Skip to content

URS-003 · Audit Log Tracking of All User Actions

Status: PASS  ·  Duration: 59s  ·  Run Date: April 21, 2026


PASS

Step 1: Rep login


PASS

Step 2: Create order

Step 2: Create order

Step 2: Create order

Step 2: Create order


PASS

Step 3: Edit order item

Step 3: Edit order item

Step 3: Edit order item


PASS

Step 4: Rep denied admin access


PASS

Step 5: Admin login

audit_events table has the expected schema

Section titled “audit_events table has the expected schema”
PASS

Table public.audit_events should expose at least: id, organization_id, user_id, event_type, action, object_id, payload, created_at

SELECT column_name
FROM information_schema.columns
WHERE table_schema = 'public' AND table_name = 'audit_events'
column_name
id
organization_id
user_id
contact_id
event_type
action
object_id
secondary_object_id
payload
route
trace_id
created_at
url

PASS

Bob logging in should produce at least one user_log row with action=user:login.

SELECT id, action, event_type, user_id, organization_id, payload, created_at
FROM audit_events
WHERE created_at >= $1
AND user_id = $2
AND event_type = 'user_log'
AND action = 'user:login'
ORDER BY created_at ASC
idactionevent_typeuser_idorganization_idpayloadcreated_at
019dae25-9b29-7375-b0e9-270606119161user:loginuser_log17b8c9d0-e1f2-3456-1234-567890123456b2c3d4e5-f6a7-8901-bcde-f12345678901[object Object]2026-04-21T03:46:33.392Z
019dae25-b285-7470-b25b-785b7a5bb74cuser:loginuser_log17b8c9d0-e1f2-3456-1234-567890123456b2c3d4e5-f6a7-8901-bcde-f12345678901[object Object]2026-04-21T03:46:39.412Z
019dae26-0047-7bb4-b649-bf71438a1c07user:loginuser_log17b8c9d0-e1f2-3456-1234-567890123456b2c3d4e5-f6a7-8901-bcde-f12345678901[object Object]2026-04-21T03:46:59.304Z
019dae26-4579-7318-aaea-ad44cc55a248user:loginuser_log17b8c9d0-e1f2-3456-1234-567890123456b2c3d4e5-f6a7-8901-bcde-f12345678901[object Object]2026-04-21T03:47:17.001Z

PASS

Dan logging in should produce at least one user_log row with action=user:login.

SELECT id, action, event_type, user_id, organization_id, payload, created_at
FROM audit_events
WHERE created_at >= $1
AND user_id = $2
AND event_type = 'user_log'
AND action = 'user:login'
ORDER BY created_at ASC
idactionevent_typeuser_idorganization_idpayloadcreated_at
019dae26-630a-7f95-b75d-5e8ac6ee6b9cuser:loginuser_logc3d4e5f6-a7b8-9012-cdef-123456789012b2c3d4e5-f6a7-8901-bcde-f12345678901[object Object]2026-04-21T03:47:24.562Z

update_order_request_item decision was audited for Bob

Section titled “update_order_request_item decision was audited for Bob”
PASS

Editing an order item should produce a decision audit_events row with action=update_order_request_item for the acting user.

SELECT id, action, event_type, user_id, object_id, payload, created_at
FROM audit_events
WHERE created_at >= $1
AND user_id = $2
AND event_type = 'decision'
AND action = 'update_order_request_item'
ORDER BY created_at DESC
idactionevent_typeuser_idobject_idpayloadcreated_at
019dae26-246a-7996-b36b-eb312de664d9update_order_request_itemdecision17b8c9d0-e1f2-3456-1234-567890123456019dae25-e6b1-79d8-bd11-809a605559a4[object Object]2026-04-21T03:47:08.471Z

audit rows for Bob have required fields populated

Section titled “audit rows for Bob have required fields populated”
PASS

Every audit_events row for Bob during the run should have non-null event_type and organization_id. (created_at is NOT NULL by schema constraint.)

SELECT id,
(event_type IS NULL) AS missing_event_type,
(organization_id IS NULL) AS missing_org
FROM audit_events
WHERE created_at >= $1
AND user_id = $2
AND (
event_type IS NULL OR
organization_id IS NULL
)

No rows returned.


no audit rows leaked to other organizations (test actors only)

Section titled “no audit rows leaked to other organizations (test actors only)”
PASS

Audit rows written during the run by the test actors (Bob, Dan, Ryan) must belong to one of the demo organizations (ZuriMED or StellarTech).

SELECT id, organization_id, user_id, event_type, action, created_at
FROM audit_events
WHERE created_at >= $1
AND user_id = ANY($2::uuid[])
AND organization_id <> ALL($3::uuid[])

No rows returned.