RBAC Audit Log

Request Information

Who: User ID and username

What: Capability being requested (e.g., "moderation.ban")

When: Exact timestamp with millisecond precision

Decision Information

Result: ALLOW or DENY

Reason Code: Why the decision was made

Decision Path: Which grants were evaluated, in priority order

Context Information

Actor: User's roles, whether they're admin, whether owner

Resource: What resource the action targets (channel, category, guild)

Source: WEB (dashboard), BOT (command), or API (integration)

Audit Tab

RBAC Dashboard → Audit tab. Shows all permission decisions from most recent to oldest.

Log Entry View

Each log entry displays:

• •Username of requester
• •Capability requested
• •Decision (ALLOW/DENY badge, color-coded)
• •Reason code
• •Timestamp (human-readable, e.g., "2 minutes ago")

Expand for Details

Click any log entry to expand and see full details: user ID, all roles, admin status, scope, source, complete decision path with all evaluated grants.

Filter by User

Searchable dropdown to select a user. Shows logs for all permission checks by that user. Useful for investigating a specific user's activity.

Filter by Capability

Searchable dropdown to select a capability. Shows all permission checks for that capability across all users. Useful for security analysis.

Filter by Decision

Checkboxes to show ALLOW, DENY, or both. Useful for finding denied access attempts or successful operations.

Filter by Reason Code

Multi-select to show logs from specific reason codes. For example, show only "ADMIN_BYPASS" logs to audit admin activity.

Date Range Filter

Calendar picker to select start and end dates. Show logs from a specific time period (e.g., last 24 hours, last week, custom range).

Advanced Search

Combine multiple filters. For example: "All DENY decisions for 'moderation.ban' by users in role 'Moderator' in the last 7 days".

Retention Duration

Configured in Policy Setup (default: 90 days). Logs older than this are automatically deleted.

Adjust: Go to RBAC Dashboard → Setup tab → Audit Retention Days setting

Retention Options

Common retention periods:

• •30 days: Short term, light storage footprint
• •90 days (default): Good balance for most servers
• •180 days: Longer history for large servers
• •365 days: Full-year retention for compliance

Export to CSV

Export current view (filtered or all) to CSV. Import into Excel, Google Sheets, or analysis tools for custom reports.

Export to JSON

Export in machine-readable JSON format. Includes all fields with full detail. Useful for programmatic analysis or archival.

Scheduled Reports

Set up automatic weekly/monthly audit log exports. Reports are emailed to admins for compliance documentation.

❓"Why can't user X do action Y?"

Search audit logs for that user and capability. Look at the decision path to see which grants were evaluated and why decision was DENY.

❓"Who has admin access recently?"

Filter logs for reason code "ADMIN_BYPASS" over last 24 hours. Shows all actions where admin bypass was used.

❓"Which users tried to ban people?"

Filter logs for capability "moderation.ban". View results (both ALLOW and DENY) to see all ban attempts and who made them.

❓"Is my RBAC policy correct?"

Review logs over a few days. Legitimate users should have mostly ALLOW decisions. Unexpected DENY patterns indicate misconfigured grants.

❓"Did break-glass mode get used?"

Filter logs for reason code "BREAK_GLASS". Shows all actions taken during emergency mode activation.