Account owners and account admins with the right to Create user activity reports can create and manage Activity Reports.
Activity Reports provide insights into your Wrike account. Use Activity Reports to help your team conduct security investigations or increase visibility into what's happening in the account.
You can generate reports to see:
The last time a user or users logged in or failed to log in.
When invitations were sent and accepted.
What changes have been made to user groups.
Activity Reports include all items within the account, not just the items shared with you. This means that it's possible to see events, even for those items you don't have access to in your workspace.
Report parameters dictate what information is included in your report.
If you don’t add users, then the report will be based on the actions of all users who are part of the account. Add a specific user(s) or user groups to the field to limit the scope of the report: if one or more users are added in this field, then only their actions are included in the report. If you add a user group, then the actions of all members of this group and the members of all its subgroups are included in the report.
The date field allows you to specify what timeframe the report should be generated for.
You can select one of the pre-set time frames like Today, This week, Last month, etc., or set a custom time frame.
You can also select a timezone. Each operation (action) on the report is timestamped so that you know when exactly the action took place. Each operation has two timestamps:
The time zone you specified in the time zone drop-down field.
Operations are the actions that you want to report on. Available operations are separated into categories:
Groups: created; deleted; member added; member removed; renamed; parent group added/removed.
User accounts: invitation accepted/sent; user deleted/restored/activated/deactivated; user profile changed; password changed.
User role changes: user promoted to admin; user demoted from admin; admin permission changes; user role changed.
User login: login; logout; login failed (check this to see failed logins and blocked logins which occur if someone makes five unsuccessful login attempts); admin login as another user; one-time password created/used/revoked.
Tasks, Folders and Projects: created (report on new task created); shared; unshared; unshared from author; access role changed; assigned; unassigned; deleted; erased from Recycle bin; locked/unlocked (report on locking time entries); Recycle bin erased; folder or parent task added/removed; task status changed; duplicated.
Misc: comment edited; comment deleted; file uploaded; file downloaded; file deleted; file moved; file copied; request form created; request form modified; request form deleted; workflow created; workflow deleted; workflow modified (includes information about changing the title, creating/deleting statuses, adding/removing automatic assignees, manual status transition limitations, and approvals).
Custom Fields: created; modified; deleted; restored; added to folder; removed from folder.
Approvals: approver added/removed; description changed; due date changed; approval created/finished/canceled; approval decision made.
Security: account settings modified (account name, date format, etc); account deleted; activity report generated; 2FA enabled/disabled; 2FA usage stats downloaded; backup created; granted/revoked access for applications; password policy modified; approved IP ranges or subnets changed; account invitation settings modified; access role created/modified/deleted; SAML SSO enabled/disabled/settings changed; SAML SSO configuration edited; SAML users passwords cleared; one-time password status switched (usage of one-time passwords enabled/disabled); email confirmation code generated/accepted/declined; approved domains changed; admin mail settings changed.
Data Export/External Sharing: RSS or iCal feed created; project/folder exported to Excel; Access audit report exported in csv format; Calendars public links activated/deactivated/created/deleted; Gantt Chart Snapshot created/deleted; account data export requested/generated; users & groups exported; Guest reviewer invited, Guest reviewer's access revoked, Guest reviewer accepted invitation/rejected invitation, Guest reviewer changed; Guest review account settings changed; Analyze report public link created/deleted/accessed; Analyze report widget public link created/deleted/accessed.
Spaces: space created/deleted; space archived/unarchived; user joined public space; user left space.
Objects are what you want to report on. By default, your report includes information on any object (user, group) where the designated operation was carried out. To limit the report to particular items, add the exact item name(s) to the Objects field.
If one or more objects are listed in the Objects field, then only those items are included in the report. If you want to report on a certain file in your account, include the file name and extension (for example, File.docx).
To enter information in this field: just enter the object’s name. For example, you can type a user group’s name in the field. If multiple items have the same name/title, then you will see the data related to all objects which match that name.
By default: any IP address that was used to access Wrike is included in the report. However, you can limit the report to particular IP addresses.
Select Include and add specific IP addresses: the report will be generated based solely on the addresses that you added in the field.
Select Exclude and add specific IP addresses: the report will be generated based on all IP addresses except those that you added in the field.