This page describes the events that Looker generates and how to view them.
Viewing events
Looker events are visible in the System Activity Event and Event Attribute Explores. You must be a Looker admin or have the see_system_activity
permission to view the Event and Event Attribute Explores.
If you have enabled the System Activity Model Labs feature, you will see the list of System Activity Explores, including the Event and Event Attribute Explores, at the bottom of your Explore menu.
The Event Explore includes the Event
view, which includes categories, created dates and times, and names of each event created.
The Event Attribute Explore includes both the Event
view and the Event Attribute
view. The Event Attribute
view shows the name and value of each attribute related to an individual event.
Common event attributes
Each Looker-generated event includes a set of data about the event. These common attributes are:
Attribute Name | Description |
---|---|
id |
Unique numeric identifier of the event |
user_id |
Unique numeric ID of the user who triggered the event |
name |
Name of the specific event that occurred, for example, create_dashboard |
created |
Date and time, in UTC, that the event was created |
category |
High-level category associated with the event, for example, dashboard |
sudo_user_id |
Unique numeric ID of the actual user who is impersonating the user indicated by user_id |
is_looker_employee |
Whether the user identified by user_id is a Looker employee |
is_admin |
Whether the user identified by user_id is a Looker admin |
is_api_call |
Whether the event was caused by an API call |
List of event types
The table below lists several events that can be generated by a Looker server.
This list includes the name of the event, the action or situation that can trigger the generation of the event, and a list of attributes associated with each event.
Event Type | Trigger | Attributes |
---|---|---|
add_external_email_to_scheduled_task |
An email outside the organization domain was added to a scheduled task. | scheduled_task_id : ID of the scheduled taskexternal email : email that was added |
add_group_group |
A group was added as a member of another group. | parent_group_id : ID of the parent group adding_group_id : ID of the added group deleting_group_id : ID of the deleted group |
add_group_user |
A user was added to a group. | group_id : ID of the group user_id : ID of the user |
add_user_to_scheduled_task |
A user was added to a scheduled task. | scheduled_task_id : ID of the scheduled taskuser_id : ID of the added user |
alert_options_v0 |
A user selected the alert button on a dashboard tile. | duration : the time it took Looker to load the alert options for the dashboard tile, in secondssuccess : whether Looker successfully loaded alert options for the dashboard tile |
async_query_execution |
A query was sent to a database (not retrieved from Looker cache). | eager_poll : Whether the query was initiated with eager polling. Eager polling is when Looker keeps the connection to the database open while the query runs, rather than waiting for the database to notify Looker that the query is complete. It improves performance for fast queries. |
create_alert |
A user created an alert. | alert_id : ID of the alertchannel_destinations : the number of Slack channels that this alert will post incron : the cron string that defines when the alert is checkedduration : the time it took for Looker to create the alert, in secondsemail_destinations : the number of email addresses that this alert will send toembed_user : whether this alert was created by an embedded userfollowable : whether this alert is followablepublic : whether this alert is publicsuccess whether this alert was successfully createdtotal_destinations : the total number of destinations, including Slack channels and email addresses, that this alert will send tovis_type : the visualization type of the alert's query |
create_connection |
A user created a connection. | connection_id : numeric ID of the connectiondatabase : name of the database used in the connectiondialect : database dialect used in the connectionname : name of the connection |
create_dashboard_element |
A dashboard tile was created on a dashboard. | dashboard_element_id : ID of the dashboard tile |
create_dashboard_render_task |
A new task was created to render a dashboard to a document or an image. | render_task_id : ID of the render task dashboard_id : ID of the dashboard to be rendered lookml_dashboard : whether the dashboard is a LookML dashboard target_type : resulting format of the rendered dashboard |
create_homepage_item |
A new curated homepage item was created. | has_title : whether the item has a titlehas_text : whether the item has text has_link : whether the item has a link has_image : whether the item has an image |
create_homepage_section |
A new curated homepage section was created. | homepage_section_id : ID of the curated section |
create_look_prefetch |
A prefetch for a Look was created with the specified information. | look_id : ID of the Look that had a prefetch created |
create_look |
A Look was created or deleted. | look_id : ID of the Look |
create_look_render_task |
A new task was created to render a Look to an image. | render_task_id : ID of the render tasklook_id : ID of the Look to be renderedformat : resulting image format |
create_project_file |
A new file was created in a project. | project : name of the projectfile : the name of the newly created file file_type : the type of file created (model, view, etc) |
create_query_render_task |
A new task was created to render an existing query to an image. | render_task_id : ID of the render taskquery_id : ID of the query to be rendered format : resulting image format |
create_query |
A query was created. | query_id : ID of the new query |
create_role |
A new role was created. | role_id : ID of the new rolepermission_set_id : ID of the role's permission setmodel_set_id : ID of the role's model set |
create_saml_test_config |
A SAML test configuration was created. | has_error : whether the SAML config has an error |
create_scheduled_plan_destination |
A scheduled plan destination was created. | scheduled_plan_destination_id : ID of the created plan |
create_sql_query |
A SQL Runner query was created. | query_id : ID of the new query |
create_upload |
A CSV file for user-defined table generation/load was uploaded. | upload_id : ID of the uploaded data |
create_user_access_filter |
An access filter was created for the specified user. | for_user_id : ID of the user whose access filters were created |
create_user_credentials_api |
(Legacy) API login information was created for the specified user. This is for API Users used for the old query API. |
for_user_id : ID of the user whose API credentials were created |
create_user_credentials_api3 |
API 3 login information was created for the specified user. This is for the newer API keys that can be added for any user. | for_user_id : ID of the user whose API 3 credentials were created |
create_user_credentials_email |
Email/password login information was created for the specified user. | for_user_id : ID of the user whose email credentials were created |
create_user_credentials_email_password_reset |
A password reset token was created. | for_user_id : ID of the user whose password reset token was created |
create_user_credentials_totp |
Two-factor login information was created for the specified user. | for_user_id : ID of the user whose TOTP credentials were created |
create_user |
A user was created with the specified information. | user_id : ID of the user whose account was createdreason : (optional) method used to create the user account. If reason is missing, an admin created the user account. Otherwise, the account was automatically created as a result of a user action like login , license_setup , marketplace_setup , or self_created .type : (optional) credentials type for this user, especially if the user was auto-created at login |
dashboard.next.rendered |
A dashboard was rendered as a PDF. | dashboard_id : ID of the dashboardload_session_id : unique hash ID of the load sessioncache_count : number of dashboard queries that were pulled from cachequery_count : number of dashboard queries that were run on the databasettr : time to run the dashboard, in milliseconds |
dashboard.run.data_received |
A dashboard received query results for one of its tiles. | load_session_id : unique hash ID of the dashboard load sessionrun_session_id : unique hash ID of the dashboard run sessionquery_task_id : ID of the query task that was run asynchronously for this dashboard |
dashboard.run.data_rendered |
A dashboard rendered a visualization for one of its tiles. | load_session_id : unique hash ID of the dashboard load sessionrun_session_id : unique hash ID of the dashboard run sessionquery_task_id : ID of the query task that was run asynchronously for this dashboardvis_type : visualization type of the dashboard tile. |
dashboard.run.start |
A dashboard was run. | cache_run : whether the user selected Clear cache and refreshload_session_id : unique hash ID of the load sessionrun_session_id : unique hash ID of the run session |
datagroup_trigger_changed |
A datagroup trigger was changed. | runtime : total time to run the triggerconnection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionname : name of the datagroup |
delete_alert |
An alert was deleted from a dashboard tile. | duration : the time it took Looker to delete the alert, in secondssuccess : whether Looker successfully deleted the alert |
delete_connection |
A user deleted a connection. | connection_id : numeric ID of the connectiondatabase : name of the database used in the connectionname : name of the connection |
delete_dashboard_element |
A dashboard tile was deleted from a dashboard. | dashboard_element_id : ID of the dashboard tile |
delete_group_from_group |
A group was deleted as a member of another group. | parent_group_id : ID of the parent group adding_group_id : ID of the added groupdeleting_group_id : ID of the deleted group |
delete_group_user |
A user was removed from a group. | group_id : ID of the groupuser_id : ID of the user who was removed from the group |
delete_homepage_item |
A homepage item was deleted. | homepage_item_id : ID of the deleted homepage item |
delete_homepage_section |
A homepage section was deleted. | homepage_section_id : ID of the deleted homepage section |
delete_look |
A Look was deleted. | look_id : ID of the deleted Look |
delete_model_set |
A model set was deleted. | model_set_id : ID of the deleted model set |
delete_permission_set |
A permission set was deleted. | permission_set_id : ID of the deleted permission set |
delete_project_file |
A file was deleted in a project. | project : name of the project file : the name of the deleted filefile_type : the type of file deleted (model, view, etc) |
delete_role |
A role was deleted. | role_id : ID of the deleted role |
delete_saml_test_config |
A SAML test configuration was deleted. | none |
delete_scheduled_plan_destination |
A scheduled plan destination was deleted. | scheduled_plan_destination_id : ID of the deleted scheduled plan |
delete_space |
A folder was removed. | none |
delete_upload |
An uploaded table with a specific ID was dropped. | upload_id : ID of the table |
delete_user_access_filter |
An access filter for the specified user was deleted. | for_user_id : ID of the user whose access filters were deleted |
delete_user_credentials_api |
(Legacy) API login information for the specified user was deleted. This is for API Users used for the old query API. |
for_user_id : ID of the user whose API credentials were deleted |
delete_user_credentials_api3 |
API 3 login information for the specified user was deleted. This is for the newer API keys that can be added for any user. | for_user_id : ID of the user whose API 3 credentials were deleted |
delete_user_credentials_email |
Email/password login information for the specified user was deleted. | for_user_id : ID of the user whose email credentials were deleted |
delete_user_credentials_embed |
Embed login information for the specified user was deleted. | for_user_id : ID of the user whose Embed credentials were deleted |
delete_user_credentials_google |
Google authentication login information for the specified user was deleted. | for_user_id : ID of the user whose Google credentials were deleted |
delete_user_credentials_ldap |
LDAP login information for the specified user was deleted. | for_user_id : ID of the user whose LDAP credentials were deleted |
delete_user_credentials_looker_openid |
Looker OpenID login information for the specified user was deleted. Used by Looker analysts. | for_user_id : ID of the user whose Looker OpenID credentials were deleted |
delete_user_credentials_saml |
SAML authentication login information for the specified user was deleted. | for_user_id : ID of the user whose SAML credentials were deleted |
delete_user_credentials_totp |
Two-factor login information for the specified user was deleted. | for_user_id : ID of the user whose TOTP credentials were deleted |
delete_user_session |
A web login session for the specified user was deleted. | for_user_id : ID of the user whose session was deleted |
delete_user |
A user was deleted. | user_id : ID of the user whose account was deleted |
detect_alert_drift |
Before running an alert, Looker checks to see if the underlying dashboard tile has changed. | alert_condition_base_query_id : The query ID of the dashboard tile. Usually matches dashboard_element_query_id alert_condition_condition_query_id : The query ID of the alert conditionalert_condition_id : The ID of the alert condition. Usually matches the alert_id alert_id : The unique ID of the alertdashboard_element_id : The dashboard element ID of the underlying dashboard tiledashboard_element_query_id : The query ID of the dashboard tiledashboard_type : The type of dashboard (user defined dashboard or LookML dashboard)suspected_reason : The change to the dashboard element. If no changes are detected, the value will be no_drift sync_classification : A detailed list of all changes made to the dashboard elementsync_type : Whether the change to the dashboard element is likely to cause disruption to the alert. If no changes are detected, the value will be null |
disable_user |
A user account was disabled. | user_id : ID of the user whose account was disabled |
enable_user |
A user account was enabled. | user_id : ID of the user whose account was enabled |
enter_sudo |
A user entered sudo (impersonation) as another user in the UI. |
target_user_id : ID of the target usersession_id : ID of the Looker session |
exit_sudo |
A user exited sudo (impersonation) as another user in the UI. |
target_user_id : ID of the target usersession_id : ID of the Looker session |
export_query |
A user downloaded a file in a format other than PNG or PDF | dialect : Database dialect of the queryexport_format : The format of the download (CSV, JSON, etc)history_id : History ID of the queryquery_params : Query parameters that describe the querysource : The source from which the download originated (API, drill modal, etc) |
fetch_and_parse_saml_idp_metadata |
The given URL was fetched and parsed as a SAML IdP metadata document, and the result was returned. | none |
find_and_replace |
The find and replace function of the Content Validator was used. | replace_type : type of replacement. field , view , model , or explore error_count : number of errors, if anylook_ids : IDs of Looks that were successfully updated, if any |
follow_alert |
A user followed an alert. | alert_id : ID of the alertchannel_destinations : the number of Slack channels that this alert will post incron : the cron string that defines when the alert is checkedduration : the time it took for Looker to follow the alert, in secondsemail_destinations : the number of email addresses that this alert will send toembed_user : whether this alert was followed by an embedded userfollowable : whether this alert is followablepublic : whether this alert is publicsuccess whether this alert was successfully followedtotal_destinations : the total number of destinations, including Slack channels and email addresses, that this alert will send tovis_type : the visualization type of the alert's query |
generating_mail_dashboard |
A dashboard was rendered as an email. | source_url : source URL of the dashboarditems : number of dashboard elements rendered |
generating_pdf |
A dashboard was rendered as a PDF. | source_url : source URL of the dashboarditems : number of dashboard elements rendered |
get_alerts_v0 |
A user selected the alert button on a tile, and Looker computed the number of alerts already on that tile. | duration : the time it took Looker to compute the number of alerts on the tile, in secondscount : the number of alerts on the tilesuccess : whether Looker successfully computed the number of alerts on the tile |
login |
A user logged in to the UI or API. | type : type of authentication systemldap : whether the login occurred via the LDAP protocolip : IP address of the requestuser_id : ID of the user who logged in |
login_failure |
A user's login attempt to the UI or API failed. | type : type of authentication systemip : IP address of the requestuser_id_offered : user identifier string that the user offered in the attempt (as appropriate for the different auth systems)msg : details string about the attempt processing |
login_user |
An API session was transformed to impersonate a user. This is often used when a service account is configured to enable API calls on behalf of users without needing to provision API credentials for individual users. | target_user_id : ID of the target usertoken_id : ID of the session token for this API session |
lookml_dashboard_metadata_saved |
Looker performed a periodic check on the state of LookML dashboards on the instance. | added_dashboard_count : the number of LookML dashboards that were created since the last checkdeleted_dashboard_count : the number of LookML dashboards that were deleted since the last checkupdated_dashboard_count : the number of LookML dashboards that were updated since the last check |
mail_opened |
An email was opened. | mail_type : password reset or scheduled task , for example recipient : hash of the recipient's email addressbuild_time : time at which the MailJob was createdlook_id : ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id : ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id : ID of the scheduled task (if a task email is scheduled); otherwise, null |
mail_sent |
An email was sent by the mailer. | mail_type : password reset or scheduled task , for example recipient : hash of the recipient's email addresslook_id : ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id : ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id : ID of the scheduled task (if a task email is scheduled); otherwise, null |
move_space |
A folder was moved or renamed. | origin_space_id : ID of the original parentdestination_space_id : ID of the new parent |
new_model_set |
A model set was created. | model_set_id : ID of the new model setmodels : JSON object containing the models |
new_permission_set |
A permission set was created. | permission_set_id : ID of the new permission setpermissions : JSON object containing the permissions |
new_space |
A folder was added. | has_parent : whether the folder has a parent folder |
oauth_client_app_user_authentication |
An application attempted to authenticate to the Looker instance. | oauth_client_app_guid : the unique ID that the app identifies itself withtype : the type of authentication that the app used. Most often api user_id : the Looker user ID that the app authenticated as |
parse_saml_idp_metadata |
The given XML was parsed as a SAML IdP metadata document, and the result was returned. | none |
pdt_build |
A PDT was rebuilt. | temporary : table generated a temporary table runtime : total time to build the tableconnection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionstatus : build_ready , build_complete , build_aborted , build_canceled , build_error , or nilsource : regenerator or query dev_mode : whether the PDT was built for a user in Development Mode |
pdt_regen |
A PDT regen was executed on a connection. | connection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionstatus : skipped_pending_cron , skipped_invalid_connection , skipped_unwritable_schema , success , error_in_regen , or nilruntime : total time to regen all PDTs on the connectionchecked_count : number of PDTs checkedbuilt_count : number of PDTs builtcanceled_count : number of PDT regens canceled (query killed)failed_count : number of PDT regens that failed for an unknown reason |
redirect_query |
A new query was mapped to an existing query. | look_id : ID of the Look for this querymodel : name of the model for this queryview : name of the view for this query |
render_scheduled_dashboard |
A scheduled dashboard was rendered. | target_uri : URI of the dashboard to be renderedtype : rendered file type |
render_scheduled_look |
A scheduled Look was rendered. | target_uri : URI of the Look to be renderedtype : rendered file typedimensions : dimensions of the rendered image |
render_timeout_for_scheduled_dashboard |
A timeout occurred while a scheduled dashboard was being rendered. | target_uri : URI of the dashboard that was renderedtype : rendered file type |
render_timeout_for_scheduled_look |
A timeout occurred while a scheduled Look was being rendered. | target_uri : URI of the Look that was renderedtype : rendered file typedimensions : dimensions of the rendered image |
run_alert |
An alert's condition was checked. | alert_id : ID of the alertcondition_met : whether the alert's conditions were metcron : the cron string that defines when the alert is checkedelapsed_time : the total amount of time it took for Looker to check the alert condition, in seconds. This includes query runtime and initializationembed_user : whether this alert was created by an embedded userfollowable : whether this alert is followableinit_duration : the time it took Looker to initialize the alert condition check, in secondspublic : whether this alert is publicruntime : the time it took for Looker to run the alert's query, in secondssuccess whether this alert condition was successfully checkedvis_type : the visualization type of the alert's query |
run_query |
A query was completed through the Query Manager. | model : model usedview : view in modelquery : query string stored in the history entryhistory_id : ID of the history entryruntime : runtime up to completion, error, or killstatus : completed , killed , or error uri_length : length of the query string passed in query dialect : dialect of the database for this querydashboard_id : ID of the UDD dashboard or the name of the LookML dashboardlook_id : ID of the Look for this query |
run_query_task |
A saved query was run asynchronously. | query_task_id : ID of the query task to run asynchronously |
run_scheduled_task |
A scheduled task was run. | scheduled_task_id : ID of the scheduled tasksent : whether the results were sent (published) |
run_sql_query |
A SQL query was run from SQL Runner. | slug : slug of the queryuser_id : user who ran the query last_runtime : how long the query took the last time it executedrun_count : how many times the query has been executeddialect : dialect of the query |
save_look |
A Look was saved. | look_id : ID of the Lookvis_type : vis type of the querykeep_exploring: user did not immediately view the new Look |
save_project_file |
A file was saved in a project. | project : name of the project file : the name of the saved file file_type : the type of file saved (model, view, etc) |
scheduler_deliver |
The scheduler delivered a scheduled job. |
|
scheduler_execute |
The scheduler checked whether a scheduled job should be run. |
|
set_legacy_feature_#{id}_to_#{val} |
The legacy feature #{id} was set to #{val} by a user. |
legacy_feature_id : ID of the legacy feature being altered |
support_access_disabled |
Looker Support auth access was turned off or toggled by an admin or a privileged developer. | support_access_open : falsesupport_access_open_until : time at which the toggle was set to nil |
support_access_enabled |
Looker Support auth access was turned on or toggled by an admin or a privileged developer. | support_access_open : truesupport_access_open_until : time at which the toggle was automatically set to false |
test_ldap_config_auth |
The connection authentication settings for an LDAP configuration were tested. | success : whether the test was successful |
test_ldap_config_connection |
The connection settings for an LDAP configuration were tested. | success : whether the test was successful |
test_user_auth |
The user authentication settings for an LDAP configuration were tested. | success : whether the test was successful |
test_user_info |
The user authentication settings for an LDAP configuration were tested without the user being authenticated. | success : whether the test was successful |
track_content_view |
A user viewed a Look or dashboard. | content_id : ID of the Look or dashboardcontent_type : the type of content viewed, most commonly dashboards-next or looks |
unchanged_oauth_client_app |
Looker periodically checks the status of connectors such as Connected Sheets. | app_client_guid : the unique ID of the connectorapp_display_name : the user-friendly name of the connectorapp_enabled : whether the connector is enabled |
unfollow_alert |
A user unfollowed an alert. | alert_id : ID of the alertchannel_destinations : the number of Slack channels that this alert will post incron : the cron string that defines when the alert is checkedduration : the time it took for Looker to unfollow the alert, in secondsemail_destinations : the number of email addresses that this alert will send toembed_user : whether this alert was unfollowed by an embedded userfollowable : whether this alert is followablepublic : whether this alert is publicsuccess whether this alert was successfully unfollowedtotal_destinations : the total number of destinations, including Slack channels and email addresses, that this alert will send tovis_type : the visualization type of the alert's query |
update_connection |
A user updated a connection. | connection_id : numeric ID of the connectiondatabase : name of the database used in the connectionname : name of the connection |
update_embed_config |
The Embed configuration was updated. | old_value : previous auth enabled setting new_value : new auth enabled setting action : whether auth was enabled or disabled domain_whitelist_count : count of allowlist domains |
update_google_config |
The Google auth settings were updated. | action : enabled , disabled , or modified |
update_homepage_item |
A curated homepage item was updated. | homepage_item_id : ID of the updated homepage itemhas_title : whether the item has a title has_text : whether the item has text has_link : whether the item has a URL has_image : whether the item has an image |
update_homepage_section |
A curated homepage section (title) was updated. | homepage_item_id : ID of the updated homepage item |
update_ldap_config |
The LDAP auth settings were updated. | action : enabled , disabled , or modified |
update_model_set |
The models in a model set were changed. | model_set_id : ID of the updated model set old_models : JSON object containing the old models |
update_oidc_config |
The OpenID Connect auth settings were updated. | action : enabled , disabled , or modified |
update_permission_set |
The permissions in a permission set were changed. | permission_set_id : ID of the updated permission set old_permissions : JSON object containing the old permissions new_permissions : JSON object containing the new permissions |
update_role_groups |
All groups for a role were set, and all existing group associations from that role were removed. | role_id : ID of the role group_ids : IDs of groups to set for the role |
update_role_users |
The set of users with a given role was edited. | role_id : ID of the role old_user_ids : JSON object containing the old users with the role new_user_ids : JSON object containing the new users with the role |
update_role |
A role was updated. | role_id : ID of the role old_permission_set_id : ID of the role's old permission set old_model_set_id : ID of the role's old model set new_permission_set_id : ID of the role's new permission setnew_model_set_id : ID of the role's new model set |
update_saml_config |
The SAML auth settings were updated. | action : enabled , disabled , or modified |
update_scheduled_plan_destination |
A scheduled plan destination was updated. | scheduled_plan_destination_id : ID of the updated plan |
update_space |
A folder was updated. | space_id : ID of the updated folder |
update_totp_config |
The two-factor auth settings were updated. | action : enabled , disabled , or modified |
update_upload |
The upload table definition was updated and the DB table was created/loaded. | upload_id : ID of the uploaded data that was imported to the database |
update_user |
A user's information was updated. | user_id : ID of the modified user |
update_user_access_filter |
An access filter was updated for the specified user. | for_user_id : ID of the user whose access filters were updated |
update_user_credentials_email |
Email/password login information was updated for the specified user. | for_user_id : ID of the user whose email credentials were updated |
update_user_facts_chunk |
Looker updated the User Facts table in the User explore. The table is updated hourly. | chunk_number : ID of the chunk of users about whom Looker computed user facts elapsed_seconds : number of seconds Looker took to compute user facts facts_created : number of fact entries created facts_deleted : number of fact entries deleted users_processed : number of users processed in this chunk |
update_whitelabel_configuration |
The private label configuration was updated. | none |
upload_file |
The contents of file were uploaded to Looker for user-defined table generation and load. | upload_id : ID of the upload that has the custom file attached to it for later import |
user_permission_elevation |
A change occurred that caused a user's permissions to be increased in some way. | user_id : ID of the user whose permissions changed embed_user : whether this was an Embed user added_permissions : list or permissions that were added old_permissions : list of permissions before the change new_permissions : list of permissions after the change cause : name of the event that caused the change, or unknown if the change can't be attributed to a specific event cause_event_id : ID of the event that caused the change |
user_roles_updated |
A user's roles were edited. | user_id : ID of the modified user role_ids : JSON object containing the user's roles |