Audit Logs

Audit logs are records that track changes made to data within the system. They provide a detailed history of who did what and when, creating a transparent trail of all actions taken. Audit logs are essential for maintaining accountability, troubleshooting issues, and ensuring compliance with security policies and regulations.

The system automatically records the following information for each action:

• What changed: Before and after values of the modified data
• Type of change: Creation, update, deletion, or restoration of records
• When it happened: Timestamp of when the action occurred
• Who made the change: User and account information
• Context: Store, team, and session information

Audit logs capture different types of events:

• Created: When new records are added to the system
• Updated: When existing records are modified
• Deleted: When records are removed (soft deleted)
• Permanently Deleted: When records are permanently removed
• Restored: When previously deleted records are restored

Each audit log entry includes:

• Auditable ID and Type: Identifies what record was changed
• Event: The action that occurred (created, updated, etc.)
• Before State: Data values before the change (when applicable)
• After State: Data values after the change (when applicable)
• User Information: Who performed the action
• Store Information: Which store the action relates to

Administrators can access audit logs through:

1. API Access: Authenticated API requests to retrieve audit log data
2. Data Export: The ability to export audit logs for deeper analysis
   • Navigate to the Exports section
   • Select "Audit Log" as the export type
   • Specify optional parameters like row limits
   • Download the exported file containing audit log data

Access to audit logs is controlled by permissions:

• Users must have appropriate permissions to view audit logs
• Access is typically restricted to administrators and authorized personnel
• Audit log data is protected to maintain security and privacy

1. Security and Compliance: Meet regulatory requirements by maintaining detailed records of system changes
2. Accountability: Clearly identify which users made specific changes
3. Troubleshooting: Investigate issues by reviewing the history of changes
4. Recovery: Understand previous states of data to help with data recovery
5. System Integrity: Ensure the system is being used appropriately and detect potential misuse

1. Regular Review: Periodically review audit logs to identify unusual activities
2. Data Retention: Establish policies for how long audit logs should be retained
3. Access Control: Limit access to audit logs to authorized personnel only
4. Export and Backup: Regularly export and backup audit logs for long-term storage
5. Monitor Volume: Watch for unusual spikes in audit log entries that might indicate issues