Access Log

  • Updated

Flywheel recognizes that research subject data can sometimes contain Personal Identifying Information (PII) or even Protected Health Information (PHI), and that such use cases include obligations to be able to audit who did what and when on the Flywheel system. The Flywheel Access Log feature provides the user access auditing capability, by keeping a record of what users took specific actions, and when. This Access Log can be filtered and exported by users assigned a Site Admin role.


Note that this feature is intended as a user access auditing tool with group/project/subject record specificity. Other Flywheel features (such as de-id logging) are intended to provide more granular change logging of data in Flywheel.

Interface

Access_Log_16.8_-_Full_View.png
The Access Log will group recorded events by user, access type, subject record, and hour. For example, if a user were to view the images of a single subject over a 2 hour period, there would be 2 download_file records in the Access Log, one for each hour the images were viewed, and the count of files viewed.

The Access Log report contains the following information. More detail is available when choosing to download.

Field Name

Description

First Access

Timestamp of the first action for the hour period, localized to the current browser timezone

Last Access

Timestamp of the last action for the hour period, localized to the current browser timezone

User

Email address of the user performing the action

Access Type

The action that was performed

 

List of Access Types:

Name

Description

delete_analysis

Deleted an analysis record.

delete_container

Deleted a subject, session, or acquisition record.

view_container

Viewed details of a non-subject container record.

view_subject

Viewed details of a subject record

delete_file

Deleted file

download_file

Downloaded or viewed file contents

file_moved_away

Moved file between subjects (source subject)

file_moved_in

Moved file between subjects (destination subject)

replace_file

Replaced file contents with a new version

view_file

Viewed details of a file

sync_to_external

Exported data to an external storage provider via the Project Export feature.

view_job

Viewed details of a job (gears).

view_job_logs

Viewed logging output of a job (gears).

delete_form_response

Viewed contents of a completed viewer form.

view_form_response

Viewed contents of a completed viewer form.

add_permission

Added permissions for a new project user

modify_permission

Modified permissions for an existing project user

role_change

Modified custom user role

user_role_change

Modified site-level user role (User, Developer, Site Admin)

user_disabled

Disabled site-level Flywheel user account

user_enabled

Enabled or created site-level Flywheel user account

user_login

User login event

user_logout

User logout event

 

Retention 

The Flywheel system retains the Access Log records indefinitely.

 

Generate a report

Filtering the contents of the Access Log is recommended, because viewing and downloading is limited to the first 10,000 matching records. An export containing all results can be provided by contacting support@flywheel.io

Access_Log_16.8_-_Filters.png

Once you have generated the report, download the results as a CSV file. The CSV file includes additional information, such as Flywheel hierarchy labels and IDs, which are not exposed on the Access Log page.

Next Steps

Now that you have some of the basics, here's some next steps for administering Flywheel: