Open the audit log
In the Dashboard sidebar, open Audit log. This page shows the organization-wide feed and is available to Admins and Owners (and platform admins). If you’re a Member, you don’t have the sidebar link — you see the events you triggered under My recent activity on your profile page instead. See Manage your account.Audit log vs other activity views
The Dashboard surfaces a few activity views that are easy to confuse:| View | Shows | Reach for it when |
|---|---|---|
| Audit log | Actor + action + target, with a timestamp | Compliance, security, “who did this?” |
| Events feed | Lifecycle facts about resources (a node started, sync finished) | Ops triage, “what happened, when?” |
| Alerts (coming soon) | Conditions you defined, with an open → resolved lifecycle | Paging on-call, webhook delivery |
What each entry shows
| Column | Content |
|---|---|
| Time | When the action happened. |
| Action | What was done — for example Node created, API key revoked, Member added. |
| Actor | Who did it (name or email). Links to the user when known. |
| Target | What it was done to — a node, executor, API key, organization, user, or invitation. Links to that item’s page when applicable. |
Filter and search
Use the filter bar at the top of the log to narrow what you see. Each filter is multi-select and the URL updates as you go, so a filtered view is shareable:- Action — filter by action type (the Type filter).
- Actor — pick one or more users.
- Target — pick one or more nodes, executors, API keys, or other targets.
- Category — group by domain: Auth, Security, Organization, Resource, Failure, System, Other.
- Level — Info, Success, Warning, or Error.
- Date — on, before, after, or a from/to range.
Export to CSV
The full-page log has an Export button that downloads the currently visible rows as a CSV (file nameaudit-activity-log-<timestamp>.csv). The export columns are: ID, Occurred at, Source, Type, Title, Summary, Category, Level, Actor kind, Actor ID, Actor label, Target kind, Target ID, Target label, Idempotency UUID, plus the entry’s metadata and detail payload as JSON.
Export is available on the full Audit log page only. The My recent activity view on your profile is a personal slice, not a compliance artefact, so it has no export.
Who sees what
Visibility is enforced for every request:| Role | Sees |
|---|---|
| Owner / Admin | Every action in the organization, by any member, including each other’s. |
| Member | Only the actions they performed (via My recent activity on their profile). |
| Platform admin | The organization feed, and can read across organizations from the admin console. |
What gets audited
Actions are grouped into categories. The current set:- Resource —
node.created,node.updated,node.deleted,node.start.requested,node.stop.requested,node.restart.requested,executor.disabled,executor.deleted,release.created,release.updated,release.deleted. - Security —
api_key.created,api_key.revoked,user.role.changed,user.banned,user.unbanned,user.deleted,impersonation.started,impersonation.stopped. - Organization —
organization.created,organization.updated,organization.deleted,organization.member.added,organization.member.removed,organization.member.suspended,organization.member.restored,invitation.sent,invitation.accepted,invitation.revoked. - Auth —
session.signed_in,session.signed_out,user.password.changed,user.password.reset_requested,user.password.reset_completed,user.session.terminated. - Other —
user.registered,user.email.verified. - Failure —
authz.denied(an action was blocked because the actor lacked permission).
Permissions
- Read the organization audit log — Owners and Admins (and platform admins).
- Export the audit log to CSV — same as read.
- Read your own activity under My recent activity — every signed-in user, scoped to themselves.
- No role can edit, delete, or dismiss an audit entry — the log is append-only.
Related
- Events feed — the resource-lifecycle counterpart.
- Manage your account — where to find your My recent activity feed.
- Roles and permissions — how each role’s reach is defined.