Audit Log: Who Did What, and When

Every Change, Tracked

WareSquared records every meaningful change in your tenant — every order status flip, every inventory adjustment, every user role change, every settings tweak. The audit log gives admins a searchable, filterable trail of those changes, scoped to your company only.

Why It Matters

  • SOC 2 / GDPR Article 30 compliance. Auditors want to see that you can prove who changed what and when. The audit log is the canonical answer.
  • Incident triage. "An order shipped to the wrong address last Tuesday — who edited it?"
  • Operator accountability. Mistakes happen; this makes them traceable instead of mysterious.

Where to Find It

Settings → Audit Log — admin-only page.

Each row shows the change time, the user who made it (whodunnit), the record type (Order, Product, Customer…), the record ID, and a diff of fields-before vs fields-after.

Filtering the Log

Three filters across the top of the page narrow the firehose:

  • Item type — limit to a single record class (Order, Product, Customer, Invoice, Shipment, Membership…). The dropdown only shows types you actually have history for.
  • Since — date cutoff. Shows changes from that date forward.
  • User — limit to one operator's actions. Useful when investigating a specific person's day.

Filters compose, so "User = Alice, Item type = Order, Since = Monday" shows only Alice's order edits this week.

What's Not Captured

The audit log captures changes made through the application — UI actions, API writes, background jobs. It does not capture:

  • Direct database modifications (anyone with psql access)
  • Super-admin actions in the /admin panel — those have their own separate log
  • File uploads / Active Storage attachment changes (only the parent record is logged)

Exporting

Pagination supports up to 200 rows per page. For a fuller export, the same data is available via the JSON API at GET /api/v1/account/audit_log with the same filter parameters.

Tip: When responding to a SOC 2 question like "How do you ensure data integrity?" the audit log + tenant-isolation tests are your two-sentence answer.

Last updated June 28, 2026
Was this helpful?