To review actions performed by people in your organization, dbt provides logs of audited user and system events in real time. The audit log appears as events happen and includes details such as who performed the action, what the action was, and when it was performed. You can use these details to troubleshoot access issues, perform security audits, or analyze specific events.
You must be an Account Admin to access the audit log and this feature is only available on Enterprise plans.
The dbt Cloud audit log stores all the events that occurred in your organization in real-time, including:
For events within 90 days, the dbt Cloud audit log has a selectable date range that lists events triggered.
Click the event card to see the details about the activity that triggered the event. This view provides important details, including when it happened and what type of event was triggered. For example, if someone changes the settings for a job, you can use the event details to see which job was changed (type of event: v1.events.job_definition.Changed), by whom (person who triggered the event: actor), and when (time it was triggered: created_at_utc). For types of events and their descriptions, see Events in audit log.
The event details provides the key factors of an event:
Account ID of where the event occurred
Actor that carried out the event - User or Service
Unique ID of the actor
IP address of the actor
Identifying name of the actor
UTC timestamp on when the event occurred
Unique key identifying the event
Unique ID of the event
Service that carried out the action
Source of the event - dbt Cloud UI or API
This key will be different for each event and will match the event_type. This data will include all the details about the object(s) that was changed.
The audit log supports various events for different objects in dbt Cloud. You will find events for authentication, environment, jobs, service tokens, groups, user, project, permissions, license, connection, repository, and credentials.
You can search the audit log to find a specific event or actor, which is limited to the ones listed in Events in audit log. The audit log successfully lists historical events spanning the last 90 days. You can search for an actor or event using the search bar, and then narrow your results using the time window.
You can use the audit log to export all historical audit results for security, compliance, and analysis purposes:
For events within 90 days — dbt Cloud will automatically display the 90-day selectable date range. Select Export Selection to download a CSV file of all the events that occurred in your organization within 90 days.
For events beyond 90 days — Select Export All. The Account Admin will receive an email link to download a CSV file of all the events that occurred in your organization.