PaulRentACar Docs
Compliance

Audit Logging

Comprehensive audit trail for all system events, including auth, user access, business operations, financial transactions, compliance actions, and workflow changes.

Overview

Audit logging is the foundation of accountability, regulatory compliance, and dispute resolution. Every significant action in the system is recorded in an immutable audit log. These logs cannot be edited or deleted by any user, including administrators. Audit data supports internal investigations, external audits, legal proceedings, and regulatory reporting.


What Gets Audited

The system captures events across six domains. Each domain covers a specific area of the platform.

1. Authentication Events

EventDescriptionDetail Captured
auth.login_successUser successfully logged inUser ID, IP, timestamp, device
auth.login_failedFailed login attemptUsername attempted, IP, reason
auth.logoutUser logged outUser ID, session duration
auth.token_refreshAccess token refreshedUser ID, session ID
auth.token_revokedToken explicitly revokedUser ID, token JTI, reason
auth.password_changedUser changed their passwordUser ID, method
auth.password_reset_requestedPassword reset email sentEmail, IP
auth.password_reset_completedPassword reset completedUser ID, IP
auth.account_lockedAccount locked due to failed attemptsUser ID, reason, lockout duration
auth.2fa_enabledTwo-factor authentication enabledUser ID, method
auth.2fa_disabledTwo-factor authentication disabledUser ID, reason

2. User and Access Management Events

EventDescriptionDetail Captured
user.createdNew user account createdActor, new user ID, role assigned
user.updatedUser profile modifiedActor, user ID, fields changed
user.deactivatedUser account deactivatedActor, user ID, reason
user.reactivatedUser account reactivatedActor, user ID, reason
role.createdNew role createdActor, role name, permissions assigned
role.updatedRole permissions modifiedActor, role ID, permission changes
role.deletedRole removedActor, role ID, reason
permission.grantedPermission added to roleActor, role ID, permission name
permission.revokedPermission removed from roleActor, role ID, permission name
tenant_access.grantedUser granted tenant accessActor, user ID, tenant ID
tenant_access.revokedUser tenant access removedActor, user ID, tenant ID
branch_access.grantedUser granted branch accessActor, user ID, branch ID
branch_access.revokedUser branch access removedActor, user ID, branch ID

3. Business Operations Events

EventDescriptionDetail Captured
reservation.createdNew reservation createdCustomer, dates, vehicle category
reservation.updatedReservation details modifiedFields changed, actor
reservation.confirmedReservation confirmedVehicle assigned
reservation.cancelledReservation cancelledReason code, refund details
reservation.no_showCustomer no-show recordedAuto-triggered
contract.checkoutVehicle checked out to customerVehicle, odometer, fuel level
contract.checkinVehicle checked in from customerOdometer, fuel level, condition
contract.extendedRental contract extendedNew return date, additional charges
vehicle.status_changedVehicle status updatedOld status → new status, reason
vehicle.assignedVehicle assigned to reservationVehicle ID, reservation ID
vehicle.reassignedVehicle reassigned to different reservationOld vehicle → new vehicle, reason
delivery.task_createdDelivery task generatedReservation, delivery type, address
delivery.task_completedDelivery completed successfullyDriver, timestamp, proof captured
delivery.task_failedDelivery failedFailure reason, driver notes
collection.task_createdCollection task generatedReservation, collection type
collection.task_completedCollection completedDriver, condition summary
collection.task_failedCollection failedFailure reason

4. Financial Events

EventDescriptionDetail Captured
invoice.createdInvoice generatedInvoice ID, amount, customer
invoice.issuedInvoice sent to customerInvoice ID, delivery method
invoice.voidedInvoice voidedActor, reason
payment.receivedPayment recordedAmount, method, transaction ID
payment.failedPayment attempt failedAmount, failure reason
payment.refundedRefund processedAmount, reason, approval chain
deposit.collectedSecurity deposit collectedAmount, hold method
deposit.releasedSecurity deposit returnedAmount, reason
deposit.forfeitedSecurity deposit forfeitedAmount, reason, linked damage/invoice
credit_note.issuedCredit note createdAmount, linked invoice
billing.batch_generatedCorporate billing batch createdBatch ID, account, total
billing.batch_approvedBilling batch approvedApprover, amount
fine.chargedTraffic fine charged to customerFine amount, vehicle, violation
salik.chargedSalik toll charged to customerAmount, crossings count

5. Compliance Events

EventDescriptionDetail Captured
document.uploadedDocument submitted for verificationEntity, document type
document.approvedDocument verified and approvedReviewer, document type
document.rejectedDocument rejectedReviewer, rejection reason
document.overrideVerification override appliedOverride reason, authority
complaint.createdComplaint filedCategory, channel, priority
complaint.escalatedComplaint escalatedEscalation level, reason
complaint.legally_escalatedComplaint sent to LegalReason, linked legal case
complaint.resolvedComplaint resolvedResolution type
legal_case.createdLegal case openedSource, incident details
legal_case.closedLegal case closedClosure type, financial outcome
compliance.task_createdCompliance task auto-generatedTask type, entity, due date
compliance.task_completedCompliance task resolvedActor, resolution

6. Workflow Events

EventDescriptionDetail Captured
workflow.instance_createdWorkflow instance startedEntity type, entity ID, workflow
workflow.transition_executedStatus transition performedFrom stage → to stage, action
workflow.action_deniedTransition blockedReason, permission missing
workflow.task_createdWorkflow task createdTask type, assignee
workflow.task_completedWorkflow task completedActor, completion details
workflow.task.escalatedWorkflow task escalatedEscalation reason
workflow.approval.requestedApproval request createdRequester, approval type
workflow.approval.grantedApproval givenApprover, conditions
workflow.approval.deniedApproval deniedDenier, reason
workflow.sla.warningSLA approaching deadlineTask type, time remaining
workflow.sla.breachSLA deadline exceededTask type, overage

Audit Entry Fields

Every audit log entry contains these fields:

FieldDescription
idUnique audit entry identifier (UUID)
timestampDate and time of the event (UTC, millisecond precision)
actor_user_idID of the user who performed the action
actor_usernameUsername or email of the actor
actor_roleRole(s) of the actor at the time of the event
tenant_idTenant context of the event
branch_idBranch context (if applicable)
event_typeCategorized event code (e.g., auth.login_success)
entity_typeType of entity affected (e.g., reservation, vehicle, invoice)
entity_idID of the entity affected
actionDescription of what was done
old_valuePrevious state (JSON, for update events)
new_valueNew state (JSON, for update events)
ip_addressClient IP address
user_agentBrowser or app identifier
request_idCorrelates to the API request ID
session_idUser session identifier
successBoolean — whether the action succeeded
error_messageError details (if the action failed)

Immutability

Audit logs are write-once. The following rules apply:

RuleDetail
No editsAudit entries cannot be modified after creation
No deletesAudit entries cannot be deleted by any user
No soft-deleteThere is no "delete" flag on audit entries
No bulk operationsNo bulk edit or delete tools are available on audit data
System-only writesOnly the application backend can create audit entries
Separate storageAudit logs are stored in a dedicated table with write-only permissions

Critical: Even database administrators cannot modify audit logs through the application. Direct database manipulation is outside the application's control and is a violation of security policy.


Data Retention

Data TypeRetention PeriodArchive After
Authentication events3 yearsCold storage after 1 year
User management events7 yearsCold storage after 2 years
Business operations events7 yearsCold storage after 2 years
Financial events10 yearsCold storage after 3 years
Compliance events10 yearsCold storage after 3 years
Workflow events5 yearsCold storage after 2 years

Note: Legal case audit trails are retained for the life of the case plus 10 years, regardless of standard retention periods.


Viewing Audit Logs

Who Can View

RoleAccess Scope
Compliance OfficerAll events across all tenants
Operations DirectorAll events for their tenant
Branch ManagerEvents for their branch
Finance LeadFinancial events for their tenant
IT AdministratorSystem events, authentication events
Legal TeamLegal and complaint events (linked to their cases)
Other staffNo direct audit log access

Viewing Methods

MethodHow
Entity-level audit trailOpen any entity (reservation, contract, customer, vehicle) → click Audit Trail tab
Global audit logCompliance → Audit Log (filtered by default)
ExportCompliance → Audit Log → Export (CSV or PDF)
APIGET /api/audit-logs with query filters

Filter Options

FilterOptions
Event typeAll, auth, user, business, financial, compliance, workflow
Entity typeAll entity types
ActorSpecific user or "all users"
Date rangeFrom/to date pickers
TenantTenant name (multi-tenant view only)
BranchBranch name
Success/FailureSuccessful actions, failed actions, or both

Audit Export

For external audits, legal proceedings, or regulatory reporting:

  1. Navigate to Compliance → Audit Log.
  2. Apply the desired filters.
  3. Click Export.
  4. Select format (CSV or PDF).
  5. Choose date range and scope.
  6. Confirm export. The system generates the file and makes it available for download.

Rule: Audit exports are logged. The export request itself generates an audit entry recording who exported what data and when.


Callouts

Audit logs are the single source of truth for all actions. In any dispute, investigation, or legal proceeding, audit log data takes precedence over human memory, email records, or informal notes.

Audit log performance: The system indexes audit entries by timestamp, event type, entity, and actor. Queries return results in under 2 seconds for data within the past 30 days. Older data may take up to 10 seconds for complex queries.

On this page