Skip to content
Guide · Audit & compliance

The planned activity audit log for your workspace.

Note: the activity audit log is on the roadmap — not live yet. This guide previews the planned log, which will record invoice transitions, document activity, user / role changes, credential changes, and authentication events for the year-end paperwork most Malaysian businesses run. It categorises every planned action type by entity class.

Invoice events (12 actions)

Every invoice state transition.

  • invoice.create / invoice.update / invoice.delete: draft lifecycle.
  • invoice.submitted / invoice.processing / invoice.approved / invoice.rejected: LHDN lifecycle.
  • invoice.cancellation_request / invoice.cancelled: cancellation flow (with the 72h-window error if outside).
  • invoice.bulk_soft_delete / invoice.client_credentials_batch_upload: bulk operations.
Document events (4 actions)

CSV processing trail.

  • document.csv_upload: a new CSV was uploaded.
  • document.csv_processing_started / document.csv_processing_completed: parser run.
  • document.csv_processing_failed: parser bailed with per-row errors.
Workspace events (10 actions)

Users, roles, company, customers, products.

  • user.create / user.update / user.delete: team members.
  • role.create / role.update / role.delete / role.permissions_replace: RBAC changes.
  • company.update / company.logo_upload / company.update: workspace settings.
  • customer.create / customer.update: counterparty catalog.
  • product.create / product.update: product catalog.
Auth + integration events (14 actions)

Logins, logouts, credential lifecycle.

  • auth.login / auth.logout / auth.register / auth.password_change: session events.
  • integration.credential_create / integration.credential_revoke: M2M creds.
  • Every API-source action carries the credential_id so post-hoc "who did this" forensics work even for machine-issued submissions.
How to use it at year-end

Two patterns most accounting teams run.

The planned audit log is intended to support filtering by actor, source, entity, action, and date range. These examples describe roadmap intent, not a live screen:

  • Export every invoice.submitted + invoice.approved for the fiscal year. That's the LHDN compliance trail: UUIDs, Long IDs, timestamps, actors.
  • Filter for credential lifecycle events (integration.credential_create + integration.credential_revoke) for the security audit appendix. Each entry stamps who created/revoked, when, why.

Last updated · July 2026

Independent reference. MyInvois is operated by LHDN. We are not affiliated with LHDN.