Access Log Feature
Introduction
Flywheel recognizes that research subject data can sometimes contain Personal Identifying Information (PII) or even Protected Health Information (PHI)and that such use cases include obligations to be able to audit who did what and when on the Flywheel system.
The Flywheel Access Log feature provides the user access auditing capability, by keeping a record of what users took specific actions and when.
This Access Log can be filtered and exported by users assigned a Site Admin role.
Note: This feature is intended as a user access auditing tool with group/project/subject record specificity. Other Flywheel features (such as de-id logging) are intended to provide more granular change logging of data in Flywheel.
This document will provide numerous instructional steps and information such as Interface, Retention, How to Generate a Report and Additional Steps to Administer Flywheel.
Instruction Steps
Interface
The Access Log will group recorded events by user, access type, subject record, and hour. For example, if a user were to view the images of a single subject over a 2 hour period, then there would be 2 download_file records in the Access Log. The first one would be for each hour the images were viewed and then the count of files viewed.
The Access Log report contains the following information. More detail is available when choosing to download.
| Field Name | Description |
|---|---|
| First Access | Timestamp of the first action for the hour period, localized to the current browser timezone |
| Last Access | Timestamp of the last action for the hour period, localized to the current browser timezone |
| User | Email address of the user performing the action |
| Access Type | The action that was performed |
List of Access Types:
| Name | Description |
|---|---|
| delete_analysis | Deleted an analysis record. |
| delete_container | Deleted a subject, session, or acquisition record. |
| view_container | Viewed details of a non-subject container record. |
| view_subject | Viewed details of a subject record |
| delete_file | Deleted file |
| download_file | Downloaded or viewed file contents |
| file_moved_away | Moved file between subjects (source subject) |
| file_moved_in | Moved file between subjects (destination subject) |
| replace_file | Replaced file contents with a new version |
| view_file | Viewed details of a file |
| sync_to_external | Exported data to an external storage provider via the Project Export feature. |
| view_job | Viewed details of a job (gears). |
| view_job_logs | Viewed logging output of a job (gears). |
| delete_form_response | Viewed contents of a completed viewer form. |
| view_form_response | Viewed contents of a completed viewer form. |
| add_permission | Added permissions for a new project user |
| modify_permission | Modified permissions for an existing project user |
| role_change | Modified custom user role |
| user_role_change | Modified site-level user role (User, Developer, Site Admin) |
| user_disabled | Disabled site-level Flywheel user account |
| user_enabled | Enabled or created site-level Flywheel user account |
| user_login | User login event |
| user_logout | User logout event |
Retention
The Flywheel system retains the Access Log records indefinitely.
Generate a Report
Filtering the contents of the Access Log is recommended, because viewing and downloading is limited to the first 10,000 matching records. An export containing all results can be provided by contacting support@flywheel.io
Once you have generated the report, download the results as a CSV file. The CSV file includes additional information, such as Flywheel hierarchy labels and IDs, which are not exposed on the Access Log page.
Additional Steps to Administer Flywheel
Now that basics are obtained, below are some next steps for administering Flywheel:
- Importing data overview
- Flywheel + BIDS: How to start
- Add collaborators from other institutions to your Flywheel site