Technical : Administration : Logging : Security logging : What is logged?
What is logged?
Events that are logged
Licenses
Linking or unlinking a solution license to a user group.
Adding, updating, deleting a license, grace license or app license.
On-premise, Cloud SSO disabled:
Authentication changes
- Adding/deleting a user
- Adding/deleting a user group
- Adding/deleting users from a user group
- Resetting or changing a user’s password
- Adding/deleting a product from a user group
- Updating a user group
(Failed) user actions
- Failure to log on by a user
- When a user tries to log on and his/her account is locked
- First time user login
- Failed user login (inactive start / end date)
- When an account is locked (multiple wrong logins, end date, password expired)
Password settings
- Changing the password strength
- Changing password settings
Logging in/out Planon administrators
- Logging of login/log off of users linked to the Planon administrator group
* 
If you want to log the login and logout timings of the users (in the selected user group), go to the User groups TSI > User groups and enable the Additional security logging field by selecting Yes. This data will be stored in the security logging file. To enable this feature, you must first make the security logging settings.
For more information, see Security logging (Authorization).
The Additional security logging setting is not enabled by default because it comes with a performance penalty. If you start logging for each user, this will create a considerable overhead. Only enable this setting if you need the information to retrieve more detailed information for analyzing issues.
Cloud SSO enabled:
All authentication events will be logged (for example: log in/out, token refresh, etc.).
Authorization changes
Switching on/off authorization
Switching on/off business object authorization
Changes to user group permissions:
- Adding/deleting/updating action filters
- Updating authorization filters (when linked to user group)
- Adding/deleting/updating authorization links
Updating function profiles (when linked to a user group)
- Adding/deleting field rights
- Updating field rights
- Adding/deleting actions
- Adding/deleting status transitions
- Adding/deleting extended actions
- Changing the permission type of BORight
- Changing the function profile default permission type
Environment Management gadget
In the Cloud, the following events are logged:
Disk
Changing disk space allocation
Customize
Changing the welcome image
Changing the welcome image to default
Changing the favicon image
Changing the favicon image to default
Changing the error page URL
Backups
Creating manual backup
Restoring backup (including backup ID, destination and with or without resetting user password)
Deleting a backup
Converting a backup from incremental to full
Changing a backup name
Changing a backup expiry date
Changing a backup comment
Changing retention period
Changing Save disk space (toggle for: incremental full backups)
Danger zone
Restarting
Scheduling a restart
Canceling a scheduled restart
Upgrading
Scheduling an upgrade
Canceling a scheduled upgrade
Reloading TMS
Changing the WebDAV password
Reseting NYX credentials
Importing a clone
Creating a clone voucher
Importing Accelerator
IP whitelisting
Enabling IP whitelist
Disabling IP whitelist
Changing IP whitelist settings
SSO
Enabling the SSO realm
Enabling SSO
Disabling SSO
Resetting the SSO Admin password
Domain settings
Changing the domain alias setting
Changing mutual SSL settings
Changing portal URL settings
Alerts
Adding an email address to or removing an email address from:
Planon started
Back-up finished
Restore finished
Upgrade finisheds
Clone created
Clone import finished
Backup failed
Low disk space
Logs
Download Security audit log
Download Security audit log json