Skip to main content

Audit log

Every data-modifying action (create, edit, delete, login, export...) is automatically recorded by the system β€” non-disableable, non-editable. Used for:

  • Investigation when something goes wrong ("who deleted order X?")
  • Internal control + audits for customers / committee
  • Meeting separation of duties requirements for enterprises

Audit log

Action types​

The system splits 12 action categories:

ActionWhenExample
🟒 CREATENew recordCreate order, create user, create route
🟑 UPDATEEdit recordUpdate customer address, edit order price
πŸ”΄ DELETERemove recordDelete driver, delete vehicle
πŸ”΅ LOGINSuccessful loginSession tracking
⚫ LOGOUTSign outβ€”
🟣 EXPORTData exportExcel report export, order export
🟠 IMPORTExcel importImport customer list
🎯 FINALIZEFinalize routesRoute plan locked
πŸ”’ LOCK / πŸ”“ UNLOCKLock / unlock routeEdit a locked plan
βš™οΈ OPTIMIZERun CVRP optimizationNew plan / benchmark
🚚 DISPATCHAuto-assign driversAuto-dispatch run
πŸ‘€ ASSIGNAssign driver/vehicleManual driver pick
↔️ MOVE_ORDERDrag order between routesMove/reorder during planning

Filters​

Multi-criteria filter at the top:

  • Time range: defaults to today. Choose any day, week, or month.
  • User: search by email or name β€” view one person's actions only
  • Action: tick Action types to view
  • Resource: filter by object type (Order, Trip, User, Customer, Vehicle...)

Click "Apply" to refresh.

Reading one log row​

Each row shows:

ColumnMeaning
TimeYYYY-MM-DD HH:mm:ss (local timezone)
UserEmail + display name
ActionAction type (colored badge)
ResourceAffected entity (e.g. Order:ABC-001)
EndpointBackend URL called
StatusHTTP code (200/201/400/404/500...)
DurationMs β€” how long the request took

Click a row for detail with:

  • User's IP address
  • User-Agent (browser/mobile)
  • Before/after diff for UPDATEs β€” each field's old β†’ new value

Excel export​

Click "Export Excel" at the top β€” downloads .xlsx with all logs matching the current filter. Each row is one action, used for:

  • Periodic report to executives
  • External archival (compliance)
  • Pattern analysis in Excel / Power BI

Who can view Audit Log?​

Only IT Admin and users with audit.view permission. Planner/Dispatcher/Accountant cannot β€” preventing employees from deleting their own logs.

FAQ​

Q: Is there a size limit on audit log? A: No hard limit, but the MongoDB collection grows. Recommended periodic archive (e.g. every 6 months) to Excel files, then delete old logs.

Q: Can audit logs be edited? A: No. The Changes field stores diffs as append-only. No UPDATE endpoint for audit log.

Q: Does the log capture passwords / tokens? A: No. Middleware auto-redacts sensitive fields: password, passwordHash, token, apiKey.

Next​