Audit

The Audit Log provides a tamper-proof and immutable audit trail of all events that occur in the Rhize system. Users with appropriate permissions can access the audit log either through the UI menu or the GraphQL API.

Prerequisites

To use the audit log, ensure you have the following:

• If accessing to your Rhize UI environment, a user account with appropriate permissions

• If accessing through GraphQL, you also need:

  • The ability to Use the Rhize GraphQL API
  • A token configured so that audience includes audit, and the scopes contain audit:query.

  This scope should be created by BaaS, not manually. For details, refer to Set up Keycloak.

Audit through the UI

To inspect the audit log through the Rhize UI, follow these steps:

1. From the UI menu, select Audit.
2. Select the users that you want to include in the audit.
3. Use the time filters to select the pre-defined or custom range that you want to return.

On success, a log of events appears for the users and time ranges specified. For a description of the fields returned, refer to the Audit fields section.

Audit fields

In the audit UI, each record in the audit has the following fields:

Audit through GraphQL

The audit log is also exposed through the GraphQL API. To access it, use the queryAuditLog operation, and add filters for the time range and users.

Here’s an example query:

query {
  queryAuditLog(filter: {start: "2023-01-01T00:00:00Z", end:"2023-12-31T00:00:00Z", tagFilter:[{id:"user", in: ["admin@libremfg.com"]},{id:"operation", in: ["set"]}]}, order: {}) {
    operationType
    meta {
      time
      user
    }
    event {
      operation
      uid
      attribute
      value
    }
  }
}