Help Center

Menu

Logs Auditor secondary role

The Logs Auditor secondary role allows users to view sensitive information in the Logging Service, including personally identifiable information (PII) that is masked by default.

Typically, this secondary role is added by users with the Owner primary role to trusted users within your organization who need to investigate security incidents, perform compliance monitoring, or troubleshoot system issues that require access to sensitive log data.

When to assign the Logs Auditor role

Assign this role to users who:

  • Need to investigate security incidents

  • Are responsible for compliance monitoring

  • Perform system troubleshooting that requires access to sensitive log data

  • Are members of your organization’s security or audit teams

Requirements for Logs Auditor access

Users with this role should:

  • Be trusted members of your organization

  • Have training in how to handle personally identifiable information (PII)

  • Understand your organization’s privacy policies and data protection procedures

  • Have a legitimate business need for accessing log data

  • Be familiar with data protection regulations (GDPR, CCPA) as they apply to log

Assigning the Logs Auditor role

Only users with the Owner primary role can assign the Logs Auditor secondary role.

To assign the role:

  1. Navigate to Administration  Users.

  2. Select the user who needs Logs Auditor access.

  3. Click the edit icon for that user.

  4. In the Secondary roles section, select Logs Auditor.

  5. Save the changes.

Security considerations

  • log data may contain sensitive PII including email addresses, IP addresses, user IDs, session tokens, and form submission data

  • Access to log data should be logged for audit purposes

  • Conduct regular reviews of who has Logs Auditor access

  • Remove access immediately when it is no longer needed

  • Ensure users understand PII handling requirements and data protection regulations

  • Follow the principle of least privilege

  • Implement secure procedures for handling and storing log data

Compliance considerations

The Logs Auditor role helps organizations to:

  • Maintain appropriate access controls for sensitive log data

  • Demonstrate compliance with privacy regulations regarding log

  • Provide audit trails for regulatory requirements

  • Implement the principle of least privilege for log access

  • Ensure proper handling of data subject requests related to log

For detailed information about PII handling in logs, see Personally identifiable information (PII) in Logs.