Skip to content
NovaVMS Manual

Audit actions

Every sensitive action in NovaVMS writes an audit log entry. This page lists every action name you might see, grouped by area.

Auth actions

ActionActorTargetNotes
user.loginuserselfSuccessful login.
user.login_faileduserselfWrong password or disabled account.
user.lockoutsystemuserEmitted when failed-login threshold triggers a lockout.
user.logoutuserselfExplicit logout or session revoke.
user.password_changeduserselfUser changed their own password.
user.password_reset_requestedadmin or owneruserAdmin initiated a reset for another user.
user.password_reset_completeduserselfUser completed a reset link flow.

User actions

ActionActorTargetNotes
user.createdadmin or owneruserInvite or direct create.
user.updatedadmin or owneruserProfile, role, or site access edit. Role changes write a diff in changes.
user.disabledadmin or owneruserUser cannot log in after this. Sessions revoked.

Site actions

ActionActorTargetNotes
site.createdadmin or ownersiteNew site in the org.
site.updatedadmin or ownersiteName, timezone, retention, or other settings changed.
site.deletedadmin or ownersiteSoft-deleted.
site.user_access_grantedadmin or owneruserViewer granted read access to a site.
site.user_access_revokedadmin or owneruserViewer lost access to a site.
site.user_access_noopadmin or owneruserNo-op edit, logged for completeness.

Camera and gateway actions

ActionActorTargetNotes
camera.createdoperator or abovecameraCamera added via ONVIF discovery or manual config.
camera.updatedoperator or abovecameraStream config, AI settings, or name change.
camera.disabledoperator or abovecameraCamera toggled off without deletion.
camera.deletedoperator or abovecameraSoft-deleted. Events preserved.
gateway.updatedoperator or abovegatewayGateway renamed or reconfigured.
gateway.disabledoperator or abovegatewayGateway toggled off.
gateway.enabledoperator or abovegatewayGateway re-enabled.
gateway.deletedoperator or abovegatewayGateway unpaired and removed.

Alert and integration actions

ActionActorTargetNotes
alert_rule.createdoperator or abovealert_ruleNew rule.
alert_rule.updatedoperator or abovealert_rule or alert_recipientRule edit or recipient list change.
alert_rule.deletedoperator or abovealert_ruleRule removed.
webhook.createdoperator or abovewebhookWebhook definition created. Secret visible only to admins and owners.
webhook.updatedoperator or abovewebhookDefinition changed. Secret rotation logged separately.
webhook.deletedoperator or abovewebhookWebhook removed.
prompt_pack.createdoperator or aboveprompt_packAI prompt pack defined.
prompt_pack.updatedoperator or aboveprompt_packContent or assignment changed.
prompt_pack.deletedoperator or aboveprompt_packPack removed.

Service account actions

ActionActorTargetNotes
service_account.createdadmin or ownerservice_accountNew service account and key. Key material shown once.
service_account.key_rotatedadmin or ownerservice_accountOld key invalidated immediately.
service_account.site_access_updatedadmin or ownerservice_accountSite scope changed.
service_account.disabledadmin or ownerservice_accountAll future API calls rejected.

Owner-only actions

ActionActorTargetNotes
org.ownership_transfer_initiatedowneruserOwnership transfer nominated. Target user has 7 days to accept.
org.ownership_transferredsystemorganizationTarget accepted. Atomic promote + demote.
org.ownership_transfer_rejecteduserorganizationTarget declined the nomination.
org.ownership_transfer_expiredsystemorganization7-day window elapsed without acceptance.
org.deletion_initiatedownerorganization7-day grace period starts.
org.deletion_cancelledownerorganizationDeletion aborted during grace period.
org.impersonation_toggledownerorganization”Allow NovaVMS Support Access” flipped. Revokes active sessions on disable.

Platform admin actions

These entries appear in both the platform audit log and, where an org is targeted, the target org’s audit log with a “Platform Support” badge.

ActionActorTargetNotes
platform.loginplatform_adminselfPlatform console login.
platform.logoutplatform_adminselfExplicit logout.
platform.org_createdplatform_adminorganizationNew customer org provisioned.
platform.org_disabledplatform_adminorganizationOrg suspended without deletion.
platform.org_enabledplatform_adminorganizationOrg re-enabled.
platform.org_delete_scheduledplatform_adminorganization7-day grace scheduled.
platform.impersonation_startedplatform_adminorganization30-minute scoped token minted. Reason is required and logged.
platform.impersonation_actionplatform_adminanyFired per-action inside an impersonation session, in addition to the org-side action entry.
platform.impersonation_endedplatform_admin or systemorganizationSession closed or timer expired.

Retention

90 days, per D11. Older entries are purged daily by the accounts retention job. Platform audit entries are kept 365 days.