Skip to content

Access Logs

Introduction

Flywheel recognizes that research subject data can sometimes contain Personal Identifying Information (PII) or even Protected Health Information (PHI)and that such use cases include obligations to be able to audit who did what and when on the Flywheel system.

The Flywheel Access Log feature provides the user access auditing capability, by keeping a record of what users took specific actions and when.

This Access Log can be filtered and exported by users assigned a Site Admin role.

Note: This feature is intended as a user access auditing tool with group/project/subject record specificity. Other Flywheel features (such as de-id logging) are intended to provide more granular change logging of data in Flywheel.

This document will provide numerous instructional steps and information such as Interface, Retention, How to Generate a Report and Additional Steps to Administer Flywheel.

Instruction Steps

Interface

Access_Log_16.8_-_Full_View.png

The Access Log will group recorded events by user, access type, subject record, and hour. For example, if a user were to view the images of a single subject over a 2 hour period, then there would be 2 download_file records in the Access Log. The first one would be for each hour the images were viewed and then the count of files viewed.

The Access Log report contains the following information. More detail is available when choosing to download.

Field Name Description
First Access Timestamp of the first action for the hour period, localized to the current browser timezone
Last Access Timestamp of the last action for the hour period, localized to the current browser timezone
User Email address of the user performing the action
Access Type The action that was performed

List of Access Types:

Name Description
delete_analysis Deleted an analysis record.
delete_container Deleted a subject, session, or acquisition record.
view_container Viewed details of a non-subject container record.
view_subject Viewed details of a subject record
delete_file Deleted file
download_file Downloaded or viewed file contents
file_moved_away Moved file between subjects (source subject)
file_moved_in Moved file between subjects (destination subject)
replace_file Replaced file contents with a new version
view_file Viewed details of a file
sync_to_external Exported data to an external storage provider via the Project Export feature.
view_job Viewed details of a job (gears).
view_job_logs Viewed logging output of a job (gears).
delete_form_response Viewed contents of a completed viewer form.
view_form_response Viewed contents of a completed viewer form.
add_permission Added permissions for a new project user
modify_permission Modified permissions for an existing project user
role_change Modified custom user role
user_role_change Modified site-level user role (User, Developer, Site Admin)
user_disabled Disabled site-level Flywheel user account
user_enabled Enabled or created site-level Flywheel user account
user_login User login event
user_logout User logout event

Retention

The Flywheel system retains the Access Log records indefinitely.

Generate a Report

Filtering the contents of the Access Log is recommended, because viewing and downloading is limited to the first 10,000 matching records. An export containing all results can be provided by contacting support@flywheel.io

Access_Log_16.8_-_Filters.png

Once you have generated the report, download the results as a CSV file. The CSV file includes additional information, such as Flywheel hierarchy labels and IDs, which are not exposed on the Access Log page.

Additional Steps to Administer Flywheel

Now that basics are obtained, below are some next steps for administering Flywheel: