ヘルプセンターをご利用いただき、ありがとうございます。現在英語のページが混在しております。ご不便をおかけしますが、翻訳完了まで今しばらくお待ちください。

Audit log

Audit log - hero
この記事の内容

Your workspace audit log gives admins access to detailed information about security and safety-related activity. This can include identifying potential security issues, investigating suspicious behavior, and troubleshooting access.


  • Open the Settings & Members menu in your left sidebar.

  • Select Audit log.

Note: This feature is only available to admins on an Enterprise plan workspace. Contact sales to learn more about our Enterprise plan →

The following information is included in each event recorded by the audit log:

  1. User: This is the Notion user who performed the event

  2. Event: This is the event captured. 

  3. Date: This is the date the event occurred

Where available, the IP address is also included.

Note: The audit log feature is exclusive to workspaces on the Enterprise Plan. If you upgrade to an Enterprise Plan, audit log events are recorded starting from the time of upgrade. Prior events will not be included in the audit log.

Interested in upgrading to Enterprise? Let us know →

By default, all events are shown in reverse chronological order. You can filter by each category of event information by using the filter buttons at the top.

  • Date: Select the Date button and choose the date, date range or time. 

  • User: Select the User button. Type the name of the user or scroll through the full list to choose the person that you'd like to filter by.

  • Event: Select the Event button. In the dropdown, click the checkboxes to filter specific event types. A full list of events can be found below.

Events are split into three main categories:

  1. Page events: This includes events users take on a single Notion page.

  2. Workspace events: This includes events users take on an entire Notion workspace.

  3. Account events: This includes events about accounts of users in the workspace.

Page events

  • Page viewed: Which page a user viewed

  • Page created: That a user created a new page nested under another page

  • Page deleted: That a user deleted a page

  • Page restored: That a user restored a formerly deleted page from Trash

  • Page exported: That a user exported a page

  • Page moved: That a user relocated a page

  • Page permission update: That a member or guest has had their page permissions updated

  • Page shared to web: A user enabled sharing (or disabled sharing) a page to the web

  • File uploaded: That a user uploaded a file

  • File downloaded: A user has downloaded file name from a certain page

Workspace events

  • Member invited: That a user invited another user to the workspace. Will specify “as Admin” if user is invited as an admin

  • Member joined: That a user has joined the workspace

  • Member role updated: That a workspace admin has updated a user’s role 

  • Member removed: That a workspace admin has removed a user from the workspace

  • Guest removed: That a guest has been removed from a workspace

  • Invite link toggled: That a user either enabled or disabled the invite link

  • Invite link reset: That a user has reset an invite link

  • Workspace name changed: That a user updated the workspace’s name

  • Workspace icon changed: That the workspace icon has been changed

  • Workspace domain changed: That the domain of a workspace is changed

  • Page access requests toggled: That a user has enabled or disabled page access requests from non-workspace-members

  • Public page sharing toggled: That a workspace admin has switched public page sharing on/off

  • Workspace sidebar editing toggled: That a workspace admin has enabled or disabled the ability for users to change the Workspace sidebar

  • Disable guests toggled: That a workspace admin has enabled or disabled the ability to add guests to a workspace

  • Pages to other workspaces toggled: That a workspace admin has either disabled or enabled moving pages to other workspaces

  • Export toggled: That a workspace admin has disabled or enabled exporting

  • Added/removed allowed email domain: That the allowed email domain of a workspace is changed

  • All workspace content exported: That a user has exported content from a page or the entire workspace

  • Integration installation toggled: That a workspace admin has disabled or enabled integrations restrictions

  • Public home page set: That a workspace admin has changed public home page

  • Public home page link cleared: That a workspace admin has cleared public home page

  • SCIM token generated: That a workspace admin generated a SCIM API token

  • SCIM token revoked: That a workspace admin revoked a SCIM API token

  • IDP metadata URL updated: That a workspace admin has set or updated the IDP metadata URL

  • IDP metadata XML updated: That a workspace admin has updated the IDP metadata XML

  • IDP metadata XMP removed: That a workspace admin has removed IDP metadata XML

  • SAML enabling toggled: That a workspace admin has disabled or enabled SAML

  • SAML enforcing toggled: That a workspace admin has disabled or enabled Enforce SAML

  • Auto-create accounts on sign-in toggled: That a workspace admin has enabled automatically creating accounts on sign-in

Account events

  • Login: When and from where a user has logged in

  • Logout: When and from where a user has logged out

  • Password set: That a user created a password

  • Password cleared: That a user cleared their password

  • Password changed: That a user changed their password

  • Email changed: That a user changed their email

  • Picture changed: When a user changed their profile photo

  • User deleted: That a specific user has been deleted from the workspace

Note: If you are trying to find a deleted user or a user who has changed their name to a new name, the best way to do this is by through an exported audit log. Instructions for exporting your workspace audit log to CSV below.

Want to analyze the data in a spreadsheet or import your audit log to external tools? The workspace audit log can be exported in CSV format.

  • Select the blue Export button at the top right of the audit log screen.

  • You'll see four different export date range options. You can choose to export up to one year of audit log data.

  • Once you select your preferred date range, you will see a notification letting you know that an email will be sent to you with the audit log file download link.

Note: An exported audit log will show all applicable events within the chosen date range, up until 2 hours before the export time.


フィードバックを送信

このコンテンツは役に立ちましたか?


次へ

はじめに

こんにちは 👋 インターネット上で唯一のオールインワンのツールへようこそ!