Track database changes and manage data governance with audit logs

When managing a growing database, knowing exactly who changed what, and when, isn’t just a nice-to-have; it’s a critical requirement for security and compliance. Whether you are prepping for a strict security audit, maintaining a SOC 2 compliant database, or simply trying to figure out who accidentally deleted a critical client record, you need a clear, unalterable history of your team’s activity.

If you are migrating from platforms like Airtable or Smartsheet, you know that lacking visibility into user actions can create massive data governance headaches. This is where audit logs come in. Baserow’s audit logs track every action performed across your workspaces, providing complete visibility and helping you maintain total control over your information.

How do Baserow audit logs capture database activity?

At its core, an audit log records the “who, what, when, and where” of your database activity. Every time an action is performed, the system captures the user’s email, the type of action taken, the affected workspace or database, the exact timestamp, and the origin IP address.

This comprehensive tracking is essential for routine security monitoring, strict compliance auditing, and troubleshooting day-to-day workflow errors. Baserow tracks a wide variety of events, including:

• Data operations: Creating, updating, deleting, or moving rows and cells.
• Structural changes: Adding or removing tables, fields, and views.
• Permission updates: Role assignments and team changes.
• Workspace actions: Creating, deleting, or moving entire databases.
• Administrative events: Login attempts, account changes, and snapshot operations.

Scaling data governance: Workspace vs. instance-level tracking

To support different organizational structures and security policies, Baserow offers two levels of audit logging depending on your deployment and plan:

Workspace-level logs (For team leads)

Available on Cloud Advanced and self-hosted Advanced/Enterprise plans, workspace-level logs track activity within a single specific workspace. This is the ideal solution for team leads and workspace administrators who need to monitor their own team’s database changes without needing access to the entire company’s infrastructure.

Instance-level logs (For IT and system admins)

Available exclusively to instance administrators on self-hosted Advanced and Enterprise plans, instance-level logs track all activity across every workspace on the server. This global view is a vital tool for IT and system administrators who are responsible for monitoring cross-workspace security and enforcing company-wide data governance policies.

How to investigate accidental deletions and prep for SOC 2 audits

Baserow’s audit logs are designed to make finding specific events fast and intuitive, ensuring you never have to dig through endless raw data to find an answer.

• Advanced Filtering & Sorting: Narrow down your logs by specific user emails, workspaces, event types (like “delete” or “update”), and date ranges. You can also sort columns chronologically or by IP address to quickly isolate suspicious activity.
• Reliable Log Retention: Baserow securely retains all activity log events for 365 days.
• CSV Exports for Archiving: For organizations with long-term retention requirements (often necessary for SOC 2 compliance), you can easily export your filtered audit logs as a CSV file. These files can be stored in external archives or even imported back into a dedicated Baserow table for deeper formula-based analysis.

By providing a transparent, immutable record of database activity, Baserow makes it easier than ever to enforce data governance and keep your workflows secure.

Frequently asked questions about database audit logs

How do I restrict who can view database audit logs and user activity?

Unlike basic spreadsheets where activity histories are often visible to anyone, Baserow strictly controls audit log access. Instance administrators have access to instance-level logs covering all workspaces (self-hosted only). Workspace administrators can access workspace-level logs for their specific workspaces. Regular users (builders, editors, commenters, viewers) cannot view audit logs, ensuring your security data remains private.

Do I need a massive Enterprise plan to track database changes?

No. While many database tools lock comprehensive audit logging behind their highest-tier Enterprise plans, Baserow makes workspace-level audit logs available to administrators on the Cloud Advanced plan. Instance-level logs are reserved for self-hosted Advanced and Enterprise deployments.

How do I investigate suspicious database activity or unauthorized IP addresses?

If you suspect unauthorized access, you can quickly sort your audit log table by the IP Address column to identify anomalies. For deeper investigations, you can export the logs to a CSV and filter the IP column in your preferred spreadsheet tool or a dedicated Baserow analysis table to track down exactly what the unauthorized user changed.

Will tracking every database change slow down my system performance?

No. Audit logging has a minimal performance impact on modern systems. Baserow logs these events asynchronously, meaning capturing user activity will not block or slow down your team’s day-to-day data entry or platform performance.

Can I use an audit log to see who accidentally deleted a row or table?

Yes. You can filter the audit log by “delete” events to see exactly which rows were removed, when, and by whom. If you are self-hosting and have a PostgreSQL database backup, you can use this information to determine which backup to restore to recover the data. Keep in mind that restoring a full backup will revert all database changes made since that backup was created, not just the specific deleted rows.

Learn more about audit logs in Baserow documentation.