User Activity reporting

With the rise of compliance and security requirements, it is no longer enough to be secure, you have to prove it. As part of this requirement, you need to be able to prove who is doing what with the data in your business and when it was done.

Workshare has introduced a User Activity reporting solution, so you can get full disclosure of everything that happens to the files you are and the data in them.

What does it do?

The Workshare User Activity reporting feature allows compliance administrators to get information on all the actions that occur on their sharing platform, giving both a full view of the data and the ability to zoom into it and fully understand the details.

The design of this reporting solution ensures that once an entry is in it can't be modified, which guarantees that queries covering the same time period are 100% replicable at all times. This is required by existing regulations and industry standards, including ISO-27001 and the GDPR.

By using the User Activity reports, clients are able to trace the full set of changes to files and folders through time, not just a snapshot of how the data looks at any given point in time, but also how it got to that state.

How does it work?

The User Activity reporting solution consists of two components, a continuously running process that creates entries in a dedicated log for every event and a frontend that allows compliance personnel to generate reports about the activity.

The back end

Every action from users generates an event that gets added to the backend in real-time. These events are encoded as small messages with the data about what happened in the system. For example, if a user downloads a file, the event will contain at least the following information:

  • The unique user ID that serves as the master key to identify the user at all times and helps mapping permissions and authorization.
  • The unique ID that identifies the file. In this particular case, the ID identifies the parent version of the file, which can be mapped to all of the versions.
  • The action that the user performed. This is from a pre-set list of actions that exist in the system.

In the background, there is a task that runs continuously and gets the data from the event log and creates a new entry on a separate log database.

The architecture is fully asynchronous, allowing the Workshare platform to handle load well beyond the currently required capacity without impacting its performance for any user under any load and will enable us to further scale if required.

The front end

Once the data is in the log database, users can then query it and generate reports. 


Access to the reports is restricted to compliance administrators, standard users will not be able to obtain the reports.

The reports are historically accurate; if the changes refer to a file that later changed its name, it will be reported with the original name. The renaming will be another event and will change the name going forward.

Audit reporting within the User Activity feature is write-only - once created it is not possible to modify the data. This guarantees that tampering is not possible and that reports can be re-produced. Should you lose your copy of any given report, just run it again and it is guaranteed to match any previous reports.


The format of the report is designed so it can easily be imported to any other system and then integrated with existing auditing and compliance tools.

Audit Log


I like it! How do I get access to this feature?

The feature comes as part of Workshare's Sharing and Integration Editions. Just start using it, new entries will be generated and you will be able to create reports - but give us a call if there are any issues.