Skip to main content

Audit trail

H2O AI Engine Manager (AIEM) records an audit event for every authenticated API request. The audit trail lets administrators verify that access patterns and administrative changes match expectations, and supports compliance reviews by providing a complete record of who did what and when.

How auditing works

AIEM records an audit event for every authenticated request:

  1. A user sends an authenticated request to the AIEM REST API.
  2. AIEM validates the bearer token and identifies the caller.
  3. AIEM executes the operation and records the authorization action and target resource.
  4. AIEM writes the audit event to the platform's audit trail service.

Data captured per event

Each audit event records the following fields:

FieldDescriptionExample
Event timeTimestamp of the request.2026-06-22T14:30:00Z
ActionThe authorization action the request required. Format: actions/enginemanager/<resource>/<VERB>.actions/enginemanager/daiEngines/CREATE
Read-onlyWhether the operation was read-only (GET, LIST) or a mutation.true
ResourceThe full resource name of the target. Format: //engine-manager/<resource-path>.//engine-manager/workspaces/ws1/daiEngines/abc123
PrincipalThe authenticated user who made the request.users/jane.doe@example.com
Status codeThe status code of the response.OK, PermissionDenied, NotFound
Status messageError message when the request failed; empty on success.
Source IPThe client IP address. When the request passes through a proxy, the proxy-reported IP is used.10.0.1.5
User agentThe HTTP User-Agent header value.python-requests/2.31.0

Action identifier format

Every AIEM authorization action follows the pattern:

actions/enginemanager/<resourceType>/<VERB>

For example:

  • actions/enginemanager/daiEngines/CREATE — creating a Driverless AI engine
  • actions/enginemanager/h2oEngineProfiles/UPDATE — updating an H2O-3 engine profile
  • actions/enginemanager/notebookEngineImages/DELETE — deleting a notebook image
  • actions/enginemanager/sandboxEngineTemplates/LIST — listing sandbox templates

The RBAC roles and permissions page lists every action and which roles include it.

What is audited

Auditing spans every resource type AIEM manages, and both read and state-changing operations generate events. The following table summarizes the audited operations for each resource type:

Resource typeAudited operations
Engines (DAI, H2O-3, Notebook, Sandbox)Create, get, list, update, pause, resume, terminate, delete, download logs, access, resize storage
Engine profiles (DAI, H2O-3, Notebook)Create, get, list, list assigned, update, delete
Engine versions (DAI, H2O-3)Create, get, list, update, delete, assign aliases
Engine images (Notebook, Sandbox)Create, get, list, update, delete
Sandbox templatesCreate, get, list, update, delete

Feedback