How to Audit Permissions History & Restore Access

Definition

Mistakes happen. An administrator might accidentally revoke the wrong user, or a temporary project might end, only to be reactivated a week later. The Permissions Control Center maintains a full forensic audit trail of every change, allowing you to view past access and restore it with a single click.

Accessing the Audit Log

To view the history of a specific permission:

1. Navigate to the permission you wish to inspect (e.g., "HR Portal > Manage Staff").
2. Click the Inactive / History tab at the top of the list.

This view displays a chronological list of all expired, revoked, or modified authorizations. Unlike the "Active" tab which shows one row per user, this tab may show multiple rows for the same user, representing different periods of access in the past.

Understanding the Log Data

Each entry in the history log provides specific details about why the access ended:

• Date Inserted: When the access was originally granted.
• Last Edit: The exact date and time the access was revoked or expired.
• Source: Whether the access was Manual or System/Auto. Note: You might see "Auto-Revoked" entries with a red badge. These indicate that the system automatically removed access because the user no longer met the required criteria (e.g., they changed departments).
• Editor: The admin who performed the revocation. If the system removed it, this will show as "System" or "Auto-Revoked".

Restoring Access (The "Undo" Button)

If you need to give a user their access back, you do not need to fill out the "New Auth" form from scratch.

1. Locate the user in the Inactive list.
2. Click the Restore button (green undo icon) on the right side of the row.

The Restore Modal

The system will open a confirmation window pre-filled with the user's previous settings:

• User & Scope: The user and their department/scope are locked to ensure you are restoring the correct record.
• Value: The exact permissions they held previously (e.g., specific report categories) are automatically selected.
• Validity:
  • Valid From: Defaults to "Today" to restore access immediately.
  • Valid Until: Defaults to empty (Unlimited). You can set a new expiration date if this is a temporary restoration.

Versioning (Why "Edit" creates History)

When you Edit an active user (e.g., changing them from "Read Only" to "Full Access"), the system treats this as a revocation of the old right and the creation of a new one.

Therefore, if you look at the History tab after an edit, you will see the old "Read Only" version listed there. This "Versioning" feature allows you to see exactly when a user's access level changed over time.