Overview
The Audit Trail provides a complete, time-stamped record of all key actions taken across your Layer workspace. It helps your team maintain transparency, meet compliance requirements, and easily investigate activity across projects and users.
Layer automatically logs all important events from asset creation, editing, style trainings, workflow runs to user management and workspace changes - in one centralized, immutable record.
Why It Matters
Accountability: See exactly who did what and when.
Compliance: Supports SOC 2 and enterprise governance needs.
Security: Identify unauthorized or unusual activity quickly.
Transparency: Give admins and auditors a clear view of workspace history.
What’s Tracked
Layer logs actions in the following categories:
Category | Example Events |
Asset (any generation, including from the Canvas) | Asset Forged, Asset Updated, Asset Deleted, Asset Exported |
Style | Style Created, Style Training Started, Style Training Completed, Style Added to Workspace |
Directory | Directory Created, Directory Updated, Directory Deleted, Directory Moved |
File | File Uploaded, File Liked, File Deleted, File Moved |
User | User Created, User Updated, User Invited, User Role Updated |
Workspace | Workspace Created, Workspace Updated, Workspace Deleted |
Workflows | Workflow Created, Workflow Published, Workflow Deleted, Workflow Added to Workspace |
Event Details
Each audit log entry includes the following data:
Field | Description |
id | Unique identifier for the event |
created_at | Timestamp when the event was created (UTC) |
name | Specific name of the event (e.g., asset_created, user_updated) |
type | Category of the event (asset, style, user, workspace, etc.) |
resource_id | ID of the resource affected by the event when applicable |
resource_type | Type of resource affected (canvas, inference, style, etc.) when applicable |
workspace_id | ID of the workspace where the event occurred |
data | Additional event-specific data stored as key-value pairs. Varies for each event |
Sensitive information like passwords or API secrets are never recorded in event details.
Viewing the Audit Trail
You can view and filter audit logs directly within Layer:
Workspace → Activity → Events
Displays a chronological list of all workspace activity.Filters: by date range, actor, event type, or resource.
Search: by user, asset, or workflow ID.
Per-object history: asset and workflow pages include scoped “Activity” tabs.
Admins can export the full audit history as CSV
Access & Permissions
Admins can view all workspace activity.
Members can view logs related to their own assets or workflows.
Audit Trail records are read-only and immutable - they cannot be edited or deleted.
Data Retention
Audit logs are retained forever by default.
Enterprise plans can request custom retention periods or external export for compliance.
API Access
Developers can programmatically retrieve audit logs via the Audit Trail API by following this guide.
The logs are exported to a CSV file containing the following columns:
timestamp: The UTC date and time when the event took place.
event_type: The category the event belongs to (e.g., user, workspace, etc.).
event_name: The specific name of the event.
user_email: The email of the user associated with the event.
data: A JSON object carrying event-specific details.
Integrations
Audit Trail data can be exported or forwarded to third-party tools such as:
SIEM systems (Splunk, Datadog, Elastic)
Monitoring dashboards
Security compliance platforms
Notes for Enterprise Users
Audit Trail forms part of Layer’s SOC 2 Type II compliance program.
All logs are timestamped, immutable, and stored in encrypted databases.
Admins can contact support for custom exports or compliance evidence packages.