> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs

> Track and review administrative actions across your organization with a tamper-resistant audit log.

export const AdminRoleBadge = ({tip = "This feature requires an organization owner, an admin role or the corresponding permission. Regular Members do not have access.", title = "Admin Only", cta = "View roles", href = "/management/roles", disabled = false}) => {
  return <Tooltip tip={tip} cta={cta} href={href}>
        <Badge icon="lock" color="orange" disabled={disabled || undefined}>
            {title}
        </Badge>
    </Tooltip>;
};

export const EnterprisePlanBadge = ({tip = "This feature is available exclusively as part of the Enterprise plan. Please refer to our pricing page for more information about our plans and features.", title = "Enterprise Plan", cta = "Read more", href = "https://coderabbit.ai/pricing", disabled = false}) => {
  return <Tooltip tip={tip} cta={cta} href={href}>
        <Badge icon="building-2" disabled={disabled || undefined}>
            {title}
        </Badge>
    </Tooltip>;
};

<EnterprisePlanBadge />

<AdminRoleBadge tip="Members and custom roles without admin-level access cannot open Audit Logs. Admin and Billing Admin users can view this page on the Enterprise plan." />

The Audit Logs give Enterprise organizations a searchable record of administrative actions taken across workspace settings, billing controls, seat management, and more. Use them to answer "who changed what, and when?" whether you're investigating an incident, satisfying a compliance review, or just keeping an eye on operational changes.

## Accessing Audit Logs

### Settings UI

Open the [CodeRabbit dashboard](https://app.coderabbit.ai) and navigate to **Settings → Audit Logs**. The page is visible to users with an admin role on the Enterprise plan.

The log table shows four columns:

| Column               | Description                                                                                        |
| -------------------- | -------------------------------------------------------------------------------------------------- |
| **User**             | The actor who performed the action, with their role (Admin, Member, Billing Admin, Bot, or System) |
| **Action**           | What happened, e.g. "Added repository" or "Created API key"                                        |
| **Resource Summary** | A short description of the specific resource affected                                              |
| **Recency / Time**   | Relative and absolute timestamp of when the action occurred                                        |

#### Searching and filtering

Use the search bar to find entries by actor name. Narrow results further using the filter controls:

* **Action** — select one or more event types
* **Resource type** — select one or more resource categories
* **Date range** — set an inclusive start and end date/time

All filters can be combined. Filter counts refresh automatically so repeat investigations stay fast.

### REST API

The same data is available programmatically. This is useful for exporting entries to a SIEM, building custom compliance reports, or integrating audit data into internal tooling.

See the [Audit Logs API reference](/api-reference/audit-logs) for the complete parameter list, response schema, and code samples.

## What is logged

The Audit Logs capture high-signal administrative changes across your workspace:

| Resource        | Events tracked                                        |
| --------------- | ----------------------------------------------------- |
| Organization    | Creation and deletion                                 |
| Repositories    | Adding and removing repositories                      |
| Subscription    | Subscription creation, updates, and cancellation      |
| Seat management | Seat assignments and removals                         |
| Configuration   | Organization-wide and repository-level config changes |
| User roles      | Role promotions and demotions                         |
| API keys        | API key creation and deletion                         |

<Info>
  Coverage expands as more admin flows are instrumented. Events are logged when the action is instrumented, so historical coverage before a given release date may be incomplete.
</Info>

## Common use cases

**Security review** — Search for a specific user to see all actions they have taken. Filter by `api_key_create` or `api_key_delete` to audit API key lifecycle. Use the date range filter to focus on a specific incident window.

**Access management audit** — Filter on seat assignment and role change events to review who was granted or removed access, and by which admin.

**Configuration change investigation** — Filter on configuration events to identify when a setting was changed and who changed it.

**Compliance reporting** — Export entries for a date range via the API to demonstrate administrative controls and a clear chain of custody.

## What's next

<CardGroup cols={1}>
  <Card title="Audit Logs API reference" href="/api-reference/audit-logs" icon="book" horizontal>
    Full parameter reference, response schema, and interactive playground for the `audit-logs` endpoint
  </Card>

  <Card title="Role-based access" href="/management/roles" icon="shield" horizontal>
    Learn about Admin, Member, and Billing Admin roles and what each can access in your organization
  </Card>
</CardGroup>