Does log data include the actioning user

abartlett36 · January 30, 2020, 10:31am

Hello,
When Auth0 logs administration actions taken through the DAE/Dashboard/Management API, does the log data include the user that performed the action? For example, if User X creates user Y, I can see that the log entry refers to user Y but does it also include User X?

konrad.sopala · January 30, 2020, 11:57am

Hey there @abartlett36!

Welcome in our community!

Let me check that for you and get back here with the info soon!

konrad.sopala · February 6, 2020, 10:49am

Hey there!

Sorry for the delay. I was told that in some cases both sides will be visible but not in all.

Using the Dashboard or the Management API logs endpoint, you can pull log data on actions performed by administrators using the Dashboard, operations performed via the Management API, and authentications made by your users.

abartlett36 · February 10, 2020, 1:19pm

Thanks Konrad. A couple of follow-up questions:

Is there a list available of which cases will/will not have both sides visible?
For any given log item, does the Dashboard always show all the log data that is available?

abartlett36 · February 19, 2020, 10:54am

Hi @konrad.sopala,

Do you have any thoughts on my follow-up questions?

Regarding the question about which cases will/will not have both sides visible, it looks like actions taken through the Delegated Admin Extenstion never have the actioning user recorded in the logs. Is that correct? If so, would I be right in thinking that this would apply to any action taken through the Management API?

Thanks
Andy

konrad.sopala · March 18, 2020, 5:27pm

Hey there!

Sorry for the delay in response but I got trapped in all the incoming questions.

Getting back to your first question. I just created a user and checked the logs.

So i performed a Management API operation to be precise. Created a user

When I check the overall summary of the log I can that user was created but I have no idea if it wasn’t me who created that user

In order to check that you need to go to the raw format of the log which is down there and scroll down until you see this, which is the person that performed the action (who - did - what pattern):

Screenshot 2020-03-18 at 18.21.54

There isn’t a list of cases that will / will not have both sides available. I would say it’s more of a situation where in some cases you will see both sides in the summary and in other you will need to inspect the raw file in JSON format.

Regarding your last message with above screenshots I proved that it’s a wrong assumption cause for creating the user behind the scenes the Management API was used and both sides are visible but you need to inspect raw JSON available below the summary of certain log.

For more on logs you can visit that doc: