# audit\_logs

## Description

Exposes the audit log for all actions performed within the organization. Use this table for security auditing, compliance reporting, and change tracking. Requires USAGE privilege on the organization. Results are returned in chronological order. For large organizations, use `WHERE event_ts > ...` to filter by time range.

## Syntax

```sql
SELECT * FROM deltastream.sys."audit_logs";
```

## Columns

| Column               | Type           | Nullable | Description                                                                                  |
| -------------------- | -------------- | -------- | -------------------------------------------------------------------------------------------- |
| `organization_id`    | VARCHAR        | No       | The unique identifier of the organization this resource belongs to.                          |
| `object_type`        | VARCHAR        | No       | The type of resource the action was performed on, e.g. `role`, `store`, `relation`, `query`. |
| `object_fqn`         | VARCHAR        | No       | The fully qualified name of the resource the action was performed on.                        |
| `action_name`        | VARCHAR        | No       | Name of the action performed, e.g. `created`, `updated`, `deleted`.                          |
| `action_description` | VARCHAR        | No       | Human-readable description of the action.                                                    |
| `actor_role`         | VARCHAR        | No       | The role that performed the action.                                                          |
| `actor_role_deleted` | BOOLEAN        | No       | Whether the actor role has since been deleted.                                               |
| `actor_user`         | VARCHAR        | No       | The user who performed the action.                                                           |
| `event_ts`           | TIMESTAMP\_LTZ | No       | Timestamp when the action occurred.                                                          |

## Examples

```sh
$ dsql -e 'SELECT * FROM deltastream.sys."audit_logs";'
[{"organization_id":"00000000-0000-0000-0000-000000000001","object_type":"role","object_fqn":"okta_skim_provisioner","action_name":"created","action_description":"role okta_skim_provisioner created","actor_role":"orgadmin","actor_role_deleted":false,"actor_user":"User Name","event_ts":"2025-05-28T21:24:37.684Z"},{"organization_id":"00000000-0000-0000-0000-000000000001","object_type":"role","object_fqn":"okta_skim_provisioner","action_name":"updated","action_description":"ownership of role okta_skim_provisioner transferred to role orgadmin","actor_role":"orgadmin","actor_role_deleted":false,"actor_user":"User Name","event_ts":"2025-05-28T21:24:37.684Z"}]
```

Filter audit events by resource type:

```sql
SELECT object_fqn, action_name, actor_user, event_ts FROM deltastream.sys."audit_logs" WHERE object_type = 'store' ORDER BY event_ts DESC;
```

Filter audit events by actor:

```sql
SELECT object_type, object_fqn, action_name, event_ts FROM deltastream.sys."audit_logs" WHERE actor_user = 'rick@example.com' ORDER BY event_ts DESC;
```

## See Also

* [System Tables Overview](https://docs.deltastream.io/reference/sql-syntax/systables)