Log permissions
In order to view the run history for a Function or Action, you must have edit permission on the resource.
To view the Trace and Service logs for an execution, log reading must be enabled on the Source Executor resource of the workflow execution.
When log reading is not enabled, expect to see Logs disabled for source execution resource when selecting View log details for an execution.
Configure log visibility
Users with the Information security officer or Enrollment administrator role can configure log visibility by selecting Edit permissions and then Configure log visibility in the top right corner of the Run history table.
The administrator will then be prompted to Enable log reading on the resource.
Then Apply changes.
Delete logs
Users with the Information security officer or Enrollment administrator role can also delete logs at any time by selecting Edit permissions, Delete log history, and then Delete logs.
Choosing to delete log history is irreversible and will permanently delete all logs for executions originating from this function.
Required roles
The following table lists the required roles for various operations in AIP Observability.
| Capability | Required role |
|---|---|
| View run history | Edit permission on the Function or Action |
| Configure log visibility | Information security officer or Enrollment administrator role |
| Delete logs | Information security officer or Enrollment administrator role |
| View trace and service logs | Log reading must be enabled on the source executor |
Related documentation
- Execution history: View available executions
- Service logs: Access logs once permissions are configured
- AIP security and privacy: Learn about AIP security model