dbt:

  • Event name: Action that was triggered
  • Agent: User who triggered that action/event
  • Timestamp: Local timestamp of when the event occurred

Event details

Click the event card to see the details about the activity that triggered the event. This view provides important details, including when it happened and what type of event was triggered. For example, if someone changes the settings for a job, you can use the event details to see which job was changed (type of event: job_definition.Changed), by whom (person who triggered the event: actor), and when (time it was triggered: created_at_utc). For types of events and their descriptions, see Events in audit log.

The event details provide the key factors of an event:

account_idAccount ID of where the event occurred
actorActor that carried out the event - User or Service
actor_idUnique ID of the actor
actor_ipIP address of the actor
actor_nameIdentifying name of the actor
actor_typeWhether the action was done by a user or an API request
created_atUTC timestamp of when the event occurred
event_typeUnique key identifying the event
event_contextThis key will be different for each event and will match the event_type. This data will include all the details about the object(s) that was changed.
idUnique ID of the event
serviceService that carried out the action
sourceSource of the event - dbt Cloud UI or API

Audit log events

The audit log supports various events for different objects in dbt Cloud. You will find events for authentication, environment, jobs, service tokens, groups, user, project, permissions, license, connection, repository, and credentials.


Event NameEvent TypeDescription
Auth Provider Changedauth_provider.ChangedAuthentication provider settings changed
Credential Login Failedauth.CredentialsLoginFailedUser login via username and password failed
Credential Login Succeededauth.CredentialsLoginSucceededUser successfully logged in with username and password
SSO Login Failedauth.SsoLoginFailedUser login via SSO failed
SSO Login Succeededauth.SsoLoginSucceededUser successfully logged in via SSO


Event NameEvent TypeDescription
Environment Addedenvironment.AddedNew environment successfully created
Environment Changedenvironment.ChangedEnvironment settings changed
Environment Removedenvironment.RemovedEnvironment successfully removed


Event NameEvent TypeDescription
Job Addedjob_definition.AddedNew Job successfully created
Job Changedjob_definition.ChangedJob settings changed
Job Removedjob_definition.RemovedJob definition removed

Service Token

Event NameEvent TypeDescription
Service Token Createdservice_token.CreatedNew Service Token was successfully created
Service Token Revokedservice_token.RevokedService Token was revoked


Event NameEvent TypeDescription
Group Addeduser_group.AddedNew Group successfully created
Group Changeduser_group.ChangedGroup settings changed
Group Removeduser_group.ChangedGroup successfully removed


Event NameEvent TypeDescription
Invite Addedinvite.AddedUser invitation added and sent to the user
Invite Redeemedinvite.RedeemedUser redeemed invitation
User Added to Accountaccount.UserAddedNew user added to the account
User Added to Groupuser_group_user.AddedAn existing user is added to a group
User Removed from Accountaccount.UserRemovedUser removed from the account
User Removed from Groupuser_group_user.RemovedAn existing user is removed from a group
Verification Email verification confirmed by user
Verification Email verification sent to user created via JIT


Event NameEvent TypeDescription
Project Addedproject.AddedNew project added
Project Changedproject.ChangedProject settings changed
Project Removedproject.RemovedProject is removed


Event NameEvent TypeDescription
User Permission Addedpermission.AddedNew user permissions are added
User Permission Removedpermission.RemovedUser permissions are removed


Event NameEvent TypeDescription
License Mapping Addedlicense_map.AddedNew user license mapping is added
License Mapping Changedlicense_map.ChangedUser license mapping settings are changed
License Mapping Removedlicense_map.RemovedUser license mapping is removed


Event NameEvent TypeDescription
Connection Addedconnection.AddedNew Data Warehouse connection added
Connection Changedconnection.ChangedData Warehouse Connection settings changed
Connection Removedconnection.RemovedData Warehouse connection removed


Event NameEvent TypeDescription
Repository Addedrepository.AddedNew repository added
Repository Changedrepository.ChangedRepository settings changed
Repository Removedrepository.RemovedRepository removed


Event NameEvent TypeDescription
Credentials Added to Projectcredentials.AddedProject credentials added
Credentials Changed in Projectcredentials.ChangedCredentials changed in project
Credentials Removed from Projectcredentials.RemovedCredentials removed from project

Searching the audit log

You can search the audit log to find a specific event or actor, which is limited to the ones listed in Events in audit log. The audit log successfully lists historical events spanning the last 90 days. You can search for an actor or event using the search bar, and then narrow your results using the time window.

Use search bar to find content in the audit logUse search bar to find content in the audit log

Exporting logs

You can use the audit log to export all historical audit results for security, compliance, and analysis purposes:

  • For events within 90 days dbt Cloud will automatically display the 90-day selectable date range. Select Export Selection to download a CSV file of all the events that occurred in your organization within 90 days.

  • For events beyond 90 days Select Export All. The Account Admin will receive an email link to download a CSV file of all the events that occurred in your organization.

View audit log export optionsView audit log export options

Azure Single-tenant

For users deployed in Azure single tenant, while the Export All button isn't available, you can conveniently use specific APIs to access all events: