Audit Log Schema

When you enable and configure audit logging in Cadenza, a dedicated schema is created that holds all the audit logs for all aspects of Cadenza. This chapter gives an overview of all the relevant data that is captured and how to interpret it.

Technically the audit log is implemented as one database table called LOGDATA: this table contains a number of generic shared columns that are relevant for each audit log type and then each specific audit log type has additional columns that are only relevant to that topic.

The type number is the technical discriminator value that identifies a particular audit logging type. It is stored in the TYPE column of the LOGDATA table.

If you have older audit log schema entries in your database, you can check the documentations for previous versions for details.

General Audit Log Data

These columns are available for all audit log data types. Some are really generic (such as TIMESTAMP) but others may have contents that vary depending on the kind of audit log record that is being written. An example of this is the CADENZA_OBJECT_TYPE_NAME column: it will contain different kinds of information depending on whether this is an Export audit log entry or an AccessManagerWeb entry.

Where applicable we will document the type specific values for that type in their own chapter.

General columns:

ID

Primary key of the table.

IP

IP of the requesting machine.

TIMESTAMP

Begin of the request.

CADENZA_USER_NAME

Cadenza user name.

CADENZA_USER_LOGIN_CONTEXT

The login context of the user. This shows, if the user did login or some process triggered it (e.g. the job scheduler). All following actions (e.g. execute workbook, logout) of this user will have the relevant value for this. Possible values:

  • INTERACTIVE: default, login is done by the user

  • JOB_SCHEDULER: user was logged in by the job scheduler process

  • REPOSITORY_AUTO_IMPORTED: user was logged in by the cauth-files autoimport process

  • UNKNOWN: is only set by the database migration for old auditlog entries

REPOSITORY_ITEM_NAME

Name of the repository item.

REPOSITORY_NAME

Name of the repository.

REPOSITORY_PRINT_NAME

User-visible name of the repository.

REPOSITORY_LOCATION

Location of the repository, possible values are:

  • central

  • local

CADENZA_OBJECT_TYPE_NAME

Identifies the kind of thing that this request operates on. For example if we log an export operation this may contain the kind of thing that was exported. This is not a Cadenza Workbooks Objecttype.

EXECUTION_TIME

Execution time in milliseconds.

HEAP_MEMORY_CONSUMPTION

Java heap memory consumption in bytes.

NON_HEAP_MEMORY_CONSUMPTION

Java non-heap memory consumption in bytes.

CADENZA_DB_GROUPS

Groups of the user.

OS_USER_NAME

Username of the Cadenza process on the OS level. (Windows-only?)

OS_DOMAIN

Domain of the Cadenza process on the OS level. (Windows-only?)

PRINT_NAME

Print name of the repository item being audit logged.

REQUEST_ID

The id of HTTP request that triggered this audit log entry. The format is a hexadecimal string formatted UUID value.

JUSTIFICATION_1

If the Cadenza plugin Purpose_Of_Request is enabled this column contains the first reason for the purpose of request requirement.

JUSTIFICATION_2

If the Cadenza plugin Purpose_Of_Request is enabled this column contains the second reason for the purpose of request requirement. Whether this reason is present depends on the plugin configuration.

Selectors (type = 1)

Only relevant for Classic layers in a map view.

SQL_COMMAND

Executed query.

PARAMETERIZATION_XML

Conditions of the query.

RESULT_COUNT

Count of the result.

DATABASE_JDBC_URL

The JDBC url.

DATABASE_USERNAME

Datasource user.

DATASOURCE

Datasource name.

ACTIVITY

Always "Execute filter form".

LAZY

Flag, if lazy-loading is active.

Authentication (type = 6)

REPOSITORY_ITEM_NAME

Specifies the context of the activity:

  • "login"

  • "logout"

  • "login-failed"

REPOSITORY_NAME

Always "authentication"

ACTIVITY

Detailed information on the activity:

  • "Login"

  • "Logout"

  • "Unknown user"

  • "Authentication failed"

  • "Technical cause"

  • "login-failed"

RESULTING_SESSION_COUNT

Count of the open sessions in Cadenza.
Hint: -1 for failed logins, because this action did not change the count.

Classic Access Management (type = 7)

Only relevant for using Classic access management.

ACTIVITY

The activity with possible values: ADD, REMOVE and CHANGE.

CHANGED_OBJECT_TYPE

The type of the changed object.
Possible values: GROUP, USER, ROLE, OBJECT and DATA_ACCESS_POLICY.

CHANGED_OBJECT

The changed object.
Printname + ID for GROUP, USER, ROLE and DATA_ACCESS_POLICY.
RepositoryId + ID for OBJECT.

CHANGE

The change:
Empty for ACTIVITY=ADD and ACTIVITY=REMOVE.
For ACTIVITY=CHANGE:

  • The name of the changed property

  • OR the type of the changed connection.
    Possible values: ADD ROLE, REMOVE ROLE, ADD GROUP, REMOVE GROUP, ADD USER, REMOVE USER, CHANGE PARENT-GROUP, ADD CONDITION-SETTINGS, REMOVE CONDITION-SETTINGS, CHANGE CONDITION-SETTINGS, ADD OBJECT-PRIVILEGE, REMOVE OBJECT-PRIVILEGE, ADD GROUP-PRIVILEGE, REMOVE GROUP-PRIVILEGE, ADD ROLE-PRIVILEGE, REMOVE ROLE-PRIVILEGE, ADD SYSTEM-PRIVILEGE, REMOVE SYSTEM-PRIVILEGE, ASSIGN_APPLICATION_CONTEXT, REMOVED_APPLICATION_CONTEXT, PASSWORD.

  • OR the type of the change of a Data Access Policy Value for a role.
    Possible values: ADD_DATA_ACCESS_POLICY_VALUE, REMOVE_DATA_ACCESS_POLICY_VALUE, ADD_DATA_ACCESS_POLICY_ALL_VALUE, REMOVE_DATA_ACCESS_POLICY_ALL_VALUE

VALUE_BEFORE

Value before the change.
Only filled for changes of a simple property (e.g. PrintName) and for CHANGE=CHANGE PARENT-GROUP.

VALUE_AFTER

Value after the change.
Only filled for changes of a simple property (e.g. PrintName) and for CHANGE=CHANGE PARENT-GROUP.

CHANGED_ASSOCIATION

The changed connection between things.
For GROUP, USER and ROLE: Printname + ID
For OBJECT-PRIVILEGE: RepositoryId + ID
For changes of a Data Access Policy Value: The name of the (optional) existing Data Access Policy.
Only filled for a CHANGE with ADD ROLE, REMOVE ROLE, ADD GROUP, REMOVE GROUP, ADD USER, REMOVE USER, ADD OBJECT-PRIVILEGE, REMOVE OBJECT-PRIVILEGE, ADD GROUP-PRIVILEGE, REMOVE GROUP-PRIVILEGE, ADD ROLE-PRIVILEGE, REMOVE ROLE-PRIVILEGE, ADD SYSTEM-PRIVILEGE or REMOVE SYSTEM-PRIVILEGE.

PRIVILEGE

The name of the (e.g. added or removed) privilege, possible values: visible, write, structure, manage, execute (for Objects, Roles and Groups)
Or the system privileges like for example: ManageAll, ExcelImport, RepositoryManager, ChangeOwnPassword, ManageProcessings, CadenzaMobile, CadenzaMobileDefault, ManagePlugins, AccessManagerImportExport, AccessManagerImportExportAdmin, ReloadRepository, ModifySystemVariables, CreateAdminPermalink, AutomaticLayerRefreshConfiguration.

OBJECT_TYPE

Type of the changed object (e.g. SELECTOR).
Only filled for CHANGED_OBJECT_TYPE=OBJECT

OBJECT_PRINT_NAME

Printname of the changed object.
Only filled for CHANGED_OBJECT_TYPE=OBJECT

OWNER

Owner of the changed object.
Only filled for CHANGED_OBJECT_TYPE=OBJECT

CONDITION_NAME

Name of the condition.
Only filled for CHANGE= ADD/REMOVE/CHANGE CONDITION-SETTINGS.

ITEM_NAME

Name of the selector.
Only filled for CHANGE= ADD/REMOVE/CHANGE CONDITION-SETTINGS.

XML_BEFORE

XML before the change (empty for ADD CONDITION-SETTINGS).
Only filled for CHANGE= ADD/REMOVE/CHANGE CONDITION-SETTINGS.

XML_AFTER

XML after the change (empty for REMOVE CONDITION-SETTINGS).
Only filled for CHANGE= ADD/REMOVE/CHANGE CONDITION-SETTINGS.

Reports (type = 9)

SQL_COMMAND

Executed query.

ACTIVITY

Always "Activity on Report".

Exports (type = 10)

ACTIVITY

Describes the executed export action. Possible values:

  • "Export chart"

  • "Export report to PDF"

  • "Export table to text/csv file"

  • "Export table to excel file"

  • "Export table to clipboard"

  • "Export database repository".

CADENZA_OBJECT_TYPE_NAME

Type of data that is being exported. Possible values:

  • "Layer attribute table"

  • "Table"

  • "Report"

  • "Chart"

  • "Database repository"

PRINT_NAME

Name of the file to which data was exported. Empty for "Export table to clipboard".

REPOSITORY_ITEM_NAME

If possible, repositoryItemName of exported item. For "Layer attribute table" it’s name of the layer, for which attribute table is exported.

Workbooks (type = 11)

ACTIVITY

Describes export action that is executed. Possible values (with notes):

  • Create: New workbook created with a new worksheet, view and dataview.

  • Delete: Workbook was deleted

  • Export: Workbook was exported to a file. The filename is stored in the printName column of LOGDATA

  • Import: Workbook added from an exported Workbook file

  • Load: Workbook loaded

  • LoadChanged: Workbook loaded after changing it by executing a command.

  • Rename: PrintName of the workbook changed

  • ReplaceWithImport: Workbook replaced with a workbook from an exported Workbook file

  • Save: Workbook saved into the navigator tree

  • ExportData: DataView data exported into a file, PrintName of the exported file (e.g. "Messstellen.kml")

  • WorkbookSetting: An important setting was changed. Currently only triggered when a workbook with a changed workbook.printHeader.name is saved.

  • GenerateReport: Before generating a workbook report (i.e. not a Jasper report)

  • DeleteVersion

  • PublishVersion

  • UnpublishWorkbook

  • CopyObjecttype

  • UpdateCopiedObjecttype.

WORKBOOK_IDENTIFIER

Base64-encoded UUID (NOT the hash, that is generated on the fly).

WORKBOOK_NAME

The name of the workbook.

WORKBOOK_VERSION

Version of the Workbook in the database.

WORKBOOK_SAVED

Whether this workbook has been saved at least once.

WORKSHEET_IDENTIFIER

Base64-encoded UUID.

WORKSHEET_NAME

Name of the worksheet inside the workbook.

WORKSHEET_VIEW_IDENTIFIER

Base64-encoded UUID.

WORKSHEET_VIEW_NAME

Name of the view inside the worksheet.

WORKSHEET_DATA_VIEW_IDENTIFIER

Base64-encoded UUID.

SQL_COMMAND

The SQL command sent for a given request with ? as placeholder for parameters (prepared statements).

SQL_COMMAND_PARAMETERS

The SQL command parameters (prepared statements). The format might not be the exact representation in the database. Must be checked manually. They are only safe when used as prepared statements.

LAZY

Whether the query was executed with lazy-loading.

CHANGE

Which setting was changed. Only filled for activity WorkbookSetting.
Possible values: workbook.printHeader.name.

VALUE_BEFORE

Arbitrary string: The value before the change, null if not set.

VALUE_AFTER

Arbitrary string: The value after the change, null if not set.

RESULT_COUNT

Number of result lines.

Access Management (type = 13)

ACTIVITY

General type of operation. Possible values:

  • ADD

  • EDIT

  • REMOVE

  • CHANGE (for user based restrictions only)

CADENZA_OBJECT_TYPE_NAME

Some of the possible values:

  • Repository

  • Objecttype

  • Workbook

  • DataSource

  • UserBasedRestriction

CHANGED_OBJECT_TYPE

Recipient type of operation. Possible values:

  • USER

  • GROUP

  • SYSTEM_ROLE

  • (empty for user based restrictions)

CHANGED_OBJECT

Recipient of operation. Example values:

  • "Admin", "Group_Bremen", "User_Horst" For user based restrictions: the attributeId with the databaseID of the UBR in brackets, e.g.
    livedatabaserepository/OT442/column_1 (55)

CHANGE

Specific type of operation. Some of the possible values:

  • ADD ITEM-AUTHORIZATION

  • REMOVE ITEM-AUTHORIZATION

  • REMOVE_GROUP

  • ADD USER-BASED-RESTRICTION VALUE

  • ADD USER-BASED-RESTRICTION USER-VARIABLE

  • ADD USER-BASED-RESTRICTION GROUP-VARIABLE

  • ADD USER-BASED-RESTRICTION FULL-ACCESS

  • REMOVE USER-BASED-RESTRICTION VALUE

  • REMOVE USER-BASED-RESTRICTION USER-VARIABLE

  • REMOVE USER-BASED-RESTRICTION GROUP-VARIABLE

  • REMOVE USER-BASED-RESTRICTION FULL-ACCESS

  • REMOVE_SYSTEM_AUTHORIZATION

CHANGED_ASSOCIATION

The name of the group, for which the user based restriction rule applies.

PRIVILEGE

Role associated with operation. Example values:

  • "R_CONTRIBUTOR", "R_GUEST"

  • (empty for user based restrictions)

VALUE_BEFORE

Arbitrary string: The value before the change, null if not set.

VALUE_AFTER

Arbitrary string: The value after the change, null if not set.

Imports (type = 14)

ACTIVITY

Describes the import action that is executed. Possible value: "Import database repository"

CADENZA_OBJECT_TYPE_NAME

Type of data that is being imported. Possible value: "Database repository"

PRINT_NAME

Name of the file from which data was imported.

REPOSITORY_ITEM_NAME

If possible, repositoryItemName of the imported item.

Job Scheduling (type = 15)

ACTIVITY

Describes the event. Possible values:

  • "Create": a JobSchedule has been created

  • "Update": an existing JobSchedule has been updated

  • "Delete": an existing JobSchedule has been deleted

  • "NotExecuted": when executing a Job the condition is checked, if it wasn’t fulfilled "NotExecuted" will be audit logged

  • "Executed": the Job was executed

  • "ExecutionException": during execution of the Job an Exception occurred

JOB_OR_SCHEDULE_ID

The id of the job schedule.

JOB_SCHEDULE_PRINT_NAME

The user-visible job schedule name.

Data Protection Context (type = 16)

ACTIVITY

Describes the event. Possible values:

  • "CREATE": a DPC has been created

  • "CONFIRM_DELETION_DATE": user has confirmed the deletion date

  • "PROLONG_DELETION_DATE": user has prolonged the deletion date

  • "ASSIGN_DELETION_MORATORIUM": user has assigned the moratorium

  • "CHANGE_DELETION_MORATORIUM": user has changed the moratorium

  • "REMOVE_DELETION_MORATORIUM": user has removed the moratorium

  • "ACTIVE_TO_DELETED": Either the DPC is manually deleted or when the EOL(Deletion Date) of the DPC is reached

  • "REACTIVATED": user has reactivated/revived the DPC from DELETED state

  • "PERMANENTLY_DELETED": DPC is permanently deleted at the EOL include the grace period

SQL_COMMAND_PARAMETERS

The description entered by the user when confirming, prolonging or reactivating the DPC. Also includes the id of the moratorium for moratorium related audit log.

REPOSITORY_ITEM_NAME

The id of the DPC.

REPOSITORY_NAME

The repository id where the DPC is created.

PRINT_NAME

The print name of the DPC.

Projects (type = 17)

ACTIVITY

Describes the event. Possible values:

  • For projects

    • "CREATE"

    • "UPDATE"

    • "DELETE"

  • For project variable definitions:

    • CREATE_PROJECT_VARIABLE

    • UPDATE_PROJECT_VARIABLE

    • DELETE_PROJECT_VARIABLE

CADENZA_OBJECT_TYPE_NAME

"Project"

PRINT_NAME

The print name of the project or project variable.

SQL_COMMAND_PARAMETERS

The description of the project.

CHANGE

Specific type of operation, possible values:

  • For projects

    • "ADD PROJECT VARIABLE VALUE"

    • "ADD NAVIGATOR DIRECTORY"

    • "ADD DELETION DATE"

    • "CHANGE PRINT NAME"

    • "CHANGE DESCRIPTION"

    • "CHANGE NAVIGATOR DIRECTORY"

    • "CHANGE DELETION DATE"

    • "CHANGE PROJECT VARIABLE VALUE"

  • For project variable definitions the created or changed flag/name:

    • "UNIQUE"

    • "MANDATORY"

    • "PROJECT VARIABLE NAME"

VALUE_BEFORE

Arbitrary string: The value before the change.
For the deletion date an ISO-8601 representation (e.g. 2023-09-26T10:00:00Z)

VALUE_AFTER

Arbitrary string: The value after the change.
For the deletion date an ISO-8601 representation (e.g. 2023-09-26T10:00:00Z)

CHANGED_ASSOCIATION

The name of the variable for
"ADD PROJECT VARIABLE VALUE" and "CHANGE PROJECT VARIABLE VALUE"