Account – Workspace – User activity
- Path:
/account/workspaces/:workspaceId/user-activity(TBD) - Parent:
workspace.md
Purpose (business goal)
Section titled “Purpose (business goal)”Provide visibility into workspace-scoped user actions (where permitted) for audit, troubleshooting, and operational governance.
User roles & permissions
Section titled “User roles & permissions”- Workspace Admin / Org Admin (TBD)
- Permissions:
audit.view(TBD)
Reference: Roles & Permissions Model
Layout structure
Section titled “Layout structure”- Activity list (filters: date range, actor, action type)
- Detail drawer/modal (optional)
Components used
Section titled “Components used”TBD
States
Section titled “States”- Empty: no events visible in scope
- Loading: fetch activity events
- Error: unauthorized / service unavailable
- Complete: activity list displayed
Business logic (high-level)
Section titled “Business logic (high-level)”- Activity visibility is permissioned and scope-limited to the selected workspace.
Domain refs:
API dependencies
Section titled “API dependencies”GET /audit/events?scope=workspace&workspace_id=...(TBD)
Enterprise constraints
Section titled “Enterprise constraints”- Audit visibility must not leak cross-workspace or cross-org data.
- Retention and export controls may be contract/policy dependent (TBD).
Edge cases
Section titled “Edge cases”- User has access to the workspace but not audit scope; deny or degrade to self-only view (TBD).
- Events include sensitive fields; masking/redaction rules are TBD.
Security & compliance considerations
Section titled “Security & compliance considerations”- Mask PII/secrets; avoid exposing credentials or message content in logs and UI.
- Audit access to audit logs (meta-audit) if required (TBD).
Reference: Security & Compliance
Analytics events (if applicable)
Section titled “Analytics events (if applicable)”TBD
Reference: Analytics Events (MVP)