Audit Log
The audit log provides a chronological record of all significant actions taken within your organization. Use it to track who did what, when, and with what context — essential for security reviews, compliance, and debugging access issues.
:::info Business or Enterprise Only The audit log is available on Business and Enterprise plans. Team plan organizations do not have access to audit log data. :::
Tracked Actions
The audit log records the following events:
| Action | Description |
|---|---|
org.created | Organization was created |
org.updated | Organization settings were changed |
member.invited | A new member was invited |
member.role_changed | A member's role was updated |
member.removed | A member was removed from the org |
workspace.created | A new workspace was created |
workspace.updated | Workspace settings were changed |
workspace.deleted | A workspace was deleted |
workspace.started | A workspace was started (pod created) |
workspace.stopped | A workspace was stopped (pod removed) |
bridge.created | A bridge between workspaces was created |
bridge.deleted | A bridge was deleted |
apikey.created | An API key was generated |
apikey.revoked | An API key was revoked |
billing.plan_changed | The organization's plan was upgraded or downgraded |
data_connection.created | A data connection (BigQuery, Snowflake, etc.) was added |
data_connection.deleted | A data connection was removed |
Viewing the Audit Log
- Navigate to Organization Settings → Audit Log.
- The log displays entries in reverse chronological order (newest first).
- Use filters to narrow results by:
- Action type — e.g., show only
member.*events - Actor — filter by the person who performed the action
- Date range — focus on a specific time window
- Action type — e.g., show only
Log Entry Fields
Each audit log entry contains the following fields:
| Field | Description | Example |
|---|---|---|
| action | The event type identifier | member.invited |
| actor | The user ID of the person who performed the action | user_5f3a... |
| The email address of the actor | alice@acme.com | |
| metadata | Additional context specific to the action (JSON) | { "targetEmail": "bob@acme.com", "role": "member" } |
| timestamp | When the action occurred (ISO 8601, UTC) | 2026-05-21T17:30:00.000Z |
Example Log Entry
{
"action": "member.invited",
"actor": "user_5f3a8b2c",
"email": "alice@acme.com",
"metadata": {
"targetEmail": "bob@acme.com",
"role": "member"
},
"timestamp": "2026-05-21T17:30:00.000Z"
}
Metadata by Action Type
The metadata field varies by action type:
| Action | Metadata Fields |
|---|---|
member.invited | targetEmail, role |
member.role_changed | targetEmail, previousRole, newRole |
member.removed | targetEmail |
workspace.created | workspaceId, name, provider |
workspace.deleted | workspaceId, name |
bridge.created | bridgeId, sourceWorkspaceId, targetWorkspaceId |
apikey.created | keyPreview |
apikey.revoked | keyPreview |
billing.plan_changed | previousPlan, newPlan |
Data Retention
| Plan | Retention Period |
|---|---|
| Business | 90 days |
| Enterprise | 1 year (configurable) |
:::tip Exporting Audit Data For long-term retention beyond your plan's window, export audit log data regularly using the Roundtable API. Enterprise customers can configure custom retention policies and SIEM integrations. :::
Audit log entries are immutable — they cannot be edited or deleted by any user, including the Owner. This ensures the integrity of your audit trail.