Audit logs
Every action taken in NodePad is written to the audit log. This includes user authentication events, canvas operations, model interactions, administrative changes, and access control modifications.What gets logged
Authentication and session events
Authentication and session events
- User sign-in and sign-out events
- SSO authentication attempts (successful and failed)
- Session creation and expiration
- Password or credential changes (if applicable)
Canvas and node operations
Canvas and node operations
- Canvas creation, deletion, and sharing
- Node creation, editing, and deletion
- Fork and merge actions, including which nodes were involved
- Sticky note creation and modification
Model and prompt activity
Model and prompt activity
- Model selections per message
- Prompt submissions (metadata — timing, model, user — not necessarily content, depending on your configuration)
Administrative actions
Administrative actions
- Role assignments and changes
- User provisioning and deprovisioning events
- SSO and SCIM configuration changes
- Audit log export events
Exporting audit logs
Audit logs are exportable for use in compliance reviews, security investigations, or ingestion into your SIEM or log management infrastructure.The audit log is immutable from within the NodePad application. Users and administrators cannot delete or modify log entries through NodePad’s interface.
Role-based access control
RBAC in NodePad lets you define exactly what each user or group can do. Roles are assigned to users directly or inherited through your identity provider’s group mappings when SCIM is configured.Built-in roles
Viewer
Can read canvases and nodes they have been granted access to. Cannot create, edit, fork, merge, or administer.
Editor
Can create and edit nodes, fork threads, and merge results within canvases they have access to. Cannot administer.
Collaborator
Full read and write access within their assigned canvases, including forking and merging. Can share canvases with other members of the organization.
Administrator
Full access to all canvases and nodes in the deployment. Manages roles, configures SSO and SCIM, and accesses audit logs.
What RBAC controls
Roles govern access to the following operations in NodePad:| Operation | Viewer | Editor | Collaborator | Administrator |
|---|---|---|---|---|
| Read canvases | Yes | Yes | Yes | Yes |
| Create and edit nodes | No | Yes | Yes | Yes |
| Fork threads | No | Yes | Yes | Yes |
| Merge threads | No | Yes | Yes | Yes |
| Share canvases | No | No | Yes | Yes |
| Manage roles | No | No | No | Yes |
| Access audit logs | No | No | No | Yes |
| Configure SSO / SCIM | No | No | No | Yes |
Role definitions above represent the default configuration. The Enterprise team can work with you to adjust permissions to match your organization’s access control policies.
Compliance-ready by design
NodePad Enterprise is built so that compliance reviews don’t require you to build custom tooling or ask NodePad to produce records on your behalf. Because your deployment runs on your infrastructure, your security and compliance teams have direct access to:- The audit log data store
- Log export pipelines to your SIEM or compliance system
- Role configuration and change history
- Identity provider integration records
Get started
Audit log configuration and RBAC setup are handled as part of your Enterprise onboarding. Contact the team to discuss your compliance requirements and access control policies.Contact the Enterprise team
Tell the team about your compliance framework and access control requirements, and they’ll configure NodePad to match.