unTamper
All use cases
Use CaseMarch 15, 2025

Admin Console Audit Integrity

Prove your admin audit history was never altered — cryptographic chain verification for every role change, permission grant, and config override.

The problem with admin logs that can't be verified

Every B2B SaaS product has admin capabilities — dashboards where engineers grant roles, escalate permissions, modify account settings, or access customer data. These actions get logged. But those logs live in the same database as everything else your application manages.

That means anyone with write access to your database can alter them. Your engineers can. Your ORM can. A misconfigured migration can. And you won't know until an auditor asks.

The real risk

It's not that your team will deliberately tamper with audit logs. It's that you can't prove they didn't — to regulators, enterprise customers, or yourselves after an incident.

What unTamper changes

unTamper stores admin events in a cryptographic hash chain. Each event's hash depends on the content of that event and the hash of the event that came before it. Change one event, and every hash after it becomes invalid.

This means:

  • You can verify any export. A customer asking for their admin audit history gets a file where every record's integrity is mathematically provable.
  • Auditors verify without infrastructure access. They recompute the chain on the exported data. No credentials required.
  • You catch accidental corruption. Database migrations gone wrong, replication lag, bug-driven overwrites — all surface as chain breaks.

What to instrument

For admin console integrity, instrument the events that matter to your risk posture:

role.grant         — who granted what role to whom
role.revoke        — who removed access
permission.update  — config changes with diffs
account.impersonate — admin-initiated customer access
billing.override   — manual pricing changes
feature.toggle     — feature flag changes with actor

SDK example

import { UnTamperClient } from 'untamper-sdk'

const client = new UnTamperClient({
  projectId: process.env.UNTAMPER_PROJECT_ID,
  apiKey: process.env.UNTAMPER_API_KEY,
})

// In your admin role-grant handler
await client.logs.ingestLog({
  actor: { id: adminUser.id, type: 'admin', display_name: adminUser.email },
  action: 'role.grant',
  target: { id: targetUser.id, type: 'user' },
  metadata: {
    role: 'billing_admin',
    organizationId: org.id,
    previousRole: targetUser.currentRole,
  },
})

Verification

Any time you need to prove the log chain is intact — before an audit, after an incident, as part of a customer contract review:

import { UnTamperClient } from 'untamper-sdk'

const client = new UnTamperClient({
  projectId: process.env.UNTAMPER_PROJECT_ID,
  apiKey: process.env.UNTAMPER_API_KEY,
})
await client.initialize()

// Fetch logs and verify the full chain
const { logs } = await client.logs.queryLogs({ limit: 10000 })
const result = await client.verification.verifyLogs(logs)

console.log(result.valid)       // true / false
console.log(result.totalLogs)   // total events checked
console.log(result.brokenAt)    // sequence number of first break, if any

The result includes a pass/fail status, total events verified, and the exact sequence number of any chain break.

Key outcome

Your admin audit history becomes an artifact you can hand to any auditor or enterprise customer with mathematical proof it hasn't been altered — without giving them access to your infrastructure.

Who this is for

  • B2B SaaS products with enterprise customers who contractually require tamper-evident audit logs
  • Teams preparing for SOC 2 Type II, ISO 27001, or HIPAA compliance
  • Products in regulated industries where admin audit trails are legally mandated
  • Engineering teams that want to verify their own infrastructure isn't silently corrupting logs