For events that interact with multiple organizations, which audit log dataset will the resulting events appear in?
For example, let’s say I have orgs A, B, and C.
If a user from org A who is a guest in org B looks at a dataset that is protected by org B’s marking, will the data access audit log appear in the dataset for org A or B?
If a user from org A, adds a user from org C, to a group that is only visible to org B, which org’s audit log will have the change event?
Audit logs are attributed to an organization based on the user who performs the actions. For both of your examples:
If a user from org A who is a guest in org B looks at a dataset that is protected by org B’s marking, will the data access audit log appear in the dataset for org A or B? → This audit log will appear in org A’s dataset.
If a user from org A, adds a user from org C, to a group that is only visible to org B, which org’s audit log will have the change event? → This audit log will also appear in org A’s dataset.