Audit events for Cloud Pak for Data platform

The following list describes events in the Cloud Pak for Data platform that are audited.

The events that the platform audits depend on the services that are installed on top of the platform. For example, events related to connections are generated only if the common core services are installed.

Login, Logout, Session, Authentication
  • security.users.authenticate - Success or failure when a user logs in.
  • security.users.revoke - Record when users log out.
  • security.accounts.authenticate - Success or failure of token authentication.
  • security.authorization - Failure when invoking any privileged action.
User Management
  • users.user.create - Authorize a user for access to the platform.
  • users.user.delete - Remove access to the platform for user.
  • users.user.update - Make changes in a user's profile, including name, email address.
  • users.role.add - Grant a specific privilege to a user on the platform.
  • users.role.remove - Revoke a platform privilege from a user.
Service Level
  • services.service.create - A service is installed and enabled.
  • services.service.delete - A service is uninstalled.
  • services.service.update - A service is updated.
Service Instances
  • service_instances.instance.create - A service instance is provisioned.
  • service_instances.instance.delete - A service instance is unprovisioned.
  • service_instances.instance.update - A service instance is changed.
  • service_instances.read - The list of service instances is retrieved.
  • service_instances.instance.read - A query for the details of a service instance by ID.
  • service_instances.user.add - Grant user access, with a particular role, to a service instance.
  • service_instances.user.delete - Revoke user access from a service instance.
  • service_instances.user.get - A query to list users with access to a service instance.
  • service_instances.user.update - Change a user’s access role for a service instance.
Connections
  • connections.create - Add connection.
  • connections.update – Update connection.
  • connections.delete – Delete connection.
  • connections.read – A query issued to retrieve all connections.
  • connections.connection.read – A query issued to retrieve one connection’s details by ID.
Deployments
  • deployments.delete - Delete service deployment.
  • deployments.read – Retrieve service deployment by ID.