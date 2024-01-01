This feature is only available with a GraphOS Enterprise plan. You can test it out by signing up for a free You can test it out by signing up for a free GraphOS trial . To compare GraphOS feature support across all plan types, see the pricing page

Organizations with a GraphOS Enterprise plan can export and download an audit log of all material events that have occurred in the organization over a given timeframe.

The interface for requesting an export of auditable events is available under the Audit tab of your organization's homepage in GraphOS Studio:

ⓘ note Audit log data is available from July 2021 onward.

Creating an audit log export

ⓘ note Only Organization Admins can request audit exports.

When creating an audit log export, you specify a time range, along with optional filters to limit actions to a particular user or graph. The maximum time range that you can request audits for is 180 days, as defined by Apollo's retention policy .

Exports sometimes take a few minutes to process. When an export is ready, Studio emails you a link to its CSV file, and you can also find that link in the audit exports table. Audit export files are available to download for 30 days.

Note that it takes about 10 to 15 minutes before a performed action can appear in an exported audit log.

Reading an audit log

An exported audit log is a CSV file in which each row represents a material change to your Studio organization. Columns contain the following information:

Column Description Timestamp The time when the action occurred. Action The type of action that occurred. Possible values are listed in Audited actions . Resource_ID The ID of the resource that was acted on. Resource_Type The type of resource that was acted on. Possible values are listed in Resource types . Details A JSON object containing details of the action that occurred. The fields of this object vary depending on the action. Actor_ID The Studio ID of the actor that performed the action. Actor_Type The type of actor that performed the action. This is most commonly USER (an authenticated user) or GRAPH (a tool such as the Rover CLI using a graph API key). Effective_Role The organizational role of the actor that performed the action, indicating its corresponding permissions . Actor_Email The actor's email address, if the actor is a USER . Actor_Name The actor's name, if the actor is a USER . Graph_ID The ID of the Studio graph that the action pertains to, if any.

Resource types

An audit log's Resource_Type column indicates what type of resource each action was performed on. Possible values are listed below.

Resource type Description ACCOUNT A Studio organization . USER A Studio user. GRAPH A Studio graph . GRAPH_VARIANT A graph variant . GRAPH_API_KEY A graph API key . USER_API_KEY A user API key . ZENDESK_TICKET An Apollo support ticket. AUDIT_JOB The generation of an audit log export. EMAIL_SETTINGS A user's marketing email settings. ACCOUNT_INVITATION An invitation for a user to join an organization.

Audited actions

The Action column of an audit log indicates the type of each action that was performed. Possible values are listed below.

Generic actions

These actions are applied to a variety of resource types , including graphs, variants, and API keys.

Action type Description CREATE Creates a resource of the corresponding resource type. UPDATE Modifies an existing resource of the corresponding resource type. SOFT_DELETE Deletes a resource of the corresponding resource type, but the resource is still recoverable if necessary. UNDO_SOFT_DELETE Recovers a resource from a previous SOFT_DELETE . DELETE Permanently deletes a resource of the corresponding resource type. CONFIG_CHANGE Modifies a resource's configuration, such as changing a variant's endpoint URL. Many different configuration changes use this action type. API_KEY Creates, renames, or deletes an API key. This action type is deprecated in favor of CREATE , UPDATE , and DELETE , but it still appears alongside those action types in audit logs.

Federated graphs

Action type Description IMPLEMENTING_SERVICE_UPSERT Adds a new subgraph to a federated graph. IMPLEMENTING_SERVICE_REMOVE Removes a subgraph from a federated graph.

Organization members

Action type Description JOIN_ACCOUNT Adds a user to an organization. LEAVE_ACCOUNT Removes a user from an organization. CHANGE_ROLE Changes a user's organizational role . OVERRIDE_GRAPH_ROLE Overrides a user's role for a single graph.

Studio features

Action type Description IGNORE_OPERATION_IN_CHECKS Ignores a particular GraphQL operation when running schema checks . MARK_CHANGES_SAFE_FOR_OPERATION Marks a particular set of changes as safe when running schema checks . TOGGLE_DATADOG Enables or disables Datadog metrics forwarding .

GraphOS plan