WS-3 · D-15 / D-16
Audit Log, RBAC & MFA
Tamper-evident activity ledger, role-based access control and multi-factor enrollment.
Activity ledger
| Timestamp | Actor | Role | Action | Target | IP | Result |
|---|---|---|---|---|---|---|
| 2026-06-05 14:48 | marta.k@festicket.io | Owner | festival.publish | Tomorrowland 2026 | 82.45.110.4 | success |
| 2026-06-05 14:31 | leo.k@festicket.io | Finance | payout.approve | PO-2026-0184 · €184,200 | 82.45.110.9 | success |
| 2026-06-05 14:18 | system | — | auth.mfa.enforce | all admin users | — | policy-update |
| 2026-06-05 13:55 | amy.t@festicket.io | Support | booking.refund | BK-9081 · €240 | 82.45.110.21 | success |
| 2026-06-05 13:40 | sven.o@festicket.io | Marketing | campaign.send | Summer Newsletter (412k) | 82.45.110.14 | success |
| 2026-06-05 13:22 | rosa.l@festicket.io | Ops | ticket.tier.create | Glastonbury · Day Pass | 82.45.110.55 | success |
| 2026-06-05 12:51 | unknown | — | auth.login | marta.k@festicket.io | 203.0.113.11 | blocked-mfa |
MFA enrollment
Authenticator app (TOTP)38/43 · 88%
Hardware key (FIDO2)12/43 · 28%
SMS (fallback only)41/43 · 95%
API keys & webhooks
- sk_live_…a91frotated 14d ago
- whsec_…7e22Stripe webhook
- whsec_…b401Brevo webhook
Roles & permissions
Owner
2 members*
Finance
3 memberspayouts.*reports.readbookings.refund
Ops
11 membersfestivals.*tickets.*checkin.*
Marketing
5 membersmarketing.*customers.read
Support
8 membersbookings.*customers.*tickets.read
Read-only
14 members*.read