Flywheel recognizes that research subject data can sometimes contain Personal Identifying Information (PII) or even Protected Health Information (PHI), and that such use cases include obligations to be able to audit who did what and when on the Flywheel system. The Flywheel Access Log feature provides the user access auditing capability, by keeping a record of what users took specific actions, and when. This Access Log can be filtered and exported by users assigned a Site Admin role.
Note that this feature is intended as a user access auditing tool with group/project/subject record specificity. Other Flywheel features (such as de-id logging) are intended to provide more granular change logging of data in Flywheel.
Interface
The Access Log report contains the following information. More detail is available when choosing to download.
|
Field Name |
Description |
|
First Access |
Timestamp of the first action for the hour period, localized to the current browser timezone |
|
Last Access |
Timestamp of the last action for the hour period, localized to the current browser timezone |
|
User |
Email address of the user performing the action |
|
Access Type |
The action that was performed |
List of Access Types:
|
Name |
Description |
|
delete_analysis |
Deleted an analysis record. |
|
delete_container |
Deleted a subject, session, or acquisition record. |
|
view_container |
Viewed details of a non-subject container record. |
|
view_subject |
Viewed details of a subject record |
|
delete_file |
Deleted file |
|
download_file |
Downloaded or viewed file contents |
|
file_moved_away |
Moved file between subjects (source subject) |
|
file_moved_in |
Moved file between subjects (destination subject) |
|
replace_file |
Replaced file contents with a new version |
|
view_file |
Viewed details of a file |
|
sync_to_external |
Exported data to an external storage provider via the Project Export feature. |
|
view_job |
Viewed details of a job (gears). |
|
view_job_logs |
Viewed logging output of a job (gears). |
|
delete_form_response |
Deleted responses to a completed viewer form. |
|
view_form_response |
Viewed responses to a completed viewer form. |
|
add_permission |
Added permissions for a new project user |
|
modify_permission |
Modified permissions for an existing project user |
|
role_change |
Modified custom user role |
|
user_role_change |
Modified site-level user role (User, Developer, Site Admin) |
|
user_disabled |
Disabled site-level Flywheel user account |
|
user_enabled |
Enabled or created site-level Flywheel user account |
|
user_login |
User login event |
|
user_logout |
User logout event |
Retention
The Flywheel system retains the Access Log records indefinitely.
Generate a report
Filtering the contents of the Access Log is recommended, because viewing and downloading is limited to the first 10,000 matching records. An export containing all results can be provided by contacting support@flywheel.io
Once you have generated the report, download the results as a CSV file. The CSV file includes additional information, such as Flywheel hierarchy labels and IDs, which are not exposed on the Access Log page.
Now that you have some of the basics, here's some next steps for administering Flywheel: