05 · Visibility · visibility lens

Audit log

An append-only, tamper-evident trail of every sensitive action — who did what, to which record, with before/after snapshots — filterable by severity, your own actions, or automation.

5 min read · updated 28/05/2026
Who can do this
RoleSales & CustomersOperations tabs (Turnover, Channels, SKUs, Categories, Shipping, Returns)Financial tabs (Aging, GST, P&L)Team tab
OwnerAllowedAllowedAllowedAllowed
ManagerAllowedAllowedAllowedAllowed

Overview

When an invoice gets voided, a price changes, or a teammate is removed, you want a straight answer: who did it, when, and what changed. The audit log is that record. Every sensitive action lands here as one row — actor, action, the record it touched, and a before/after snapshot — so a dispute over "who deleted that" takes seconds, not a shouting match. It is append-only: entries are never edited or wiped, not even by you.

Where to find it

Open Audit log from the sidebar, at /audit-log. It is a web-only screen. Only Owner and Manager see it in the sidebar and can open it — everyone else is out. If your role does not hold audit access, the page shows an "Audit access required" panel instead of the log; an owner has to grant it.

Key concepts

  • Severity — each row is tagged high, medium, or low based on the action. High covers the dangerous stuff (cancel, credit, delete, void, override, permission, reject); medium covers everyday writes (approve, dispatch, import, invoice, payment, price, return, stock, update); the rest is low. Use it to scan for what matters.
  • Actor kind — who or what did the action. A row is either a user (a teammate, shown with their name and email) or automation — a background job like cron:retention-cleanup or worker:event-bus. Automation rows render with a settings icon instead of a face.
  • Before/after snapshot — every row carries what the record looked like before and after the change. The Change column shows a short summary of which fields moved.
  • Target — the record the action hit, shown as type and ID (for example, invoice / INV-00214). Rows that aren't tied to one record show "System event".

Common workflows

1
See everything, newest first
Open Audit log. The All events tab lists every entry newest-first, with the latest-entry time shown at the top.
2
Jump to the risky actions
Switch to the Sensitive tab. It filters to high-severity rows only — voids, deletes, credits, permission and override actions.
3
Check just your own trail
Tap My actions to filter to rows where you were the actor. Useful when someone asks "did I do that?"
4
See what the system did
Tap Automation to filter to non-user rows — crons, workers, and internal services. The actor label shows the job that ran.
5
Find one record or person
Type into the search box to match on actor, target, or action across the loaded rows. Hit Load older events at the bottom to pull the next page further back in time.

Role notes

This is a read-only screen, and both roles that can open it have the same powers here: Owner and Manager can view, filter, search, and page through the full tenant log. Neither can edit, delete, or hide an entry — the log is append-only by design, with no write action exposed anywhere in the product. OWNER holds audit access as part of its full permission set; MANAGER holds it as an explicit grant. No other role (OPERATOR, SALES, ACCOUNTANT, WAREHOUSE, DELIVERY) can reach this screen — they see the "Audit access required" panel.

Tips & time-savers

Tip
Chasing one record's history? Type its ID — like INV-00214 — into the search box and the list narrows to every action that touched it. Pair it with the Sensitive tab to see only the high-stakes changes (voids, credits, deletes) on that record.

The log is timestamped in IST (Asia/Kolkata) and ordered newest-first, so the row you usually want is at the top. Hit Refresh to pull the latest without reloading the page.

Gotchas

Warning
The audit log is append-only and tamper-evident — there is no edit, no delete, no "clean up" button. Anything a teammate does to a record is permanent in this trail. That is the point: it is your evidence in a dispute. So if a row shows the wrong story, you fix it by recording the corrective action, not by erasing history.

The My actions, Sensitive, and Automation filters and the search box only match rows already loaded into the view. If you don't find what you expect, use Load older events to pull more pages first, then filter or search again.

Related