Guide · Audit & compliance
The planned activity audit log for your workspace.
Note: the activity audit log is on the roadmap — not live yet. This guide previews the planned log, which will record invoice transitions, document activity, user / role changes, credential changes, and authentication events for the year-end paperwork most Malaysian businesses run. It categorises every planned action type by entity class.
Every invoice state transition.
- invoice.create / invoice.update / invoice.delete: draft lifecycle.
- invoice.submitted / invoice.processing / invoice.approved / invoice.rejected: LHDN lifecycle.
- invoice.cancellation_request / invoice.cancelled: cancellation flow (with the 72h-window error if outside).
- invoice.bulk_soft_delete / invoice.client_credentials_batch_upload: bulk operations.
CSV processing trail.
- document.csv_upload: a new CSV was uploaded.
- document.csv_processing_started / document.csv_processing_completed: parser run.
- document.csv_processing_failed: parser bailed with per-row errors.
Users, roles, company, customers, products.
- user.create / user.update / user.delete: team members.
- role.create / role.update / role.delete / role.permissions_replace: RBAC changes.
- company.update / company.logo_upload / company.update: workspace settings.
- customer.create / customer.update: counterparty catalog.
- product.create / product.update: product catalog.
Logins, logouts, credential lifecycle.
- auth.login / auth.logout / auth.register / auth.password_change: session events.
- integration.credential_create / integration.credential_revoke: M2M creds.
- Every API-source action carries the credential_id so post-hoc "who did this" forensics work even for machine-issued submissions.
Two patterns most accounting teams run.
The planned audit log is intended to support filtering by actor, source, entity, action, and date range. These examples describe roadmap intent, not a live screen:
- Export every invoice.submitted + invoice.approved for the fiscal year. That's the LHDN compliance trail: UUIDs, Long IDs, timestamps, actors.
- Filter for credential lifecycle events (integration.credential_create + integration.credential_revoke) for the security audit appendix. Each entry stamps who created/revoked, when, why.
Last updated · July 2026
Independent reference. MyInvois is operated by LHDN. We are not affiliated with LHDN.