Skip to main content

securityAuditEvents

Returns paginated security audit events for an organization. Newest first by default (the entity has an OCCURRED_AT order field). Admin-only via view-audit scope; an audit log can reveal which member performed which sensitive operation, a privacy concern beyond the operational signal.

Use the where filter to scope by event_type (e.g. only trust_policy_changed events) or result (e.g. only denied attempts).

securityAuditEvents(
orgID: String!
after: Cursor
first: Int
before: Cursor
last: Int
orderBy: SecurityAuditEventOrder
where: SecurityAuditEventWhereInput
): SecurityAuditEventConnection!

Arguments

securityAuditEvents.orgID ● String! non-null scalar

Keycloak organization alias (slug, e.g. "acme-corp").

securityAuditEvents.after ● Cursor scalar

Returns the elements in the list that come after the specified cursor.

securityAuditEvents.first ● Int scalar

Returns the first n elements from the list.

securityAuditEvents.before ● Cursor scalar

Returns the elements in the list that come before the specified cursor.

securityAuditEvents.last ● Int scalar

Returns the last n elements from the list.

securityAuditEvents.orderBy ● SecurityAuditEventOrder input

Ordering options. Default is OCCURRED_AT desc.

securityAuditEvents.where ● SecurityAuditEventWhereInput input

Filtering options.

Type

SecurityAuditEventConnection object

A connection to a list of items.