Security and Audit Operations

Security in SynckHub is operational discipline, not one-time setup.

Control points to review regularly

  • Tenant memberships and roles
  • Repo memberships (INTERNAL vs GUEST)
  • Repo groups and guest invites
  • Infrastructure sync health

Repository audit workflow

Use /$orgSlug/$repoSlug/admin/audit to inspect content-access events.

Current high-signal actions include:

  • ITEM_CONTENT_GET
  • ITEM_CONTENT_DOWNLOAD

Useful filters:

  • actor_id
  • mount_id
  • action kinds
  • pagination offset/limit

Use this route for evidence-driven review when investigating data access concerns.

Operational sync checks

From /admin/common/infrastructures, watch authz/repo sync age and failure counters.

If sync is stale or failing, authorization and provisioning state may drift from expected governance intent.

Monthly minimum review

  1. Review owner and privileged roles.
  2. Review guest memberships and outstanding guest invites.
  3. Review repo membership sprawl by tenant.
  4. Spot-check audit events for sensitive repos.
Previous
Manage Repos and Moves
Next
Tenant Invites and Roles