
# User & Audit Fields

Four field types reference users from the authentication system. Three are auto-populated audit fields tracking who created, updated, or deleted a record; one is an editable user reference. All require `auth` to be configured and share the [base field properties](/en/docs/tables-overview#base-field-properties).

| Type         | Behavior                                                            |
| ------------ | ------------------------------------------------------------------- |
| `user`       | Editable reference to a user. Single or multiple selection.         |
| `created-by` | Auto-set to the user who created the record. Read-only.             |
| `updated-by` | Auto-set to the user who last modified the record. Read-only.       |
| `deleted-by` | Auto-set to the user who soft-deleted the record. NULL when active. |

## `user`

An editable reference to one or more users (e.g. an assignee).

| Property        | Description                                            |
| --------------- | ------------------------------------------------------ |
| `allowMultiple` | Boolean. When `true`, allows selecting multiple users. |

```yaml
- { id: 1, name: assigned_to, type: user, required: true, allowMultiple: false }
```

## System Audit Fields

`created-by`, `updated-by`, and `deleted-by` are **system-managed** — their values are set automatically and cannot be edited manually. They store a user-id reference and take no type-specific properties beyond the base field properties (commonly `indexed: true`).

| Type         | Behavior                                                                                                        |
| ------------ | --------------------------------------------------------------------------------------------------------------- |
| `created-by` | Captures the user who created the record. Read-only.                                                            |
| `updated-by` | Captures the user who last modified the record. Read-only.                                                      |
| `deleted-by` | Captures the user who soft-deleted the record. `NULL` when the record is active or deleted by a system process. |

```yaml
fields:
  - { id: 2, name: created_by, type: created-by, indexed: true }
  - { id: 3, name: updated_by, type: updated-by, indexed: true }
  - { id: 4, name: deleted_by, type: deleted-by, indexed: true }
```

:::callout
**Auth required.** All user & audit fields resolve user-id references against the authentication system, so `auth` must be configured. Pair `deleted-by` with the [`deleted-at`](/en/docs/datetime-fields) timestamp for a complete soft-delete audit trail (who deleted, and when).
:::
