# Audit Log

## Overview

The Audit Log provides a centralized, immutable audit trail of all actions performed within a Firefly tenant. It captures user and API activity across all Firefly domains, including Inventory, Governance, Workflows, Integrations, and more.

The Audit Log is designed for:

* Security and compliance audits
* Operational troubleshooting and debugging
* Change traceability across cloud infrastructure

Every logged event includes contextual metadata such as the actor, action, target, scope, request/response payloads, and execution status.

## What Gets Logged

### Action Scopes

The following domains are covered:

* **Inventory** (`inventory:*`)
* **Workflows** (`workflows:*`)
  * Workspaces
  * Projects
  * Variable sets
  * Workflow runs
* **Governance** (`governance:*`)
* **Integrations** (`integrations:*`)
* **Users, Teams, Roles**
  * `users:*`
  * `teams:*`
  * `roles:*`
* **API Keys** (`api:*`)
* **Notifications** (`notifications:*`)
* **IaC Explorer & Drift Management**
  * `iac-*`
  * `drift-exclude:*`

## Audit Log UI

### Location

**Settings → Audit Log**

### Table View

The Audit Log is displayed as a sortable, paginated table.

### Filtering & Search

The Audit Log supports advanced filtering to quickly locate relevant events.

#### Available Filters

* **Actor** (user or API token)
* **Action** (multi-select)
* **Scope** (multi-select)
* **Status** (success / failure)
* **Time Range** (last X days or custom)

### Exporting Logs

Filtered results can be exported as a CSV file for offline analysis, compliance reviews, or external tooling.

Exports reflect only the currently applied filters.

## RBAC & Visibility

Access to the Audit Log is controlled via RBAC.

* Viewing logs requires the `audit-log:read` permission.
* Visibility is scoped to the user's role and tenant.
* Sensitive fields may be masked based on role permissions (GA).