When something goes wrong with access control, the first question is always 'what happened?' Canopy records every security-sensitive action automatically, who did it, what changed, and when. No instrumentation required.
Hierarchical access control introduces complexity that flat systems don't have. Permissions inherit across nodes. Roles are assigned at different levels. Access changes ripple through the tree. When something changes, the impact isn't always obvious. Audit logs make that complexity traceable, every change, every actor, every affected resource.
When a user reports they can't access something, audit logs show exactly what changed and when. Trace the chain: who removed the role, when was the node moved, which API key made the call. No guessing, no reproducing, just look at the log.
See the full history of access control changes across your account. Who created that role? When were permissions last modified? Which admin deactivated that identity? Audit logs provide the complete timeline.
Audit logs are essential for compliance reporting. Every entry includes timestamps, actor identification, and resource details. Whether you need SOC 2 evidence, internal security reviews, or incident response records, the data is already there.
You don't configure what gets logged. Canopy records every security-sensitive operation by default, comprehensive and automatic. No opt-in toggles, no manual instrumentation. If it affects access control, it's in the log.
Everything that impacts access control is recorded in one place: role assignments and permission changes, identity lifecycle events, hierarchy updates, API key and integration changes, and invitation workflows.