Tracking changes to the data generation configuration
The Protection Audit Trail requires an Enterprise license.
On Privacy Hub, the Protection Audit Trail tracks the following actions related to detecting and protecting sensitive data:
- A Tonic sensitivity scan flags a column as sensitive.
- A user changes the assigned table mode for a table.
- A user manually flags a column as either sensitive or not sensitive.
- A user changes the assigned generator for a column.
- Target and lookup tables are added to or removed from the subsetting configuration.
- A post-job script is added or removed.
For child workspaces, the list includes updates to the parent workspace that the child workspace inherits. The list also indicates when the child workspace either breaks or restores inheritance.
The Protection Audit Trail entries are grouped by the date on which an action occurred.
By default, the list shows 10 actions per page. To change the number of actions per page, select an option from the View dropdown list.
Each entry in the Protection Audit Trail list provides the following information:

Example entries in the Protection Audit Trail
The left side of the entry shows the affected area and the type of action. Depending on the action, the affected area is either:
- A table
- A column
- Subsetting
- Post-Job Scripts
The right side of the entry shows who performed the action.
- For a sensitivity scan, this is Privacy Scan.
- For an action that a user performed, this is the user email address. For Tonic users, the entry also indicates the user's role in the workspace.
- For child workspaces, for an update that the child workspace inherited, this is Inherits from parent configuration.