Audit Log¶
The Audit Log displays all recorded actions in the system, allowing you to
track who did what and when. This screen is restricted to owners
(owner permission only).
Access
The Audit Log is accessed from the Administration menu in the menu bar, or via the π button in the sidebar. Both the menu item and the sidebar button are hidden for non-owner users. It opens as a standalone screen (desktop), outside the store tabs.
Screen layout¶
The screen is divided into four areas:
- Toolbar β screen title and a button to expand/collapse the filter panel.
- Filter panel (collapsible) β event type, table, search text, date range and flagged-only toggle.
- Entries table β paginated list of audit events.
- Detail panel β shown below the table when a row is clicked; displays full details of the selected event.
Owners also see a statistics bar between the filters and the table, summarising the last 7 days: total events, flagged events, and active users.
Available filters¶
| Filter | Description |
|---|---|
| Event type | Filter by a specific type (see table below) or all. |
| Table | Filter by system table (e.g. expenses, usrs, ordr). The list is populated automatically from tables that have audit records. |
| Flagged only | When enabled, shows only events that were automatically marked as suspicious by the system. |
| From date / To date | Date range for the search. Defaults to the last 30 days. |
| Search text | Searches within the event summary field. |
After adjusting filters, click Search to update the results.
Event types¶
| Type | Meaning |
|---|---|
| LOGIN | A user signed in. |
| LOGOUT | A user signed out. |
| CREATE | A new record was created (e.g. new expense, new user). |
| UPDATE | An existing record was modified. |
| DELETE | A record was removed. |
| SYNC_PUSH | Data was synchronised from the local app to the server. |
Each type is shown with a distinct colour badge in the table for easy identification.
Flagged events¶
The system automatically evaluates each event at the time it is recorded and may flag it as potentially suspicious. Flagging criteria include:
- Large value change β a monetary field (price, expense amount) changed by more than 25%.
- Bulk operations β more than 20 operations by the same user within 5 minutes.
- Off-hours activity β operations performed between 22:00 and 06:00 (UTC).
- Sensitive table deletion β removal of records from critical tables (orders, users, expenses).
- Rapid edits β 5 or more changes to the same record within 10 minutes.
Flagged events are indicated by a red dot in the corresponding table column. When a flagged event is selected, the detail panel shows the reason for the flag.
Detail panel¶
Clicking a table row opens the detail panel at the bottom of the screen, showing:
- Date and time of the event
- Event type and affected table
- User who performed the action
- Event summary
- Flag reason (if applicable)
- Technical details (before and after values for changes)
To close the panel, click the close button in its top-right corner.
Pagination¶
Results are shown in pages of 50 records. Use the navigation buttons at the bottom of the table to move between pages.
Common tasks¶
Check who modified a record¶
- In the Event type filter, select UPDATE.
- In the Table filter, select the relevant table (e.g.
expenses). - Adjust the date range if needed.
- Click Search.
- Click a result to see the change details in the panel below.
Review flagged events¶
- Enable the Flagged only toggle.
- Click Search.
- Review each flagged event by clicking its row to see the reason.
Check logins for a period¶
- In the Event type filter, select LOGIN.
- Set the From date and To date.
- Click Search.
See also¶
- Users β user management and permissions