Hightouch offers audit logs so workspace admins can see what actions users took in-app and when. For example, suppose someone notices that a sync has sent incorrect data to a destination. A workspace admin can use audit logs to review changes made to the sync before the incorrect data appeared. The admin can correct the issue, and—if necessary—implement controls to avoid future incidents.
Workspace admins and those with the appropriate access can view logs by going to the Audit log tab on the Settings page. The logs consist of a table of actions beginning with the most recent. Each row represents one action.
Each action includes:
The Date and time, in the viewer's timezone, the action took place
The Action name, for example, "Sync updated"
The User who performed the action
The Resource type of the resource the action was performed on
The Resource name of the resource the action was performed on
Clicking on an action displays the action's full details in JSON format in the right panel. Added lines are highlighted in green, while removed lines are highlighted in red.
Anyone with read-access to the workspace resource can view audit logs.
Out-of-the-box roles with these permissions include Admins, Destination Admins, and Source Admins. If you want to create a custom role with the ability to view audit logs, it should include this policy:
Audit logs track user-driven activity vs. programmatic changes. They work by taking a JSON snapshot of the changed resource for every user-driven change. Hightouch uses these snapshots for a before and after comparison for any changes.
A snapshot may include programmatic fields such as last_run_at, but Hightouch doesn't append a new audit log every time a field like last_run_at is updated since sync runs can be configured to run at regular intervals.
The exception to this is activity driven by Git Sync. For example, if a user changes a configuration via Git Sync, Hightouch treats that as a user-driven change, and it appears in the audit logs.
For a complete list of tracked actions, see the following list.
Creations, updates, or deletions of drafts used in approval flows
Git credential
Creations, updates, or deletions of Git credentials used for Git Sync
Git Sync configuration
Creations, updates, or deletions of Git Sync configurations; for example, changing your tracked Git branch
Invite
Creations and deletions of workspace invitations
Membership
Creations, updates, or deletions of workspace members, including changing a user's role
Membership request
Creations and deletions of workspace membership requests
Model
Creations, updates, or deletions of general model configurations, including updating the model query or primary key
Model column
Creations, updates, or deletions of model columns
Model preview
Actions taken while previewing a model, including a user clicking “Preview” while editing a model or running a SQL query against a source during model setup
Model trait definition
Creations, updates, or deletions of audience traits