Organization audit log β
The activity log is the canonical "who changed what" feed for your organization. Every material write to a tracked entity β member, attendance, donation, group, ministry, org unit, school, or enrolment β writes one row here, automatically, via a database trigger that can't be bypassed by application code.
Open it from the sidebar under Activity log, or visit /activity-log directly.
Reading an entry β
Each row tells you four things in plain English:
Sarah Patel updated members β Changed: email, phone β 2 hours ago
| Piece | Where it comes from |
|---|---|
| Actor name | actor_id β resolved to the user's full name; falls back to email if the profile is gone |
| Verb | The action column (created, updated, deleted, restored, merge_members, β¦) |
| Entity link | If the entity type has a detail route (members, groups, ministries, schools), the row links directly to it |
| Changed columns | For updated actions, the list of columns that changed β not the before/after values |
| Timestamp | Relative ("2 hours ago"); hover to see the absolute date in your org's timezone |
System writes β workflow actions, scheduled jobs, edge functions running without an authenticated user β show System as the actor instead of a person.
Filtering β
The header has three filters that combine with AND:
- Entity type β narrow to just members, donations, attendances, etc. Use this when you're investigating a specific table.
- Action β created, updated, deleted, restored. Defaults to all.
- Actor email β free-text contains-match. Type
@yourchurch.orgto see writes from staff only; type a partial address to find one person.
Filters are URL-driven, so you can bookmark or share a filtered view (/activity-log?entity=donations&action=deleted and so on).
TIP
The activity log is infinite-scroll β older entries load as you scroll past the bottom. Apply filters first if you're hunting for one specific event; the unfiltered firehose can be 10,000+ rows per month for a busy org.
Common investigations β
"A donation amount changed and I don't know why" β
- Open
/activity-log - Set entity filter to donations
- Set action filter to updated
- Optionally filter by actor email if you suspect a specific person
- Scan for the donation; click through to verify against the current record
The changed-columns hint will tell you whether amount, fund, or just notes were touched.
"Who deleted this member?" β
- Filter entity to members, action to deleted
- Scroll to the date in question
- The actor column tells you exactly who did it and when
Deleted members are soft-deleted β they're still in the database with deleted_at set. The audit row preserves the actor; the member row preserves the data. You can restore from the recycle bin within 30 days.
"Did the workflow actually run last night?" β
Workflow actions write entries with actor_email = system and metadata describing the workflow run. Filter actor email to system to see only automated activity.
What the data underneath looks like β
The org_audit_log table:
id uuid primary key
organization_id uuid -- scoped by current_org_id() RLS
actor_id uuid -- null for system writes
actor_email text -- denormalized for the case the profile is gone
action text -- 'created' | 'updated' | 'deleted' | 'restored' | β¦
entity_type text -- table name
entity_id uuid -- row id in that table
metadata jsonb -- { changed: [...], reason: '...', β¦ }
created_at timestamptzThe metadata.changed array lists column names. The metadata.reason field, when present, is a free-text justification supplied by the action that wrote the row β for example, the workflow run reason or a manual "marked lost" explanation.
Differences vs the Data & Logs audit tab β
The same org_audit_log table powers the audit tab on Data & Logs. The differences are:
/activity-log | Data & Logs β Audit | |
|---|---|---|
| Permission | users.manage | config.manage |
| Rows shown | Infinite scroll, all rows | Latest 50, no pagination |
| Filters | Entity, action, actor email | None |
| Use it for | Investigations, audits | A quick "what happened recently?" glance during a config session |
Most admins use /activity-log day-to-day. The Data & Logs tab exists so a config-only role (no users.manage) can still see recent activity without granting them the bigger permission.
See also β
- Member activity log for per-member timelines
- Exporting logs for CSV exports