Log permissions

In order to view the run history for a Function or Action, you must have edit permission on the resource.

To view the Trace and Service logs for an execution, log reading must be enabled on the Source Executor resource of the workflow execution.

When log reading is not enabled, expect to see Logs disabled for source execution resource when selecting View log details for an execution.

Example Workflow Builder logs disabled

Configure log visibility

Users with the Information security officer or Enrollment administrator role can configure log visibility by selecting Edit permissions and then Configure log visibility in the top right corner of the Run history table.

Example Workflow Builder edit log permissions

The administrator will then be prompted to Enable log reading on the resource.

Example Workflow Builder enable log reading dialogue.

Then Apply changes.

Example Workflow Builder enable log reading dialogue.

Delete logs

Users with the Information security officer or Enrollment administrator role can also delete logs at any time by selecting Edit permissions, Delete log history, and then Delete logs.

Example Workflow Builder delete log selection.

Choosing to delete log history is irreversible and will permanently delete all logs for executions originating from this function.

Example Workflow Builder delete logs pop up.

Required roles

The following table lists the required roles for various operations in AIP Observability.

CapabilityRequired role
View run historyEdit permission on the Function or Action
Configure log visibilityInformation security officer or Enrollment administrator role
Delete logsInformation security officer or Enrollment administrator role
View trace and service logsLog reading must be enabled on the source executor