Operation data structure
Learn more about how operation data from the audit log is presented in different contexts.
Applications
Depending on the view you're using to access the audit log in Operate, Admin, or Tasklist, you'll see a subset of the following operation details:
| Property | Description |
|---|---|
| Status | The status of the operation. |
| Operation type | The type of operation applied. |
| Entity type | The type of entity the operation was applied to. |
| Entity key | The key and name of the entity the operation was applied to, if applicable. |
| Parent entity | The key and name of the parent entity, if applicable. |
| Related entity | The ID or name of the related entity, if applicable. |
| Details | Details about the operation. |
| Actor | The user, client, agent, or MCP tool that applied the operation. |
| Date | The date and time at which the operation was applied. |
Entity key
Some audit log entries contain extra details about the entity in the entity key field:
| Operation type | Entity type | Entity key |
|---|---|---|
| Create | Process instance | Process name |
| Delete | Process instance | Process name |
| Create | Variable | Variable name |
| Create | Resource | Resource name |
| Delete | Resource | Resource name |
| Create | Decision | Decision name |
| Delete | Decision | Decision name |
Details
Some audit log entries contain extra details about the operation in the details field:
| Operation type | Entity type | Details |
|---|---|---|
| Create | Batch | Batch operation type |
| Assign | User task | Assignee |
| Unassign | User task | Assignee |
| Create | Authorization | Owner(entity type, entity name) |
| Assign | Tenant | Assignee(entity type, entity name) |
| Unassign | Tenant | Assignee(entity type, entity name) |
| Assign | Role | Assignee(entity type, entity name) |
| Unassign | Role | Assignee(entity type, entity name) |
| Assign | Group | Assignee(entity type, entity name) |
| Unassign | Group | Assignee(entity type, entity name) |
Actor
The following actor types can trigger operations:
| Actor type | Identifier |
|---|---|
| User | Username |
| Client | Client ID |
Agents can perform operations on behalf of a user or client. In this case, you will see the agent's information in the record.
Inbound channel
Alongside the actor, operations record the inbound channel through which they were triggered, when available, identifying how the operation entered the system:
| Channel | Description |
|---|---|
| REST | The operation was triggered through the Orchestration Cluster REST API. |
| GRPC | The operation was triggered through the gRPC API. |
| MCP | The operation was triggered through the Model Context Protocol (MCP), for example, by an AI agent invoking an MCP tool. |
| INTERNAL | The operation was triggered internally by Camunda. |
When the operation was triggered through MCP, the record also captures the name of the MCP tool that triggered it, so you can distinguish operations initiated by AI agents through MCP from those performed directly by users or clients.
In the REST API, these values are exposed as inboundChannelType and inboundChannelToolName.
In Operate, when the inbound channel is MCP, it is shown separately in the Actor column. The channel and the channel tool name are also shown in the operation details popup.
REST API
With the API, you can access more operation data than you can in the applications. See the API response schema for more information.