EntitiesSystem
Audit Log
System audit trail entity
System audit trail entity
Records all significant actions for security and compliance.
Fields
Core Fields
| Field | Type | Required | Description |
|---|---|---|---|
| id | UUID | Auto | Primary key |
| action | enum | Yes | create, update, delete, login, impersonate |
| resourceType | string | Yes | Entity type affected |
| resourceId | UUID | No | Entity ID affected |
Actor Fields
| Field | Type | Required | Description |
|---|---|---|---|
| actorId | UUID | Yes | User who performed action |
| impersonatorId | UUID | No | Admin ID if impersonating |
| ipAddress | string | No | Client IP address |
| userAgent | string | No | Browser/client info |
Change Tracking
| Field | Type | Required | Description |
|---|---|---|---|
| changes | json | No | Diff of changes |
Changes structure:
{
"fieldName": {
"oldValue": "previous",
"newValue": "current"
}
}System Fields
| Field | Type | Required | Description |
|---|---|---|---|
| createdAt | datetime | Auto | Action timestamp |
Logged Actions
| Action | When Logged |
|---|---|
| create | New entity created |
| update | Entity modified |
| delete | Entity deleted |
| login | User login (success/failure) |
| impersonate | Admin impersonating member |
| export | Data exported |
| password_change | Password updated |
| mfa_change | MFA enabled/disabled |
Retention
- Logs retained for 2 years
- Immutable (cannot be modified or deleted)
- Used for compliance and security audits
Features
Audit Log
Acceptance Criteria
Frontend
- Admin/client UI can view and manage
Audit Logrecords where applicable.
Backend / API
- CRUD operations exist for
Audit Log(create, read, update, delete/archive).
Permissions
- Access is restricted to appropriate roles (tenant-scoped).
Business Rules
- Fields and relationships documented on this page are enforced for
Audit Log.
Error Handling
- Invalid payloads return field-level validation errors.