Overview

Last updated on Feb 12, 2026

---

An audit trail is a chronological record of all key actions performed within the system. It shows who did what, when, and where, helping you track changes and activities in your Harness account.

Audit trails are automatically generated and cannot be altered, keeping the information accurate and reliable. This information can be used during compliance or to help identify and resolve issues more quickly.

Before you begin

• Key Concepts
• RBAC in Harness

Viewing the audit trail

note

The audit trail can only be viewed at the account and organization scope. Audit events for the account scope do not appear in the audit trail at the organization scope.

To view the audit trail at the account scope (for organization scope events, go to the Organization Settings), follow these steps:

1. In Harness, go to Account Settings.

2. Navigate to the Security and Governance section, then click Audit Trail.

3. The Audit Trail page opens, showing audit logs from the past 7 days by default.

   Each record logs an activity that happens within the system. These records may take a few minutes to appear in the Audit Trail. If you still can't see an event, try refreshing your browser.

   

Filter by date and time

Limit the audit events displayed to a specific time range, from 1 day up to 2 years. Use the date picker to select the exact start and end dates, including the time of day.

Audit trail types

By default, all audit events are displayed. You can refine the records using the following filters:

• Exclude Login Events: Hides authentication-related events, such as successful or failed logins, 2FA, and so on from the records.
• Exclude System Events: Hides events generated by the system.

Add a filter

To add a filter, perform the following steps:

1. In Account Audit Trail, click the filter icon.

   

2. In the New Filter settings, select filters to refine audit events. Narrow the viewable events by adding filters and selecting:

   • User

   • Organization

   • Project

   • Resource Type

   • Resource Identifier

   • Action

     note

     The Resource Identifier operates in conjunction with the Resource Type. It allows you to use the resource identifier to filter audit events related to a specific resource using that identifier.

     Infrastructure Audit Trail

     To retrieve the infrastructure audit trail, use the Environment resource type and provide your environment identifier as the Resource Identifier.

3. In Filter Name, enter a name for your filter.

4. For Who can view and edit the filter?, select Only me or Everyone based on the visibility you want to set for this filter.

5. Select Save to create a filter.

   

6. Select Apply to view the audit events as per the filter you just created.

   

   By default, the events of the last 7 days are returned for the filter. To view more results, you can select the date range accordingly.

Audit trail data fields

The data fields capture the information for each audit event, including the user, action, time, and affected resources.

• Time: The date and time when the activity occurred.
• User: The user who performed the action (typically shown as an email ID or username).
• Action: The action that was performed (created, updated, deleted and so on).
• Resource: The Harness entity that was affected by the action.
• Organization: The organization name corresponding to the affected entity, if applicable.
• Project: The project name corresponding to the affected entity, if applicable.
• Module: The module corresponding to the affected entity (pipeline, Platform and so on).
• Event Summary: A detailed summary of the event, highlighting the changes made, along with the corresponding YAML differences.

IMPORTANT

By default, the Audit Trail does not capture pipeline execution events such as Pipeline Start, Pipeline End, Stage Start, and Stage End. To capture these events, enable the Enable Pipeline Execution Audit Events setting under the pipeline category in account scope settings.

This setting is available only at the account scope.

Audit trail for events

Audit trail are stored for up to 2 years. If you need to retain them for a longer period, you can use audit log streaming to export logs externally.

Audit logs capture key activities performed in your account. For example, when a new user is added, an audit log records the action (created, updated, revoked, etc.) along with relevant user details.

note

This is not an exhaustive list, as audit logs are generated dynamically based on user and system activities.

Module categories and resources

Modules Category	Resources	Description
Platform Core	ORGANIZATION PROJECT USER USER_GROUP ROLE ROLE_ASSIGNMENT PERMISSION RESOURCE_GROUP SERVICE_ACCOUNT API_KEY TOKEN	Core platform entities used to manage accounts, projects, users, access control, and authentication across Harness.
Secrets Management	SECRET CERTIFICATE	Secure storage and management of sensitive values such as secrets and certificates used by pipelines and services.
Continuous Deployment	SERVICE ENVIRONMENT ENVIRONMENT_GROUP PIPELINE TRIGGER TEMPLATE INPUT_SET DEPLOYMENT_FREEZE DB_SCHEMA DB_INSTANCE	Resources used to define, configure, and execute application and database deployments.
Delegates	DELEGATE DELEGATE_GROUPS DELEGATE_CONFIGURATION DELEGATE_TOKEN	Delegates enable secure connectivity between Harness and customer infrastructure to execute tasks.
Connectors	CONNECTOR	Configurations that allow Harness to integrate with external systems such as cloud providers, Git, and artifact registries.
Dashboards	DASHBOARD DASHBOARD_FOLDER	Visual dashboards and folders used to organize and display insights and reports across modules.
Governance	GOVERNANCE_POLICY GOVERNANCE_POLICY_SET	Policies and policy sets used to enforce standards, compliance, and guardrails across the platform.
File Store	FILE VARIABLE	Files and variables stored in Harness and referenced during pipeline execution and configuration.
Platform Settings	SETTING NG_LOGIN_SETTINGS NG_ACCOUNT_DETAILS SMTP IP_ALLOWLIST_CONFIG STREAMING_DESTINATION BRANDING_SETTINGS BRANDING_ASSET BANNER	Account-level and platform-wide settings that control security, notifications, branding, and integrations.
Chaos Engineering	CHAOS_HUB CHAOS_INFRASTRUCTURE CHAOS_EXPERIMENT CHAOS_GAMEDAY CHAOS_PROBE CHAOS_SECURITY_GOVERNANCE CHAOS_IMAGE_REGISTRY	Resources used to design, run, and govern chaos experiments to validate system resilience.
Service Reliability Management	MONITORED_SERVICE SERVICE_LEVEL_OBJECTIVE DOWNTIME NOTIFICATION_CHANNEL NOTIFICATION_RULE	Resources for monitoring service health, defining SLOs, tracking downtime, and sending reliability notifications.
Security Testing Orchestration	STO_TARGET STO_EXEMPTION STO_OVERRIDE TICKET	Security testing targets, exceptions, overrides, and ticketing artifacts for managing security findings.
Cloud Cost Management	PERSPECTIVE PERSPECTIVE_BUDGET PERSPECTIVE_REPORT PERSPECTIVE_FOLDER COST_CATEGORY BUDGET_GROUP AUTOSTOPPING_RULE AUTOSTOPPING_LB AUTOSTOPPING_STARTSTOP COMMITMENT_ORCHESTRATOR_SETUP COMMITMENT_ACTIONS CLUSTER_ORCHESTRATOR_SETUP CLUSTER_ORCHESTRATOR_VPA_RULE CLUSTER_ACTIONS CCM_ANOMALY CCM_ANOMALY_ALERT CCM_RECOMMENDATION CCM_RECOMMENDATION_IGNORE_LIST CCM_RECOMMENDATION_SETTINGS CCM_RECOMMENDATION_TICKET_SYSTEM CLOUD_ASSET_GOVERNANCE_*	Cost visibility, optimization, anomaly detection, and governance resources for managing cloud spend and efficiency.
Feature Management & Experimentation	FEATURE_FLAG FEATURE_FLAG_STALE_CONFIG TARGET_GROUP	Feature flags and target groups used to control feature rollout and experimentation.
GitOps	GITOPS_REPOSITORY GITOPS_CLUSTER GITOPS_CREDENTIAL_TEMPLATE GITOPS_REPOSITORY_CERTIFICATE GITOPS_GNUPG_KEY GITOPS_AGENT GITOPS_PROJECT_MAPPING GITOPS_APPLICATION GITOPS_APPLICATION_SET	GitOps resources for managing clusters and applications using Git as the source of truth.
Code Repository	CODE_REPOSITORY CODE_BRANCH_RULE CODE_PUSH_RULE CODE_TAG_RULE CODE_BRANCH CODE_TAG CODE_REPOSITORY_SETTINGS CODE_WEBHOOK	Source code repositories and governance rules for managing code changes and integrations.
Internal Developer Portal	IDP_APP_CONFIGS IDP_CONFIG_ENV_VARIABLES IDP_PROXY_HOST IDP_SCORECARDS IDP_CHECKS IDP_ALLOW_LIST IDP_OAUTH_CONFIG IDP_CATALOG_CONNECTOR IDP_BACKSTAGE_CATALOG_ENTITY IDP_BACKSTAGE_SCAFFOLDER_TASK IDP_LAYOUT IDP_HOMEPAGE_LAYOUT IDP_PERMISSIONS IDP_PLUGINS IDP_CATALOG_* IDP_GIT_INTEGRATIONS IDP_GROUPS IDP_WORKFLOW IDP_ENVIRONMENT IDP_ENVIRONMENT_BLUEPRINT IDP_AGGREGATION_RULE	Developer self-service portal resources including service catalog, workflows, scorecards, and integrations.
Software Engineering Insights	SEI_CONFIGURATION_SETTINGS SEI_COLLECTIONS SEI_INSIGHTS SEI_PANORAMA	Metrics, insights, and configurations used to analyze software delivery and engineering performance.
Software Supply Chain Assurance	SSCA_ARTIFACT SSCA_COMPLIANCE SSCA_COMPONENTS	Artifact and component-level compliance data for securing the software supply chain.
Infrastructure as Code Manager	WORKSPACE IAC_MODULE	Workspaces and modules used to manage infrastructure using infrastructure-as-code workflows.
Continuous Error Tracking	CET_AGENT_TOKEN CET_CRITICAL_EVENT CET_SAVED_FILTER	Error tracking resources used to capture, filter, and analyze application runtime issues.
Harness Artifact Registry	ARTIFACT_REGISTRY ARTIFACT_REGISTRY_UPSTREAM_PROXY	Artifact registries and upstream proxies for storing and serving build artifacts.
Gitspaces	CDE_GITSPACE CDE_INFRAPROVIDER	Cloud development environments used to provision and manage Git-based workspaces.
Other / System	MODULE_LICENSE EULA NETWORK_MAP SERVICE_DISCOVERY_AGENT APPLICATION_MAP DAEMON_SET RUNNER GITX_WEBHOOK RMG	System-level, licensing, and miscellaneous resources used internally or across multiple modules.

Resource type and supported actions

Each resource in Harness can perform specific actions that reflect how it is created, updated, executed, accessed, or governed across the platform.

Resource Type	Supported Actions	Description
All Resources (Generic)	CREATE UPDATE DELETE RESTORE MOVE	Core lifecycle actions applicable to most resources across Harness.
Access & Identity Resources (USER, ROLE, SERVICE_ACCOUNT, TOKEN)	INVITE ADD_MEMBERSHIP REMOVE_MEMBERSHIP CREATE_TOKEN REVOKE_TOKEN DELETE_TOKEN	Actions related to managing users, access, and authentication credentials.
Platform Authentication	LOGIN LOGIN2FA UNSUCCESSFUL_LOGIN	Records authentication activity for users and service accounts.
Pipeline Resources (PIPELINE, STAGE, INPUT_SET)	START END STAGE_START STAGE_END PAUSE RESUME ABORT TIMEOUT RERUN	Actions that track pipeline and stage execution lifecycle.
Governance & Policy Resources	ENABLED DISABLED BYPASS FREEZE_BYPASS	Actions that reflect policy state changes or controlled overrides.
Git-Backed Resources (GitOps, Code, IACM)	SYNC_START SYNC_SUCCEEDED SYNC_FAILED MOVE_TO_GIT FORCE_PUSH	Actions related to Git synchronization and source-controlled changes.
SLO & Reliability Resources	ERROR_BUDGET_RESET	Actions associated with SLO and reliability management events.
Feature Management Resources	ENABLED DISABLED	Actions indicating feature flag state changes.
Impersonation	START_IMPERSONATION END_IMPERSONATION	Tracks when an identity assumes or exits impersonated access.
Tickets & Exceptions	TICKET_CREATED TICKET_CREATE_FAILED DISMISS_ANOMALY	Actions representing exceptions, alerts, or external ticketing outcomes.
System & Compliance Events	SIGNED_EULA STABLE_VERSION_CHANGED EXPIRED	One-time or system-level events recorded for audit and compliance.