Audit logging
Who did what, when, and how to export it for compliance.
Every meaningful action in Dalea is recorded in an audit log. As an org admin or compliance officer, this is the page you'll come back to when you need to answer "who did what, when, why".
What's logged
The audit log captures every state-changing event in your org. A non-exhaustive list:
- Sign-ins (success and failure), passkey enrolments, password changes, TOTP setups
- Member invitations, role changes, removals (org and workspace level)
- Workspace creation, deletion, settings changes, OAuth client management
- Document creation, edits, version snapshots, restoration, deletion
- Schema changes (table create, column add, naming-scheme change) — including the audit reason the user typed
- Result batch open, edit, close, supersede — including e-signatures
- Inventory item creation, container moves, check-out, consumption, discard
- Bulk imports (file name, row count, source format)
- Template publishes to dalea.market
- API key creation and revocation
- OAuth and MCP token issuance
- Failed authorisation attempts (someone tried to do something they couldn't)
Each event records: actor, timestamp, IP address, sign-in method, auth strength, target object, action type, before and after state (where applicable), and the optional audit reason.
Where to find it
Settings → Org → Audit log.
Two views:
| View | Use when |
|---|---|
| Stream | Live tail. Useful while investigating an incident. |
| Search | Historical. Filter by actor, action type, target, date range. |
Workspace-scoped admins see only their workspace's events. Org admins see events across all workspaces in the org. Cross-org events (member added to the org) are visible to org admins.
Filters
The search view supports:
- Actor — pick a member, see everything they did.
- Action type — sign-in, schema change, result-batch close, API key issue, etc.
- Target — one document, one inventory item, one environment.
- Date range — last 24 h, 7 days, 30 days, or custom.
- Outcome — succeeded, failed, denied. Useful for spotting probing activity.
- Sign-in method — sessions only, API keys only, MCP tokens only.
Filters compose. A typical compliance query: "All schema changes by Editor-role
members in the last 90 days." Filter by action type = schema.*, member role
= Editor, date range = 90 days.
Exporting
Compliance audits, regulatory submissions, and SIEM ingestion all want the audit log in machine-readable form.
| Format | Best for |
|---|---|
| CSV | Spreadsheet review, ad-hoc analysis. |
| JSON Lines | SIEM ingestion (Splunk, Datadog, Elastic). |
| Signed bundle | A .zip with the JSONL plus a signature file proving the export hasn't been tampered with. Required for some regulated audits. |
Export is filter-aware — you get exactly the slice the search view is showing.
Retention
The retention policy is org-tier dependent:
| Tier | Hot retention (queryable) | Cold retention (export-only) |
|---|---|---|
| Free | 30 days | – |
| Pro | 90 days | – |
| Academic / Enterprise | 180 days | 10 years |
Hot retention means the events are queryable in the in-app log. Cold retention means events older than the hot window are still exportable as a signed bundle but no longer surface in the live view. This split is what lets labs answer 21 CFR Part 11 / GxP "show me the audit trail from 2031" without keeping decade-old records hot.
Audit reasons
Many destructive actions in Dalea (schema changes, result-batch closes, inventory discards, document deletions) prompt for an audit reason when performed. The reason is free text but captured permanently in the audit log.
Encourage the habit:
- "Adding
metabolite_idcolumn to support PK study DLA-7-Phase-2." - "Closing batch with re-recorded standards after pipette calibration."
- "Discarding lot 24-088 — expiration past plus QC failure."
Specific reasons make audits much faster and reduce the chance you have to re-derive context two years later.
E-signatures (Enterprise tier)
On Enterprise, you can require an e-signature on closing a result batch or finalising a document. The user is asked to re-authenticate (with passkey or password+TOTP) at that point; the signature is bound to the action and recorded in the audit log alongside the event.
This is what unlocks 21 CFR Part 11 compliance. Enterprise customers should enable e-signature requirements on their result-recording workflows during onboarding. Detailed setup is on the Enterprise admin docs (P1, coming soon).
Privacy
The audit log is not end-user-visible. Members see their own activity in a limited form (their own sign-ins, their own API keys); the full org log is admin-only. Auditing the audit log itself is also captured — every export event is logged.
Tips
If you suspect a security issue, start with outcome = denied for
the target user or IP. A pattern of denied requests just before a successful
one is the signature of a probing attempt.
Even if your org is on Free or Pro tier, exporting a monthly CSV to your own storage gives you durable audit history beyond the hot retention window. Three minutes a month, indefinite history.