Skip to content

Audit Log

Every meaningful change to an entity in iFlow is recorded with the acting user, the timestamp, and a snapshot of what changed. The audit log is the immutable record of who did what, when.

What gets audited

  • Entity create / update / delete — subjects, samples, orders, analyses, reports, credentials, project membership, role assignments.
  • Order stage transitions — every move between Creation → Analysis → Review → Sign Off → Completion is appended to OrderStageTransitionHistory with the acting user and timestamp.
  • Sign-off events — the signed PDF is recorded with the signing user and the bytes hash, and is never overwritten.
  • Authentication events — login, logout, 2FA enrollment, failed login attempts.

Where to find it

  • Per-entity: open any subject, sample, order, or analysis and scroll to the History card at the bottom of the detail page. This shows all changes to that specific entity.
  • Project-wide: the project's Audit page shows the full chronological feed across all entities in the project. Filter by user, entity type, or date range.

What's not in the audit log

  • Variant classification changes inside the Variant Miner are recorded on the ReportVariantAssociation record itself (modified_by, modified_at), not in the general audit log. See Variant Filtering for the per-variant audit fields.
  • File reads (downloads from the file browser) are not audited. Treat the project bucket as the lower boundary of audit coverage.

See also

  • Order lifecycle — the state machine whose transitions are audited.
  • Users & Roles — terminal-guarantees section explains the immutability of sign-off audit entries.