diff --git a/backend/server.js b/backend/server.js
index 1bf59ff..4a9c357 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -164,7 +164,14 @@ app.get('/api/recent-activity', requireAuth(), async (req, res) => {
         // Hide impersonation events from non-Admin users
         const excludedActions = ['login', 'logout', 'login_failed'];
         if (req.user.group !== 'Admin') {
-            excludedActions.push('impersonate_start', 'impersonate_stop');
+            // Hide admin-only actions from non-Admin users
+            excludedActions.push(
+                'impersonate_start', 'impersonate_stop',
+                'create_user', 'delete_user', 'update_user',
+                'added_user', 'deleted_user', 'group_change',
+                'toggle_active', 'password_reset',
+                'compliance_config_reconcile', 'compliance_upload_rollback'
+            );
         }
         const { rows } = await pool.query(
             `SELECT username, action, entity_type, entity_id, details, created_at