Skip to main content

Audit trail & compliance

The Audit Log is an immutable event ledger for everything that matters in the workspace — authentication, documents, billing, connector actions. It is the place you go when you need to answer "who did what, when, and to which resource", without anyone having to reconstruct the history later.

What the audit page records

  • An event timeline grouped by category.
  • Actor, service, action, and resource metadata for each event.
  • Outcome — success or failure.
  • CSV export for evidence handoff.

Examples of recorded events:

  • login and logout attempts,
  • document registration and status changes,
  • connector and storage-binding actions,
  • export and billing events.

Who can see the audit log

Audit visibility is restricted to specific roles:

  • owner
  • admin
  • auditor

Other roles receive a clear notice: Access to the audit log is restricted for your account. This is a deliberate least-privilege default — the audit log exists to be defensible, not browsable.

Demo fallback

In demo-enabled environments, if live audit access is denied, the page can show sample audit entries with a notice. This keeps the screen usable for training without opening restricted production data.

Filtering

You can filter by:

  • event type,
  • actor (subject),
  • outcome,
  • time range,
  • service / action / resource search.

During a pilot, start with narrow filters — one user, one timeframe — and confirm that the events you expect are actually being recorded. Wide queries can wait until you trust the data.

Exports

Export CSV produces an auditable snapshot of the currently loaded audit data.

Practical rules for keeping audit exports defensible:

  • store them alongside the rest of your internal evidence for the same period,
  • preserve the original filename and timestamps,
  • treat audit CSVs as read-only after export — never edit them in place.

Compliance usage

The audit log is operational evidence — useful for internal control reviews, useful for external audit preparation, useful as a trace when something looks wrong.

It is not legal opinion. It is not a substitute for your own controls. Use it to support your process, not to replace it.