Activities
The Activities section serves as an access and change journal for administrators.
It logs which users accessed which pages or triggered which actions in the system and when – similar to an HTTP access log.
The activity overview helps to trace system usage, identify anomalies, and perform targeted support or audit measures when needed.
Where can I find this section?
Via main menu: System → Activities
Alternatively accessible via: Linked from users
Features at a glance
- Display of all user activities in the system (e.g., page views, API accesses)
- Filtering by user, time period, endpoint, or HTTP method
- Review of requests and responses including headers and status codes
Important fields at a glance
| Field name | Description |
|---|---|
requestClientIP | IP address of the client from which the request originated. Useful for tracking access. |
requestMethod | HTTP method of the request (e.g., GET, POST, PUT, DELETE). Indicates whether data was read, created, or modified. |
requestPermission | The permission that was relevant for the request (e.g., "users_read_one"). Serves for permission auditing. |
requestUrl | The accessed URL or API endpoint. Allows tracing of the affected resource. |
requestUser | User ID of the person who triggered the request. References the user object in the system. |
responseCode | HTTP status code of the server response (e.g., 200 = successful, 403 = unauthorized, 500 = server error). |
timestamp | Time at which the activity took place. Automatically stored in UTC. |
x-process-time | Processing time of the request in seconds. Delivered in the "x-process-time" header and shows how long the server processing took. |
Example or use case
An administrator wants to check which actions a user performed in the last 24 hours. She opens the System → Activities section, filters by user ID, and receives a list of the corresponding API calls, including IP address, method, and response code. Based on this information, she can quickly determine whether a technical issue or a user error occurred.
{
"timestamp": "2015-10-21T16:29:00.000000+02:00",
"requestClientIP": "1.1.1.1",
"requestUser": "25e281df-1bd9-47cc-97a2-496fffe5516a",
"requestPermission": "users_read_one",
"requestMethod": "GET",
"requestUrl": "/v1/users/66179794-55e2-4be7-abff-256f1e1b8838",
"responseCode": 200
}
Notes / Special considerations
- Activity logs are automatically generated by all API accesses.
- Regular users can view their own activities; complete logs are only accessible to administrators.
- Deleted activities cannot be recovered.
- Only the backend access logs are recorded.
- To improve performance, old entries are automatically deleted after a defined period. Details can be found in the backend configuration settings.
Required permissions
The permissions required for actions can be assigned via roles or individually. If you lack certain rights, the corresponding functions in the user interface are hidden or disabled.
| Action | Required permission | Path | Additional information |
|---|---|---|---|
| View activities | activities_read | / | |
| View own activities | activities_read_own | / |