docs/documentation/platform/pam/auditing.mdx
PAM logs every action — who accessed what, who changed what, and when. This audit trail is essential for compliance reviews and incident investigation.
| Category | Events |
|---|---|
| Sessions | Session started, session ended, session terminated |
| Accounts | Account created, updated, deleted |
| Folders | Folder created, updated, deleted |
| Templates | Template created, updated, deleted |
| Memberships | Membership added, updated, removed |
| Product Access | Product member added, removed, role changed |
Each event includes:
These are complementary:
Audit logs track metadata — who accessed what account, when, from where. They tell you that something happened.
Session recordings capture content — the actual queries and commands. They tell you what was done during the session.
For a complete picture, you need both. The audit log tells you Alice accessed the orders-db at 2pm; the session recording shows you exactly what queries she ran.
Audit logs are retained according to your organization's policy. Events are immutable — they can't be modified or deleted.
Access reviews — Filter by date range to see who accessed what during a specific period.
Incident investigation — Search for a specific account or user to trace actions before or after an incident.
Change tracking — Filter by event type to see configuration changes (template updates, membership changes).
User activity reports — Filter by actor to see everything a specific user did.