SquareOS Docs
Real Gym Scenarios

Investigate who changed a sensitive record

Owner asks who changed a payment, subscription, permission, message, or setting.

Question

Owner asks who changed a payment, subscription, permission, message, or setting.

Steps

  • Open Audit Trail and set Date Range, Entity Type, Staff Member, Operation, Source, Rows, and Search audit using the customer, invoice, subscription, setting, request id, or correlation id.
  • Include system events when the change may have come from a worker, provider callback, automation, import, or platform admin action.
  • Open the matching Audit Event and review Changes for before/after values, Context for actor/source/request/correlation/brand/gym, and Payload for masked raw state.
  • Open Related to see connected audit logs, security events, outbox events, or dead letters.
  • If the issue is a failed worker/message/payment/export, switch to Outbox or Dead Letters and capture queue name, event/job name, status, reason, and request/correlation id.
  • Do not reverse or retry until the actor, source, time, affected entity, and downstream side effects are understood.

Correct outcome

The owner receives a defensible explanation backed by audit evidence, and any reversal/retry is aimed at the correct source.

On this page