UAM Schema Reference Guide

Understand audit event schemas

Universal audit model (UAM) is Immuta's consistent structure for all Immuta system and user query audit logs. This reference guide provides example schemas of all the UAM events available in Immuta.

There are some parameter details throughout to help better understand the UAM schemas. But there are two important parameters to each event:

targetType: Informs the Immuta object that's the target of the action being audited. This will specify if it was a user, project, policy, etc. being affected by the action.
action: Informs the base action being performed on the target. This will specify if something was created, deleted, updated, etc.

To learn more about Immuta's audit, see the UAM reference page or view the examples below.

Events and descriptions

Immuta object

Events

API keys

ApiKeyCreated: An API key is created on the Immuta app settings page or from an Immuta user's profile page.
ApiKeyDeleted: An API key is deleted.

Attributes

AttributeApplied: An attribute is applied to a user or group.
AttributeRemoved: An attribute is removed from a user or group.

Configuration

ConfigurationUpdated: The Immuta configuration on the app settings page is updated.

Data sources

DatasourceAppliedToProject: A data source is added to a project.
DatasourceCatalogSynced: An external catalog and its tags are synced on a data source.
DatasourceCreated: A data source is created.
DatasourceDeleted: A data source is deleted.
DatasourceDisabled: A data source is disabled.
DatasourceGlobalPolicyApplied: A global policy is applied to a data source.
DatasourceGlobalPolicyConflictResolved: A policy conflict between two global policies on a data source is resolved.
DatasourceGlobalPolicyDisabled: A global policy is disabled on a data source.
DatasourceGlobalPolicyRemoved: A global policy is removed from a data source.
DatasourcePolicyCertificationExpired: The global policy certification on a data source is expired.
DatasourcePolicyCertified: A global policy is certified for a data source.
DatasourcePolicyDecertified: A global policy is decertified for a data source.
DatasourceRemovedFromProject: A data source is removed from a project.
DatasourceUpdated: A data source is updated.

Domains

DomainCreated: A domain is created.
DomainDataSourcesUpdated: Data sources are assigned to or removed from the domain.
DomainDeleted: A domain is deleted.
DomainPermissionsUpdated: A domain-specific permission is applied to or removed from a user or group.
DomainUpdated: A domain's details (name, description, settings etc.) are updated.

Global policies

GlobalPolicyCreated: A global policy is created.
GlobalPolicyDeleted: A global policy is deleted.
GlobalPolicyUpdated: A global policy is updated.

Groups

GroupCreated: A group is created in Immuta by user actions in the UI or ingested from an external IAM.
GroupDeleted: A group is deleted in Immuta by user actions in the UI or from within an external IAM.
GroupMemberAdded: A user is added to a group in Immuta by user actions in the UI or from within an external IAM.
GroupMemberRemoved: A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.
GroupUpdated: A group's details (email, name, description, etc.) are updated.

License

LicenseCreated: An Immuta license is created.
LicenseDeleted: An Immuta license is deleted.

Local policies

LocalPolicyCreated: A local policy is created on a data source.
LocalPolicyUpdated: A local policy is updated on a data source.

Permissions

PermissionApplied: A global permission is applied to a user.
PermissionRemoved: A global permission is removed from a user.

Projects

ProjectCreated: A project is created.
ProjectDeleted: A project is deleted.
ProjectDisabled: A project is disabled.
ProjectPurposeApproved: A purpose is approved within a project.
ProjectPurposeDenied: A purpose is denied within a project.
ProjectPurposesAcknowledged: A user acknowledged a purpose within a project.
ProjectUpdated: A project is updated.

Purposes

PurposeDeleted: A purpose is deleted.
PurposeUpdated: A purpose is updated.
PurposeUpserted: A purpose is created.

Queries

DatabricksQuery: Available for Unity Catalog or Databricks Spark
SnowflakeQuery
TrinoQuery

Identification

SDDClassifierCreated: An identifier is created.
SDDClassifierDeleted: An identifier is deleted.
SDDClassifierUpdated: An identifier is updated.

Subscriptions

SubscriptionCreated: A user is subscribed to a data source or project.
SubscriptionDeleted: A user's subscription to a data source or project is removed.
SubscriptionRequestApproved: A user's request to subscribe to a data source or project is approved.
SubscriptionRequestDenied: A user's request to subscribe to a data source or project is denied.
SubscriptionRequested: A user requests to subscribe to a data source or project.
SubscriptionUpdated: A user's subscription to a data source or project is updated.

ApiKeyCreated or ApiKeyDeleted event

An API key is created or deleted on the Immuta app settings page or from an Immuta user's profile page.

Additional parameter details: action will specify whether the API key was CREATE or DELETE.

{
    "relatedResources": [],
    "auditPayload": {
        "type": "<ApiKeyCreatedAuditPayload | ApiKeyDeletedAuditPayload>",
        "apiKeyId": "1112158",
        "name": "T1",
        "version": 1
    },
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-01-25T18:04:58.368Z",
    "actor": {
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "targetType": "APIKEY",
    "id": "d9dc3cee-98d0-47d6-ba81-e0b38f9f4014",
    "receivedTimestamp": "2024-01-25T18:04:58.505Z",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [],
    "requestId": "60c68659-ac83-5299-bf3e-14856178a0de",
    "sessionId": "9c553d7ace0aa3ee735fd3c14f737bc6"
}

AttributeApplied or AttributeRemoved event

An attribute is applied to or removed from a user or group.

Additional parameter details:

targetType will specify whether the attribute was added to a USER or GROUP.
action will specify whether the attribute was ATTRIBUTE_APPLY or ATTRIBUTE_REMOVE.

{
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "bim",
            "profileId": "20",
            "type": "USER"
        }
    ],
    "requestId": "e45652cd-4d00-5def-8e8c-aca696822fc2",
    "sessionId": "cdbffff8804103418350947c6586712c",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "name": "Taylor Smith"
    },
    "id": "63f111a7-0835-4696-8fdb-188130c44fac",
    "targetType": "USER",
    "receivedTimestamp": "2023-09-13T14:36:02.926Z",
    "action": "ATTRIBUTE_APPLY",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-09-13T14:36:02.688Z",
    "relatedResources": [
        {
            "values": ["Product"],
            "name": "Department",
            "id": "department",
            "type": "ATTRIBUTE"
        }
    ],
    "auditPayload": {
        "entityType": "USER",
        "type": "<AttributeAppliedAuditPayload | AttributeRemovedAuditPayload>",
        "version": 1,
        "attributes": [
            {
                "values": ["Product"],
                "attribute": "Department"
            }
        ],
        "entityIdProvider": "bim",
        "entityId": "deepu@immuta.com"
    }
}

ConfigurationUpdated event

The Immuta configuration on the app settings page is updated.

{
    "eventTimestamp": "2023-12-04T18:38:25.801Z",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "action": "CONFIGURATION_UPDATED",
    "auditPayload": {
        "version": 1,
        "type": "ConfigurationUpdatedAuditPayload",
        "changeSet": {
            "plugins": {
                "policy": {
                    "approveToPromote": {
                        "requiredApprovalCount": [
                            {
                                "newValue": 1,
                                "oldValue": 2
                            }
                        ]
                    }
                }
            }
        },
        "configurationId": "20"
    },
    "relatedResources": [],
    "sessionId": "aed83ab8b46affcb1169532dada92b72",
    "requestId": "c80f510f-3f55-5450-8dea-d5e243708686",
    "targets": [
        {
            "name": "20",
            "type": "CONFIGURATION",
            "id": "20"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-04T18:38:26.039Z",
    "id": "3989e233-c791-43e9-813f-7738f4c8e26b",
    "targetType": "CONFIGURATION",
    "actor": {
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    }
}

DatasourceAppliedToProject event

A data source is added to a project.

{
    "auditPayload": {
        "type": "DatasourceAppliedToProjectAuditPayload",
        "errors": [],
        "projectId": "2",
        "version": 1,
        "datasources": [
            {
                "id": "2",
                "name": "Public Case"
            }
        ]
    },
    "sessionId": "6b928653b1411078647a2764a72beca6",
    "targets": [
        {
            "projectKey": "HumanResources",
            "id": "2",
            "type": "PROJECT",
            "name": "Human Resources"
        }
    ],
    "action": "DATASOURCE_APPLY",
    "id": "8106b44f-cf56-4ca2-a111-641d0e80e6ff",
    "targetType": "PROJECT",
    "actionStatus": "SUCCESS",
    "relatedResources": [
        {
            "id": "2",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE",
            "name": "Public Case"
        }
    ],
    "actor": {
        "id": "taylor@immuta.com",
        "profileId": "1",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "eventTimestamp": "2023-10-13T14:08:20.427Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "8823f3f0-4e46-590c-bbb2-209cce750ff9",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-10-13T14:08:20.660Z"
}

DatasourceCatalogSynced event

An external catalog and its tags are synced on a data source.

{
    "tenantId": "your-immuta-tenant.com",
    "action": "CATALOG_SYNC",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "taylor@immuta.com"
    },
    "targetType": "DATASOURCE",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-04-14T16:48:21.159Z",
    "id": "159d4299-fca5-47cb-aa6b-81d93bafa526",
    "targets": [
        {
            "id": "9",
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE"
        }
    ],
    "relatedResources": [],
    "receivedTimestamp": "2023-04-14T16:48:21.209Z",
    "auditPayload": {
        "datasourceId": "9",
        "changes": {
            "before": {
                "catalogId": null,
                "dictionary": [
                    {
                        "columnName": "round",
                        "tags": []
                    },
                    {
                        "columnName": "winning_aircraft",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "columnName": "winning_pilot"
                    }
                ],
                "tableTags": null,
                "description": null
            },
            "after": {
                "description": "",
                "tableTags": null,
                "dictionary": [
                    {
                        "columnName": "round",
                        "description": "",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "description": "",
                        "columnName": "winning_aircraft"
                    },
                    {
                        "columnName": "winning_pilot",
                        "description": "",
                        "tags": []
                    }
                ],
                "catalogId": "immuta-product_engineering"
            }
        },
        "type": "DatasourceCatalogSyncedAuditPayload"
    }
}

DatasourceCreated event

A data source is created.

{
"id": "dc0b7313-ecc9-42f1-ba33-df0a1a753c08",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
    {
        "type": "DATASOURCE",
        "id": "102",
        "name": "Pgboss Job",
        "technology": "POSTGRESQL"
    }
],
"relatedResources": [
    {
        "type": "CONNECTION",
        "id": "4",
        "name": "data-source-connection-name",
        "connectionKey": "data-source-connection-key"
    }
],
"auditPayload": {
    "type": "DatasourceCreatedAuditPayload",
    "version": 1,
    "description": null,
    "expiration": null,
    "columnDetectionEnabled": true,
    "disabled": false,
    "technology": "POSTGRESQL",
    "connectionId": "4",
    "table": "job",
    "schema": "pgboss",
    "sensitiveDataDiscoveryEnabled": true
},
"eventTimestamp": "2024-02-22T13:59:04.681Z",
"receivedTimestamp": "2024-02-22T13:59:04.715Z"
}

DatasourceDeleted event

A data source is deleted.

{
"id": "1403b675-70f6-4833-ab4c-a7486c63f494",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
    {
        "type": "DATASOURCE",
        "id": "93",
        "name": "Audit",
        "technology": "POSTGRESQL"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "DatasourceDeletedAuditPayload",
    "version": 1,
    "datasourceId": "93",
    "name": "Audit",
    "technology": "POSTGRESQL"
},
"eventTimestamp": "2024-02-22T14:20:42.379Z",
"receivedTimestamp": "2024-02-22T14:20:42.392Z"
}

DatasourceDisabled event

A data source is disabled.

{
    "id": "a09b9bc3-3775-4496-87ec-b808cf649794",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "153fe145-32a0-5c33-930d-c571c1d7748d",
    "action": "DISABLE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "57",
            "name": "Activity",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceDisabledAuditPayload",
        "version": 1,
        "datasourceId": "57",
        "name": "Activity",
        "technology": "POSTGRESQL"
    },
    "eventTimestamp": "2024-02-22T14:22:20.039Z",
    "receivedTimestamp": "2024-02-22T14:22:20.183Z"
}

DatasourceGlobalPolicyApplied event

A global policy is applied to a data source.

{
    "receivedTimestamp": "2023-10-24T18:06:27.645Z",
    "auditPayload": {
        "conflict": null,
        "version": 1,
        "policy": {
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "rules": [
                        {
                            "exceptions": null,
                            "type": "MASKING_HASH",
                            "fields": ["AWARD_ID"],
                            "ruleAppliedForUser": false
                        }
                    ],
                    "type": "DATA",
                    "global": false,
                    "rationale": null
                }
            ],
            "type": "DATA"
        },
        "type": "DatasourceGlobalPolicyAppliedAuditPayload"
    },
    "relatedResources": [
        {
            "policyKey": "Mask PII",
            "name": "Mask PII",
            "type": "GLOBAL_POLICY",
            "id": "7"
        }
    ],
    "id": "7f57d63a-5db8-412a-ad93-c6baa61384b3",
    "targetType": "DATASOURCE",
    "actor": {
        "profileId": "1",
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "eventTimestamp": "2023-10-24T18:06:27.617Z",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targets": [
        {
            "id": "47",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "action": "POLICY_APPLIED"
}

DatasourceGlobalPolicyConflictResolved event

A policy conflict between two global policies on a data source is resolved.

{
    "actor": {
        "name": "Taylor Smith",
        "profileId": "1",
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "type": "USER_ACTOR"
    },
    "id": "ac9c699a-aad0-4899-964c-279cd7eba125",
    "targetType": "DATASOURCE",
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceGlobalPolicyConflictResolvedAuditPayload",
        "version": 1
    },
    "receivedTimestamp": "2023-10-24T18:34:04.330Z",
    "action": "POLICY_CONFLICT_RESOLVED",
    "targets": [
        {
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "id": "47",
            "type": "DATASOURCE"
        }
    ],
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "eventTimestamp": "2023-10-24T18:34:04.301Z"
}

DatasourceGlobalPolicyDisabled event

A global policy is disabled on a data source.

{
    "relatedResources": [
        {
            "id": "7",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "policyKey": "mask pii"
        }
    ],
    "targetType": "DATASOURCE",
    "id": "4853154c-8825-4138-800d-913cbab56af6",
    "receivedTimestamp": "2023-10-24T18:13:25.004Z",
    "auditPayload": {
        "version": 1,
        "type": "DatasourceGlobalPolicyDisabledAuditPayload"
    },
    "actor": {
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "eventTimestamp": "2023-10-24T18:13:24.975Z",
    "action": "POLICY_DISABLED",
    "targets": [
        {
            "id": "47",
            "type": "DATASOURCE",
            "name": "Public case",
            "technology": "SNOWFLAKE"
        }
    ],
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com"
}

DatasourceGlobalPolicyRemoved event

A global policy is removed from a data source.

{
    "actor": {
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "profileId": "1"
    },
    "auditPayload": {
        "type": "DatasourceGlobalPolicyRemovedAuditPayload",
        "conflict": null,
        "policy": {
            "type": "DATA",
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "rationale": null,
                    "global": false,
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "exceptions": null,
                            "ruleAppliedForUser": false,
                            "fields": ["PII"]
                        }
                    ]
                }
            ]
        },
        "version": 1
    },
    "receivedTimestamp": "2023-10-24T18:06:27.635Z",
    "id": "4a27ab2f-156e-4cff-a3bc-65184d74ccd5",
    "targetType": "DATASOURCE",
    "relatedResources": [
        {
            "policyKey": "mask pii",
            "name": "Mask PII",
            "id": "7",
            "type": "GLOBAL_POLICY"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "47",
            "name": "Public case",
            "technology": "SNOWFLAKE"
        }
    ],
    "action": "POLICY_REMOVED",
    "eventTimestamp": "2023-10-24T18:06:27.617Z"
}

DatasourcePolicyCertificationExpired event

The global policy certification on a data source is expired.

{
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "technology": "SNOWFLAKE",
            "name": "Public case",
            "type": "DATASOURCE",
            "id": "47"
        }
    ],
    "action": "DECERTIFY_POLICY",
    "eventTimestamp": "2023-10-16T19:49:25.365Z",
    "actor": {
        "type": "SYSTEM_ACCOUNT",
        "id": "immuta_system_account",
        "name": "Immuta System Account"
    },
    "auditPayload": {
        "expirationDate": "2023-10-16T19:49:25.365Z",
        "type": "DatasourcePolicyCertificationExpiredAuditPayload",
        "version": 1
    },
    "receivedTimestamp": "2023-10-16T19:49:25.387Z",
    "targetType": "DATASOURCE",
    "id": "aedc4025-d888-4407-b837-659dca4d0e80",
    "relatedResources": [
        {
            "type": "GLOBAL_POLICY",
            "id": "7",
            "policyKey": "mask pii",
            "name": "Mask PII"
        }
    ]
}

DatasourcePolicyCertified event

A global policy is certified for a data source.

{
    "receivedTimestamp": "2023-10-03T18:35:32.666Z",
    "id": "04947a9b-0206-4c2d-bce0-0d969b68350b",
    "targetType": "DATASOURCE",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "name": "Taylor Smith"
    },
    "sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
    "requestId": "bf443424-2e49-5a13-9009-8b527a3f65f3",
    "targets": [
        {
            "id": "44",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "auditPayload": {
        "type": "DatasourcePolicyCertifiedAuditPayload",
        "columns": [
            {
                "name": "Full name",
                "tags": [
                    {
                        "deleted": false,
                        "id": "23",
                        "type": "TAG",
                        "context": "manual",
                        "source": "curated",
                        "name": "PII"
                    }
                ]
            }
        ],
        "certificationDate": "2023-10-03T18:35:32.607Z",
        "version": 1
    },
    "relatedResources": [
        {
            "type": "GLOBAL_POLICY",
            "id": "3",
            "name": "Mask PHI",
            "policyKey": "Mask PHI"
        }
    ],
    "eventTimestamp": "2023-10-03T18:35:32.484Z",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "action": "POLICY_CERTIFY"
}

DatasourcePolicyDecertified event

A global policy is decertified for a data source.

{
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "44",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "requestId": "270aa26c-e424-53cf-af06-d290c8bfa308",
    "sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
    "actor": {
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "targetType": "DATASOURCE",
    "id": "31c902a8-5cbc-4171-baaa-2428080fac91",
    "receivedTimestamp": "2023-10-03T19:25:34.166Z",
    "action": "DECERTIFY_POLICY",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "eventTimestamp": "2023-10-03T19:25:34.094Z",
    "relatedResources": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "id": "7",
            "type": "GLOBAL_POLICY"
        }
    ],
    "auditPayload": {
        "version": 1,
        "type": "DatasourcePolicyDecertifiedAuditPayload",
        "decertificationDate": "2023-10-03T19:25:34.121Z"
    }
}

DatasourceRemovedFromProject event

A data source is removed from a project.

{
    "id": "77de32df-1655-4618-b0bf-e6883483a151",
    "sessionId": "285574f9f1fd35b1fc7dba060e0786a2",
    "requestId": "e35f9736-f206-53fd-ab02-043bce216e52",
    "action": "DATASOURCE_REMOVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "PROJECT",
    "targets": [
        {
            "type": "PROJECT",
            "name": "Human Resources",
            "id": "13",
            "projectKey": "humanresources"
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "id": "54",
            "name": "Customers",
            "technology": "POSTGRESQL"
        }
    ],
    "auditPayload": {
        "type": "DatasourceRemovedFromProjectAuditPayload",
        "version": 1,
        "projectId": "13",
        "datasources": [
            {
                "id": "54",
                "name": "Customers"
            }
        ],
        "errors": []
    },
    "eventTimestamp": "2024-02-29T18:19:08.881Z",
    "receivedTimestamp": "2024-02-29T18:19:09.071Z"
}

DatasourceUpdated event

A data source is updated.

{
    "id": "d6e6115a-e508-4ace-83af-5b6da9a25884",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "66",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceUpdatedAuditPayload",
        "version": 1,
        "name": "Public case",
        "description": null,
        "expiration": null,
        "columnDetectionEnabled": true,
        "disabled": false,
        "datasourceId": "66"
    },
    "eventTimestamp": "2024-02-22T14:24:45.048Z",
    "receivedTimestamp": "2024-02-22T14:24:45.069Z"
}

DomainCreated event

A domain is created.

{
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-20T20:01:03.651Z",
    "requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
    "id": "f99bc30e-13f6-4041-a0ad-20750a27519e",
    "actor": {
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "auditPayload": {
        "domain": {
            "description": "A domain for financial data.",
            "name": "Finance Domain",
            "domainType": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        },
        "version": 1,
        "type": "DomainCreatedAuditPayload"
    },
    "relatedResources": [],
    "targets": [
        {
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        }
    ],
    "eventTimestamp": "2023-12-20T20:01:03.065Z"
}

DomainDataSourcesUpdated event

Data sources are assigned to or removed from the domain.

Additional parameter details: auditPayload.updateType will specify whether the data source was added to or removed from the domain.

{
    "action": "MODIFY_DOMAIN",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "modifiedResourceType": "DATASOURCE",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com"
    },
    "id": "bef14718-5fa8-4891-bb9e-47f7a332a70b",
    "eventTimestamp": "2023-12-20T20:23:14.432Z",
    "auditPayload": {
        "updateType": "ADD",
        "version": 1,
        "type": "DomainDataSourcesUpdatedAuditPayload"
    },
    "receivedTimestamp": "2023-12-20T20:23:14.456Z",
    "relatedResources": [
        {
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "POSTGRESQL",
            "id": "381"
        }
    ],
    "targets": [
        {
            "id": "11e7011d-a365-4933-abcb-d5febc03d310",
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN"
        }
    ]
}

DomainDeleted event

A domain is deleted.

{
    "relatedResources": [],
    "targets": [
        {
            "type": "DOMAIN",
            "name": "Finance Domain",
            "domainType": "DOMAIN",
            "id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea"
        }
    ],
    "auditPayload": {
        "version": 1,
        "domain": {
            "id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea",
            "name": "Finance Domain",
            "domainType": "DOMAIN"
        },
        "type": "DomainDeletedAuditPayload"
    },
    "eventTimestamp": "2023-12-20T20:21:13.981Z",
    "actor": {
        "id": "kris@immuta.com",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "DELETE",
    "requestId": "7884603d-8911-5f33-a9a7-d8560eb49a89",
    "receivedTimestamp": "2023-12-20T20:21:14.077Z",
    "id": "3a82ceb6-6592-4ddf-9055-6920d87bba32",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "actorIp": "xxx.xx.xx.xx"
}

DomainPermissionsUpdated event

A domain-specific permission is applied to or removed from a user or group.

Additional parameter details: auditPayload.updateType will specify whether the permission was granted to or revoked from a user.

{
    "eventTimestamp": "2023-12-20T20:01:03.065Z",
    "relatedResources": [
        {
            "type": "USER",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "profileId": "1",
            "id": "taylor@immuta.com"
        },
        {
            "type": "USER",
            "profileId": "1",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "id": "taylor@immuta.com"
        }
    ],
    "targets": [
        {
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        }
    ],
    "auditPayload": {
        "updateType": "GRANT",
        "version": 1,
        "permissionUpdates": [
            {
                "permission": "MANAGE_POLICIES",
                "profileId": "1"
            }
        ],
        "type": "DomainPermissionsUpdatedAuditPayload"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "MODIFY_DOMAIN",
    "actor": {
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR",
        "id": "taylor@immuta.com"
    },
    "modifiedResourceType": "USER",
    "id": "377ee78b-74da-4466-bdc1-22d531c1f61c",
    "requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
    "receivedTimestamp": "2023-12-20T20:01:03.576Z",
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "targetType": "DOMAIN",
    "actionStatus": "SUCCESS"
}

DomainUpdated event

A domain's details (name, description, settings etc.) are updated.

{
    "id": "d61d6ac9-2897-4d34-84f3-16181ddb9212",
    "sessionId": "adba345c6949d7f7761367c0769b983d",
    "requestId": "9a64147e-5b57-5905-9e7c-54b5a5c461c8",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DOMAIN",
    "targets": [
        {
            "type": "DOMAIN",
            "id": "69347b14-1cda-41e1-9186-e85853158299",
            "name": "Finance Domain v2",
            "domainType": "domain"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DomainUpdatedAuditPayload",
        "modifiedFields": [
            "name",
            "description"
        ],
        "domain": {
            "id": "69347b14-1cda-41e1-9186-e85853158299",
            "name": "Finance Domain v2",
            "description": "Only use for finance tables."
        },
        "version": 1
    },
    "eventTimestamp": "2023-12-12T18:26:29.618Z",
    "receivedTimestamp": "2023-12-12T18:26:32.472Z"
}

GlobalPolicyCreated event

A global policy is created.

{
    "targetType": "GLOBAL_POLICY",
    "id": "aac-f6d8bf29dfe6",
    "relatedResources": [],
    "actor": {
        "id": "taylor@immuta.com",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "type": "USER_ACTOR"
    },
    "actionStatus": "SUCCESS",
    "sessionId": "517a334",
    "auditPayload": {
        "type": "GlobalPolicyCreatedAuditPayload",
        "policy": {
            "type": "DATA",
            "actions": [
                {
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "columnCondition": {
                                "type": "TAG",
                                "tags": ["Testing"]
                            },
                            "exceptions": null
                        }
                    ],
                    "dataPolicyType": "MASKING",
                    "rationale": null
                }
            ],
            "circumstance": {
                "conditions": [
                    {
                        "type": "TAG",
                        "tagType": "COLUMN",
                        "tag": "Testing"
                    }
                ],
                "operator": "any",
                "type": "CONDITIONAL"
            }
        }
    },
    "targets": [
        {
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "id": "5"
        }
    ],
    "action": "CREATE",
    "eventTimestamp": "2023-05-10T18:29:39.438Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "2b1-11f0c5b40365",
    "receivedTimestamp": "2023-05-10T18:29:39.636Z",
    "tenantId": "your-immuta-tenant.com"
}

GlobalPolicyDeleted event

A global policy is deleted.

{
    "requestId": "126-7277a240e0f8",
    "eventTimestamp": "2023-09-13T19:42:53.029Z",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-09-13T19:42:53.157Z",
    "id": "d8c-1cb616b759a4",
    "targetType": "GLOBAL_POLICY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "id": "taylor@immuta.com",
        "profileId": "1"
    },
    "relatedResources": [],
    "auditPayload": {
        "version": 1,
        "policy": {
            "actions": [
                {
                    "subscriptionPolicyType": "AUTOMATIC",
                    "type": "SUBSCRIPTION",
                    "rationale": null,
                    "accessGrant": "READ"
                }
            ],
            "type": "SUBSCRIPTION",
            "circumstance": {
                "type": "WHEN_SELECTED"
            }
        },
        "type": "GlobalPolicyDeletedAuditPayload"
    },
    "sessionId": "2d46726",
    "action": "DELETE",
    "targets": [
        {
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "id": "6"
        }
    ]
}

GlobalPolicyUpdated event

A global policy is updated.

{
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-10-24T18:06:21.278Z",
    "eventTimestamp": "2023-10-24T18:06:21.155Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "c25-a652d8a34309",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "actor": {
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1",
        "id": "taylor@immuta.com"
    },
    "id": "f23-9635e3b7cacc",
    "targetType": "GLOBAL_POLICY",
    "targets": [
        {
            "id": "7",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII"
        }
    ],
    "action": "UPDATE",
    "auditPayload": {
        "version": 1,
        "policy": {
            "circumstance": {
                "type": "WHEN_SELECTED"
            },
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "columnCondition": {
                                "tags": ["AuditTesting"],
                                "type": "TAG"
                            },
                            "exceptions": null
                        }
                    ],
                    "rationale": null
                }
            ],
            "type": "DATA",
            "certification": {
                "label": "Personal information certification",
                "tags": ["AuditTesting"],
                "description": "I certify that I understand this data source contains personally identifiable information and will use the data appropriately and responsibly to the company policies."
            }
        },
        "type": "GlobalPolicyUpdatedAuditPayload"
    },
    "sessionId": "1a817184"
}

GroupCreated or GroupDeleted event

A group is created or deleted in Immuta by user actions in the UI or ingested from an external IAM.

Additional parameter details: action will specify whether the group was CREATE or DELETE.

{
    "sessionId": "c3e5e0fca",
    "auditPayload": {
        "version": 1,
        "groupIdProvider": "bim",
        "name": "HR",
        "groupId": "6",
        "type": "<GroupCreatedAuditPayload | GroupDeletedAuditPayload>"
    },
    "action": "CREATE",
    "targets": [
        {
            "id": "6",
            "identityProvider": "bim",
            "name": "HR",
            "type": "GROUP"
        }
    ],
    "targetType": "GROUP",
    "id": "24b-fefde19be539",
    "relatedResources": [],
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "taylor@immuta.com"
    },
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-12-19T21:18:23.711Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "a3-891d853af995",
    "receivedTimestamp": "2023-12-19T21:18:24.040Z",
    "tenantId": "your-immuta-tenant.com"
}

GroupMemberAdded event

A user is added to a group in Immuta by user actions in the UI or from within an external IAM.

{
    "sessionId": "5fff9201",
    "id": "93-e9dd843bb990",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "3",
            "identityProvider": "bim",
            "type": "GROUP"
        }
    ],
    "receivedTimestamp": "2024-01-17T13:32:15.929Z",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-01-17T13:32:15.755Z",
    "relatedResources": [
        {
            "type": "USER",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "profileId": "999111223"
        }
    ],
    "targetType": "GROUP",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith"
    },
    "action": "MEMBER_ADD",
    "auditPayload": {
        "type": "GroupMemberAddedAuditPayload",
        "version": 1,
        "userIdProvider": "bim",
        "groupId": "3",
        "userId": "deepu@immuta.com"
    },
    "requestId": "e1-61e27c131d6d"
}

GroupMemberRemoved event

A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.

{
    "targetType": "GROUP",
    "receivedTimestamp": "2024-01-17T13:27:04.061Z",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2024-01-17T13:27:03.841Z",
    "auditPayload": {
        "groupId": "3",
        "version": 1,
        "type": "GroupMemberRemovedAuditPayload"
    },
    "requestId": "73a-9a72f2b34b16",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith"
    },
    "action": "MEMBER_REMOVE",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "3",
            "name": "HR",
            "type": "GROUP",
            "identityProvider": "bim"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "sessionId": "5fff9201",
    "id": "520-db32e06a0bfa"
}

GroupUpdated event

A group's details (email, name, description, etc.) are updated.

{
    "targetType": "GROUP",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2023-12-19T21:18:32.490Z",
    "receivedTimestamp": "2023-12-19T21:18:32.767Z",
    "requestId": "09e-b07fcf57260b",
    "auditPayload": {
        "name": "Human Resources Department",
        "groupIdProvider": "bim",
        "groupId": "8",
        "version": 1,
        "type": "GroupUpdatedAuditPayload"
    },
    "action": "UPDATE",
    "actor": {
        "profileId": "1",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "GROUP",
            "identityProvider": "bim",
            "name": "Human Resources Department",
            "id": "8"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "id": "f4-87ca6e122d1a",
    "sessionId": "320528"
}

LicenseCreated or LicenseDeleted event

An Immuta license is created or deleted.

Additional parameter details: action will specify whether the license was CREATE or DELETE.

{
    "id": "c1a7-928b6fccb6ae",
    "sessionId": "bdf49f8768",
    "requestId": "4c4-fae9e165967a",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "LICENSE",
    "targets": [
        {
            "type": "LICENSE",
            "id": "2",
            "name": "2"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "<LicenseCreatedAuditPayload | LicenseDeletedAuditPayload>",
        "version": 1,
        "licenseKey": "a-unique-license-key"
    },
    "eventTimestamp": "2024-03-08T18:34:30.028Z",
    "receivedTimestamp": "2024-03-08T18:34:30.475Z"
}

LocalPolicyCreated event

A local policy is created on a data source.

{
    "targetType": "LOCAL_POLICY",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-10-13T18:16:19.643Z",
    "relatedResources": [
        {
            "id": "129",
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "POSTGRESQL"
        }
    ],
    "receivedTimestamp": "2023-10-13T18:16:19.680Z",
    "auditPayload": {
        "type": "LocalPolicyCreatedAuditPayload",
        "policy": {
            "actions": [
                {
                    "rationale": null,
                    "rules": [
                        {
                            "exceptions": null,
                            "type": "MASKING_K_ANONYMIZATION",
                            "fields": ["c_birth_year", "c_birth_month", "c_birth_day"],
                            "kLevel": 8,
                            "ruleAppliedForUser": false
                        }
                    ],
                    "type": "DATA",
                    "global": false,
                    "dataPolicyType": "MASKING"
                }
            ],
            "type": "DATA"
        },
        "version": 1
    },
    "action": "CREATE",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "LOCAL_POLICY",
            "name": "4",
            "id": "4",
            "datasource": {
                "id": "129",
                "name": "Public case",
                "type": "DATASOURCE",
                "technology": "POSTGRESQL"
            }
        }
    ],
    "id": "76-d83c056ff61e"
}

LocalPolicyUpdated event

A local policy is updated on a data source.

{
    "id": "c80-232c93a5fe63",
    "targets": [],
    "tenantId": "your-immuta-tenant.com",
    "action": "UPDATE",
    "actor": {
        "profileId": "1",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "auditPayload": {
        "version": 1,
        "policyHandlerUpdateAction": "UPDATE",
        "policy": {
            "actions": [
                {
                    "subscriptionPolicyType": "AUTOMATIC",
                    "rationale": null,
                    "type": "SUBSCRIPTION",
                    "accessGrant": "READ",
                    "global": false,
                    "ruleAppliedForUser": true
                }
            ],
            "type": "SUBSCRIPTION"
        },
        "policyUpdateType": "SUBSCRIPTION",
        "type": "LocalPolicyUpdatedAuditPayload"
    },
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-02-07T19:26:54.447Z",
    "relatedResources": [
        {
            "id": "1124",
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE"
        }
    ],
    "receivedTimestamp": "2024-02-07T19:26:54.478Z",
    "targetType": "LOCAL_POLICY"
}

PermissionApplied or PermissionRemoved event

A global permission is applied to or removed from a user.

Additional parameter details: action will specify whether the permission was PERMISSION_APPLY or PERMISSION_REMOVE.

{
    "id": "d1-a24249832e12",
    "sessionId": "86dfa650dc",
    "requestId": "74-91c002ed5043",
    "action": "PERMISSION_APPLY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "bim",
            "profileId": "999111223",
            "type": "USER"
        }
    ],
    "relatedResources": [
        {
            "name": "GOVERNANCE",
            "id": "GOVERNANCE",
            "type": "PERMISSION"
        }
    ],
    "auditPayload": {
        "type": "<PermissionAppliedAuditPayload | PermissionRemovedAuditPayload>",
        "version": 1
    },
    "eventTimestamp": "2024-01-09T20:18:53.451Z",
    "receivedTimestamp": "2024-01-09T20:18:53.578Z"
}

ProjectCreated event

A project is created.

{
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "taylor@immuta.com"
    },
    "eventTimestamp": "2023-09-13T13:43:04.225Z",
    "auditPayload": {
        "equalization": null,
        "projectKey": "hr",
        "purposes": [],
        "disabled": false,
        "type": "ProjectCreatedAuditPayload",
        "datasources": [],
        "allowMaskedJoins": false,
        "stagedPurposes": [],
        "projectId": "6",
        "version": 1,
        "name": "HR",
        "description": null,
        "tags": [],
        "documentation": "# A project for all internal employee data for HR use."
    },
    "targets": [
        {
            "id": "6",
            "type": "PROJECT",
            "projectKey": "hr",
            "name": "HR"
        }
    ],
    "relatedResources": [],
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "cdb12c",
    "actionStatus": "SUCCESS",
    "targetType": "PROJECT",
    "id": "8d6-9c1d8e453f93",
    "receivedTimestamp": "2023-09-13T13:43:04.515Z",
    "requestId": "49-29b224654c4e"
}

ProjectDeleted event

A project is deleted.

{
    "auditPayload": {
        "projectId": "2",
        "projectKey": "hr",
        "type": "ProjectDeletedAuditPayload",
        "name": "HR"
    },
    "requestId": "47-f7afaccd75a0",
    "actor": {
        "profileId": "1",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "action": "DELETE",
    "targetType": "PROJECT",
    "receivedTimestamp": "2023-04-14T16:07:13.416Z",
    "relatedResources": [],
    "eventTimestamp": "2023-04-14T16:07:12.647Z",
    "actionStatus": "SUCCESS",
    "actorIp": "127.0.0.1",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "2",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "sessionId": "635b92328be0",
    "id": "37-300df04aa1e0"
}

ProjectDisabled event

A project is disabled.

{
    "id": "d8-68ba5868a1ca",
    "sessionId": "dda13e2c",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "7",
            "projectKey": "hr",
            "type": "PROJECT"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "action": "DISABLE",
    "actor": {
        "profileId": "1",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "requestId": "ff7-d9e59aaf97b5",
    "auditPayload": {
        "type": "ProjectDisabledAuditPayload",
        "projectKey": "hr",
        "version": 1,
        "projectId": "7",
        "name": "HR"
    },
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2023-12-23T13:32:57.895Z",
    "receivedTimestamp": "2023-12-23T13:32:58.072Z",
    "targetType": "PROJECT"
}

ProjectPurposeApproved event

A purpose is approved within a project.

{
    "targetType": "PROJECT",
    "receivedTimestamp": "2023-12-19T17:23:31.075Z",
    "eventTimestamp": "2023-12-19T17:23:17.425Z",
    "relatedResources": [
        {
            "type": "PURPOSE",
            "name": "NoiseReduced.Small",
            "id": "14"
        }
    ],
    "actionStatus": "SUCCESS",
    "auditPayload": {
        "purposeId": "14",
        "projectId": "2",
        "version": 1,
        "type": "ProjectPurposeApprovedAuditPayload"
    },
    "requestId": "ab-09516a9cc919",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "action": "PURPOSE_APPROVE",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "2",
            "name": "HR",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "sessionId": "ed783c401",
    "id": "68-f64ac1b404bc"
}

ProjectPurposeDenied event

A purpose is denied within a project.

{
    "action": "PURPOSE_DENY",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com"
    },
    "requestId": "3a1-49a1e6b37077",
    "auditPayload": {
        "version": 1,
        "projectId": "11",
        "purposeId": "6",
        "type": "ProjectPurposeDeniedAuditPayload"
    },
    "relatedResources": [
        {
            "name": "Activities",
            "id": "6",
            "type": "PURPOSE"
        }
    ],
    "eventTimestamp": "2023-12-19T17:30:29.543Z",
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-12-19T17:30:32.388Z",
    "targetType": "PROJECT",
    "id": "f32-7ea37d568c03",
    "sessionId": "ed78c401",
    "targets": [
        {
            "type": "PROJECT",
            "projectKey": "hr",
            "name": "HR",
            "id": "11"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "actorIp": "xxx.xx.xx.xx"
}

ProjectPurposesAcknowledged event

A user acknowledged a purpose within a project.

{
    "requestId": "ea-cdb421ec3f64",
    "auditPayload": {
        "purposes": [
            {
                "id": "5",
                "name": "Re-identification Prohibited.Expert Determination",
                "acknowledgement": "I agree to use the data associated with this project for the stated purpose of the project, and for that purpose only."
            }
        ],
        "subscriptionId": "8",
        "type": "ProjectPurposesAcknowledgedAuditPayload",
        "version": 1,
        "projectId": "2"
    },
    "action": "PURPOSE_ACKNOWLEDGE",
    "actor": {
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "targetType": "PROJECT",
    "eventTimestamp": "2023-10-13T14:12:18.083Z",
    "relatedResources": [
        {
            "id": "5",
            "name": "Re-identification Prohibited.Expert Determination",
            "type": "PURPOSE"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-13T14:12:18.216Z",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "id": "2",
            "name": "HR",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "id": "d21-8d0aaec67c87",
    "sessionId": "6b2beca6"
}

ProjectUpdated event

A project is updated.

{
    "sessionId": "6b72beca6",
    "id": "b3-e2663a2541cb",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "id": "1",
            "name": "HR",
            "projectKey": "hr",
            "type": "PROJECT"
        }
    ],
    "receivedTimestamp": "2023-10-13T13:07:36.937Z",
    "eventTimestamp": "2023-10-13T13:07:36.626Z",
    "relatedResources": [],
    "actionStatus": "SUCCESS",
    "targetType": "PROJECT",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "profileId": "1"
    },
    "action": "UPDATE",
    "auditPayload": {
        "equalization": null,
        "type": "ProjectUpdatedAuditPayload",
        "projectId": "1",
        "version": 1
    },
    "requestId": "e1-d71d4e033af5"
}

PurposeDeleted event

A purpose is deleted.

{
"id": "ea-106f25bbfa0b",
"sessionId": "e3e03f2d8",
"requestId": "f5-929a5e6f8299",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "id": "1",
    "name": "Human resources use"
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeDeleted",
"version": "1.0.0"
}

PurposeUpdated event

A purpose is updated.

{
"id": "ea-106f25bbfa0b",
"sessionId": "e3e0b3f2d8",
"requestId": "f5-929a5e6f8299",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "PurposeUpdatedAuditPayload",
    "description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
    "name": "Human resources use",
    "acknowledgement": "I agree to use this data for internal human resources needs.",
    "subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpdated",
"version": "1.0.0"
}

PurposeUpserted event

A purpose is created.

{
"id": "ea-106f25bbfa0b",
"sessionId": "e3e9b3f2d8",
"requestId": "f5-929a5e6f8299",
"action": "UPSERT",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "PurposeUpsertedAuditPayload",
    "description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
    "name": "Human resources use",
    "acknowledgement": "I agree to use this data for internal human resources needs.",
    "subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpserted",
"version": "1.0.0"
}

SDDClassifierCreated event

An identifier is created.

Additional parameter details:

auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.

{
    "receivedTimestamp": "2023-12-22T20:37:08.243Z",
    "actor": {
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "id": "taylor@immuta.com",
        "profileId": "1"
    },
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "a21e7c9c0",
    "action": "CREATE",
    "eventTimestamp": "2023-12-22T20:37:08.009Z",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SDD_CLASSIFIER",
    "id": "b4a-26f2fb83fd1f",
    "requestId": "f74-5bd7af7d3d92",
    "auditPayload": {
        "displayName": "My Column Name Regex Rule",
        "name": "MY_COLUMN_NAME_REGEX_RULE",
        "classifierId": "73",
        "config": {
            "columnNameRegex": "salary",
            "tags": [
                {
                    "id": "22402",
                    "name": "Discovered.column-name-regex-salary",
                    "type": "TAG",
                    "source": "curated"
                }
            ]
        },
        "version": 1,
        "type": "SDDClassifierCreatedAuditPayload"
    },
    "relatedResources": [
        {
            "id": "22402",
            "name": "Discovered.column-name-regex-salary",
            "type": "TAG",
            "source": "curated"
        }
    ],
    "targets": [
        {
            "name": "MY_COLUMN_NAME_REGEX_RULE",
            "id": "73",
            "type": "SDD_CLASSIFIER"
        }
    ]
}

SDDClassifierDeleted event

An identifier is deleted.

{
    "id": "25-9d2f8860bb21",
    "targetType": "SDD_CLASSIFIER",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "relatedResources": [],
    "auditPayload": {
        "classifierId": "69",
        "name": "MY_DICTIONARY_RULE",
        "version": 1,
        "type": "SDDClassifierDeletedAuditPayload"
    },
    "requestId": "29-6b75c42ad618",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-18T23:09:33.882Z",
    "actor": {
        "type": "USER_ACTOR",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1"
    },
    "eventTimestamp": "2023-12-18T23:09:33.792Z",
    "action": "DELETE",
    "sessionId": "78ffca4"
}

SDDClassifierUpdated event

An identifier is updated.

Additional parameter details:

auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.

{
    "id": "4-893e3a734285",
    "sessionId": "35dfd3c6",
    "requestId": "e7-f9ffd4192cb3",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SDD_CLASSIFIER",
    "targets": [
        {
            "type": "SDD_CLASSIFIER",
            "id": "68",
            "name": "Email identifier"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered.Passport",
            "id": "8",
            "source": "curated"
        }
    ],
    "auditPayload": {
        "type": "SDDClassifierUpdatedAuditPayload",
        "version": 1,
        "classifierId": "68",
        "name": "Email identifier",
        "displayName": "A new identifier updated",
        "config": {
            "tags": [
                {
                    "type": "TAG",
                    "name": "Discovered.Passport",
                    "id": "8",
                    "source": "curated"
                }
            ],
            "columnNameRegex": "^[A-Z_0-9]+$"
        }
    },
    "eventTimestamp": "2024-03-08T19:07:57.304Z",
    "receivedTimestamp": "2024-03-08T19:07:57.409Z"
}

SubscriptionCreated event

A user is subscribed to a data source or project.

Additional parameter details: auditPayload.modelType will specify whether the user was subscribed to a DATASOURCE or PROJECT.

{
    "actor": {
        "id": "taylor@immuta.com",
        "profileId": "1",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "actionStatus": "SUCCESS",
    "targetType": "SUBSCRIPTION",
    "tenantId": "your-immuta-tenant.com",
    "action": "CREATE",
    "relatedResources": [
        {
            "id": "9",
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE"
        },
        {
            "type": "USER",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "profileId": "1",
            "id": "taylor@immuta.com"
        }
    ],
    "targets": [
        {
            "subscriber": {
                "type": "USER",
                "identityProvider": "bim",
                "name": "Taylor Smith",
                "profileId": "1",
                "id": "taylor@immuta.com"
            },
            "model": {
                "id": "9",
                "type": "DATASOURCE",
                "technology": "SNOWFLAKE",
                "name": "Public case"
            },
            "id": "13",
            "type": "SUBSCRIPTION",
            "name": "13"
        }
    ],
    "auditPayload": {
        "modelType": "DATASOURCE",
        "subscriberId": "1",
        "subscriberType": "USER",
        "modelId": "9",
        "role": "OWNER",
        "isEntitlementsPolicyOverride": false,
        "type": "SubscriptionCreatedAuditPayload",
        "status": "APPROVED"
    },
    "receivedTimestamp": "2023-04-14T16:48:21.198Z",
    "eventTimestamp": "2023-04-14T16:48:21.159Z",
    "id": "1a-0fa7751a887e"
}

SubscriptionDeleted event

A user's subscription to a data source or project is removed.

Additional parameter details: auditPayload.modelType will specify whether the user's subscription was removed from a DATASOURCE or PROJECT.

{
    "sessionId": "d8f95eb635",
    "targetType": "SUBSCRIPTION",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-04-28T17:25:15.268Z",
    "requestId": "4953-7f5cc3d7b8d6",
    "id": "b6d21-cb84c51fa528",
    "actor": {
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "action": "DELETE",
    "tenantId": "your-immuta-tenant.com",
    "auditPayload": {
        "subscriptionId": "28",
        "subscriberType": "USER",
        "subscriberId": "20",
        "modelType": "DATASOURCE",
        "type": "SubscriptionDeletedAuditPayload",
        "modelId": "15",
        "denialReason": "Subscription policy removed"
    },
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "name": "28",
            "subscriber": {
                "id": "taylor@immuta.com",
                "type": "USER",
                "identityProvider": "bim",
                "name": "Taylor Smith",
                "profileId": "20"
            },
            "model": {
                "id": "15",
                "name": "Public case",
                "technology": "DATABRICKS",
                "type": "DATASOURCE"
            },
            "id": "28"
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "technology": "DATABRICKS",
            "name": "Public case",
            "id": "15"
        },
        {
            "id": "taylor@immuta.com",
            "type": "USER",
            "profileId": "20",
            "name": "Taylor Smith",
            "identityProvider": "bim"
        }
    ],
    "eventTimestamp": "2023-04-28T17:25:14.837Z"
}

SubscriptionRequestApproved event

A user's request to subscribe to a data source or project is approved.

Additional parameter details: targets.model.type will specify whether the subscription was approved for a DATASOURCE or PROJECT.

{
    "id": "f61-92bc89f03ab0",
    "sessionId": "17cce823",
    "requestId": "20-ef587651e2ce",
    "action": "SUBSCRIPTION_REQUEST_APPROVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SUBSCRIPTION",
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "id": "10",
            "name": "10",
            "model": {
                "type": "DATASOURCE",
                "id": "8",
                "name": "Public case",
                "technology": "STARBURST_TRINO"
            },
            "subscriber": {
                "name": "Deepu Murty",
                "id": "deepu@immuta.com",
                "identityProvider": "bim",
                "profileId": "13",
                "type": "USER"
            }
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "id": "8",
            "name": "Public case",
            "technology": "STARBURST_TRINO"
        },
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "bim",
            "profileId": "13",
            "type": "USER"
        }
    ],
    "auditPayload": {
        "type": "SubscriptionRequestApprovedAuditPayload",
        "version": 1,
        "subscriptionId": "10",
        "status": "APPROVED",
        "approverPermissions": ["OWNER"]
    },
    "eventTimestamp": "2024-03-08T15:53:54.800Z",
    "receivedTimestamp": "2024-03-08T15:53:54.922Z"
}

SubscriptionRequestDenied event

A user's request to subscribe to a data source or project is denied.

Additional parameter details: auditPayload.modelType will specify whether the user's subscription was denied for a DATASOURCE or PROJECT.

{
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "name": "127",
            "subscriber": {
                "profileId": "13",
                "identityProvider": "bim",
                "name": "Deepu Murty",
                "type": "USER",
                "id": "deepu@immuta.com"
            },
            "model": {
                "id": "1",
                "projectKey": "HR",
                "name": "HR",
                "type": "PROJECT"
            },
            "id": "127"
        }
    ],
    "relatedResources": [
        {
            "id": "1",
            "type": "PROJECT",
            "name": "HR",
            "projectKey": "HR"
        },
        {
            "profileId": "13",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "type": "USER",
            "id": "deepu@immuta.com"
        }
    ],
    "auditPayload": {
        "subscriberId": "13",
        "subscriberType": "USER",
        "subscriptionId": "127",
        "modelType": "PROJECT",
        "type": "SubscriptionRequestDeniedAuditPayload",
        "modelId": "1",
        "denialReason": "Not part of the appropriate department",
        "version": 1,
        "approverPermissions": ["OWNER"]
    },
    "eventTimestamp": "2024-02-23T19:53:09.004Z",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "SUBSCRIPTION_REQUEST_DENY",
    "requestId": "fc-ade4863ee11e",
    "receivedTimestamp": "2024-02-23T19:53:09.153Z",
    "id": "a3e-cbe1263695c8",
    "sessionId": "904453c7",
    "targetType": "SUBSCRIPTION",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx"
}

SubscriptionRequested event

A user requests to subscribe to a data source or project.

Additional parameter details: auditPayload.modelType will specify whether the user requested to subscribe to a DATASOURCE or PROJECT.

{
    "auditPayload": {
        "status": "PENDING",
        "version": 1,
        "modelId": "75",
        "type": "SubscriptionRequestedAuditPayload",
        "modelType": "DATASOURCE",
        "subscriberType": "USER",
        "subscriberId": "13",
        "subscriptionId": "126"
    },
    "targets": [
        {
            "name": "Public case",
            "technology": "POSTGRESQL",
            "type": "DATASOURCE",
            "id": "75"
        }
    ],
    "relatedResources": [
        {
            "id": "126",
            "subscriber": {
                "type": "USER",
                "name": "Deepu Murty",
                "identityProvider": "bim",
                "profileId": "13",
                "id": "deepu@immuta.com"
            },
            "model": {
                "id": "75",
                "name": "Public case",
                "type": "DATASOURCE",
                "technology": "POSTGRESQL"
            },
            "name": "126",
            "type": "SUBSCRIPTION"
        },
        {
            "type": "USER",
            "profileId": "13",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "id": "deepu@immuta.com"
        }
    ],
    "eventTimestamp": "2024-02-23T19:51:24.669Z",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "13",
        "name": "Deepu Murty",
        "identityProvider": "bim",
        "id": "deepu@immuta.com"
    },
    "action": "SUBSCRIPTION_REQUESTED",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2024-02-23T19:51:24.810Z",
    "requestId": "e1de-d5851b769dd4",
    "id": "8bd099da-2082-4447-aa9f-961319593a4c",
    "sessionId": "6ba62f34",
    "targetType": "DATASOURCE",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx"
}

SubscriptionUpdated event

A user's subscription to a data source or project is updated.

Additional parameter details: targets.model.type will specify whether the subscription was updated on a DATASOURCE or PROJECT.

{
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "UPDATE",
    "relatedResources": [
        {
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "DATABRICKS",
            "id": "17"
        },
        {
            "name": "Deepu Murty",
            "identityProvider": "bim",
            "profileId": "999111223",
            "type": "USER",
            "id": "deepu@immuta.com"
        }
    ],
    "targets": [
        {
            "subscriber": {
                "name": "Deepu Murty",
                "identityProvider": "bim",
                "profileId": "999111223",
                "type": "USER",
                "id": "deepu@immuta.com"
            },
            "model": {
                "name": "Public case",
                "technology": "DATABRICKS",
                "type": "DATASOURCE",
                "id": "17"
            },
            "id": "64",
            "type": "SUBSCRIPTION",
            "name": "64"
        }
    ],
    "auditPayload": {
        "subscriptionId": "64",
        "role": "OWNER",
        "version": 1,
        "type": "SubscriptionUpdatedAuditPayload"
    },
    "eventTimestamp": "2023-05-16T20:24:04.360Z",
    "actionStatus": "SUCCESS",
    "targetType": "SUBSCRIPTION",
    "sessionId": "8c57c9c6",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "b7-2f00ab63b160",
    "receivedTimestamp": "2023-05-16T20:24:04.475Z",
    "id": "24f-7dabcfb9ce23"
}

TagApplied event

A tag is applied to a data source or column.

{
    "id": "b1-0cd232a275a0",
    "sessionId": "0fca739c",
    "requestId": "e45f1d89-fbc94b147d7a",
    "action": "TAG_APPLY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "27",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered",
            "id": "451",
            "source": "curated",
            "context": "manual"
        }
    ],
    "auditPayload": {
        "type": "TagAppliedAuditPayload",
        "version": 1,
        "appliedTags": [
            {
                "targetName": "Public case",
                "targetType": "DATASOURCE",
                "tags": [
                    {
                        "type": "TAG",
                        "name": "Discovered",
                        "id": "451",
                        "source": "curated",
                        "context": "manual"
                    }
                ]
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:39:01.342Z",
    "receivedTimestamp": "2024-02-22T14:39:01.514Z"
}

TagCreated or TagDeleted event

A tag is created or deleted.

Additional parameter details: action will specify whether the tag was CREATE or DELETE.

{
    "id": "760-cbed84af2d6c",
    "sessionId": "0fca39c",
    "requestId": "3a-bb7217d02e43",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "TAG",
    "targets": [
        {
            "type": "TAG",
            "name": "First name",
            "id": "452",
            "source": "curated"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "<TagCreatedAuditPayload | TagDeletedAuditPayload>",
        "version": 1,
        "tags": [
            {
                "id": "452",
                "name": "First name",
                "source": "curated",
                "type": "TAG"
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:39:50.845Z",
    "receivedTimestamp": "2024-02-22T14:39:50.918Z"
}

TagRemoved event

A tag is removed from a data source or column.

{
    "id": "5a0-a9ed243da8f4",
    "sessionId": "0fca739c",
    "requestId": "50-87563ed090ce",
    "action": "TAG_REMOVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "27",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered",
            "id": "1",
            "source": "curated"
        }
    ],
    "auditPayload": {
        "type": "TagRemovedAuditPayload",
        "version": 1,
        "removedTags": [
            {
                "targetName": "Public case",
                "targetType": "DATASOURCE",
                "tags": [
                    {
                        "type": "TAG",
                        "name": "Discovered",
                        "id": "1",
                        "source": "curated"
                    }
                ]
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:44:29.943Z",
    "receivedTimestamp": "2024-02-22T14:44:30.077Z"
}

TagUpdated event

A tag is updated.

{
    "id": "cdc9-22059492a806",
    "sessionId": "0fca9c",
    "requestId": "0a8-e5aa0455b223",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "TAG",
    "targets": [
        {
            "type": "TAG",
            "name": "TestTagUpdate",
            "id": "452",
            "source": "curated"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "TagUpdatedAuditPayload",
        "version": 1,
        "rootTag": "First_name",
        "deleteHierarchy": false,
        "tags": [
            {
                "id": "452",
                "name": "First name",
                "source": "curated",
                "type": "TAG"
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:40:08.449Z",
    "receivedTimestamp": "2024-02-22T14:40:08.563Z"
}

UserAuthenticated event

A user signs in to Immuta.

Additional parameter details: authenticationMethod possible values include

OAuth: The user authenticated using the 3rd party authentication OAuth.
OpenId: The user authenticated using the 3rd party authentication OpenId.
SAML: The user authenticated using the 3rd party authentication SAML.
apiKey: The user authenticated or impersonated using an API key. The user is running API calls and did not sign in to the UI.
password: The user authenticated with username and password.

{
    "requestId": "0aaf4825-312b13e",
    "auditPayload": {
        "type": "UserAuthenticatedAuditPayload",
        "authenticationMethod": "apiKey"
    },
    "action": "AUTHENTICATE",
    "actor": {
        "id": "postgres_system",
        "name": "Immuta System Account",
        "type": "SYSTEM_ACCOUNT"
    },
    "targetType": "USER",
    "relatedResources": [],
    "eventTimestamp": "2023-03-03T01:47:36.225Z",
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-03-03T01:47:36.319Z",
    "tenantId": "your-immuta-tenant.com",
    "targets": [],
    "actorIp": "xxx.xx.xx.xx",
    "id": "56-2c3d2cf1fb",
    "sessionId": "733ce3"
}

UserCloned event

A user is cloned.

{
    "id": "8f-3899d6d6fbf5",
    "sessionId": "ef5dc",
    "requestId": "243bf98c-1d997137cccb",
    "action": "CLONE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Clone of taylor@immuta.com (awaiting first login)",
            "id": "clonetaylor@immuta.com",
            "identityProvider": "bim",
            "profileId": "999111236",
            "type": "USER"
        },
        {
            "name": "Clone of taylor@immuta.com (awaiting first login)",
            "id": "clone2taylor@immuta.com",
            "identityProvider": "bim",
            "profileId": "999111237",
            "type": "USER"
        }
    ],
    "relatedResources": [
        {
            "name": "Taylor Smith",
            "id": "taylor@immuta.com",
            "identityProvider": "bim",
            "profileId": "999111228",
            "type": "USER"
        }
    ],
    "auditPayload": {
        "type": "UserClonedAuditPayload",
        "version": 1,
        "failedUserIds": [],
        "newUserIds": ["clonetaylor@immuta.com", "clone2taylor@immuta.com"],
        "clonedUserId": "testuser1@localhost.fake",
        "clonedUserIamProvider": "bim"
    },
    "eventTimestamp": "2024-01-05T19:07:29.141Z",
    "receivedTimestamp": "2024-01-05T19:07:29.364Z"
}

UserCreated event

A user is created.

{
    "id": "f6d-ec938334e217",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Immuta System Account",
        "id": "immuta_system_account",
        "type": "SYSTEM_ACCOUNT"
    },
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "okta",
            "profileId": "999111251",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserCreatedAuditPayload",
        "version": 1,
        "name": "Deepu Murty",
        "email": "deepu@immuta.com"
    },
    "eventTimestamp": "2024-02-01T13:16:26.541Z",
    "receivedTimestamp": "2024-02-01T13:16:26.564Z"
}

UserDeleted event

A user is deleted.

{
    "id": "5e-66534d728a02",
    "sessionId": "fc6355",
    "requestId": "610-07a065c13c48",
    "action": "DELETE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserDeletedAuditPayload",
        "version": 1,
        "userId": "deepu@immuta.com",
        "userIdProvider": "okta"
    },
    "eventTimestamp": "2024-01-31T15:41:25.000Z",
    "receivedTimestamp": "2024-01-31T15:41:27.150Z"
}

UserLogout event

A user logs out of Immuta.

Additional parameter details:

authenticationMethod possible values include
- OAuth: The user authenticated using the 3rd party authentication OAuth.
- OpenId: The user authenticated using the 3rd party authentication OpenId.
- SAML: The user authenticated using the 3rd party authentication SAML.
- apiKey: The user authenticated or impersonated using an API key.
- password: The user authenticated with username and password.
logoutReason possible values include
- EXPIRATION: The user was logged out because the token expired.
- IDP_INITIATED: The IdP initiated the logout.
- USER_LOGOUT_TRIGGERED: The user manually logged out.

{
    "sessionId": "0d103371",
    "id": "b-68df2ed10c58",
    "actionStatusReason": null,
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Taylor Smith",
            "id": "taylor@immuta.com",
            "profileId": "1",
            "type": "USER",
            "identityProvider": "bim"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2024-02-08T15:51:54.660Z",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2022-07-28T03:52:03.790Z",
    "targetType": "USER",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "profileId": "1"
    },
    "action": "LOGOUT",
    "auditPayload": {
        "logoutReason": "EXPIRATION",
        "authenticationMethod": "password",
        "impersonatedId": "taylor@immuta.com",
        "impersonatedIdProvider": "bim",
        "type": "UserLogoutAuditPayload",
        "version": 1
    },
    "requestId": "myRequestId"
}

UserOneTimeTokenCreated event

A sign-in token is created for a user.

{
    "id": "8d-7ef0cd135136",
    "sessionId": "a16d",
    "requestId": "76-f19befd0e93e",
    "action": "NEW_TOKEN",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "bim",
            "profileId": "999111235",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserOneTimeTokenCreatedAuditPayload",
        "version": 1
    },
    "eventTimestamp": "2024-01-22T19:57:56.319Z",
    "receivedTimestamp": "2024-01-22T19:57:56.394Z"
}

UserPasswordUpdated event

A user's password is updated.

{
    "actor": {
        "type": "USER_ACTOR",
        "id": "taylor@immuta.com",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1"
    },
    "sessionId": "8aa290ca1",
    "requestId": "77-bd71c81200e8",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx",
    "eventTimestamp": "2023-12-22T21:27:51.255Z",
    "id": "bd-ec38163a85a2",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "USER",
            "id": "deepu@immuta.com",
            "name": "Deepu Murty",
            "identityProvider": "bim",
            "profileId": "999111226"
        }
    ],
    "action": "PASSWORD_UPDATE",
    "auditPayload": {
        "type": "UserPasswordUpdatedAuditPayload",
        "version": 1
    },
    "targetType": "USER",
    "relatedResources": [],
    "receivedTimestamp": "2023-12-22T21:27:51.394Z"
}

UserUpdated event

A user's details are updated.

{
    "id": "9-de80573f841a",
    "sessionId": "b2042c32",
    "requestId": "d3b-3715fa181160",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "taylor@immuta.com",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "deepu@immuta.com",
            "identityProvider": "bim",
            "profileId": "6",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserUpdatedAuditPayload",
        "version": 1,
        "userId": "deepu@immuta.com",
        "userIdProvider": "bim",
        "externalUserIds": [],
        "disabled": false
    },
    "eventTimestamp": "2024-02-08T15:46:25.949Z",
    "receivedTimestamp": "2024-02-08T15:46:26.167Z"
}

WebhookCreated event

A webhook is created.

{
    "targets": [
        {
            "name": "ProjectCreateMonitorHook",
            "type": "WEBHOOK",
            "id": "12"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-19T14:15:38.160Z",
    "actorIp": "xxx.xx.xx.xx",
    "id": "5fa-193c04d6e5f2",
    "auditPayload": {
        "type": "WebhookCreatedAuditPayload",
        "version": 1,
        "webhooks": [
            {
                "id": "12",
                "name": "ProjectCreateMonitorHook",
                "actionType": "TRIGGERED",
                "global": false,
                "url": "https://hooks.slack.com/triggers/your-id",
                "notificationType": [
                    "projectUpdated"
                ]
            }
        ]
    },
    "requestId": "6c-e7a02bb0aea7",
    "relatedResources": [],
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "WEBHOOK",
    "actor": {
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "taylor@immuta.com"
    },
    "eventTimestamp": "2023-10-19T14:15:38.074Z",
    "sessionId": "f29bb866"
}

WebhookDeleted event

A webhook is deleted.

{
    "id": "0f89-8cac34b5b820",
    "actorIp": "xxx.xx.xx.xx",
    "auditPayload": {
        "name": "ProjectCreateMonitorHook",
        "webhookId": "12",
        "type": "WebhookDeletedAuditPayload",
        "version": 1
    },
    "targets": [
        {
            "id": "12",
            "name": "ProjectCreateMonitorHook",
            "type": "WEBHOOK"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-19T14:20:50.152Z",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "WEBHOOK",
    "actor": {
        "id": "taylor@immuta.com",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim"
    },
    "sessionId": "3094",
    "eventTimestamp": "2023-10-19T14:20:50.077Z",
    "requestId": "ff-5d366c735558",
    "action": "DELETE",
    "relatedResources": []
}

PreviousUniversal Audit Model (UAM)NextQuery Audit Logs

Last updated 1 day ago

Was this helpful?