Auditing moderator/admin activity associated with user data

Hello!

I’m looking for any and all information about how we might audit moderator & admin activity associated with user data (in particular, email and IP Address). I believe there are at least 2 activities to consider here (but interested to understand if there are others):

1. show email/ip address via User Admin
2. exporting a list of users (which would include these 2 fields).

My question is: is there any auditing/logging for these 2 activities (and other relevant actions)? I’ve found Staff Activities perhaps covers the first one (are there other/better sources?), but having trouble finding audit data on the second.

Thanks in advance!

3. data explorer queries
4. taking a backup and inspecting it offline

But - if you cannot not trust your moderators, you have a way bigger problem than this.

Thanks for the quick reply.

Trust and audit requirements are 2 different things

Any guidance on the queries to run? I’ve found that the the user_exports table is unfortunately empty (I’m guessing rows are purged here after some time?).

This will create an entry on the Staff Actions page. The action will be set to “export entity” and the subject set to what was exported, for example, “user_list” or “user_archive.”

Heres the link to that /admin/logs/staff_action_logs?filters={"action_name"%3A"entity_export"%2C"action_id"%3A66%2C"subject"%3A"user_list"}

There is a possibility that the list of users were never exported meaning that would be empty. Never delved deep into the data explorer so not sure

Given the possibility (at least for an admin) to backup/restore, which allows for inspecting the database and erasing any traces offline, an audit will never give you a complete picture and maybe even a false sense of security.