訪問審計日誌

請注意

Databricks提供對Databricks用戶執行的活動的審計日誌的訪問，允許您的企業監視詳細的Databricks使用模式。

日誌有兩種類型:

帶有工作區級事件的工作區級審計日誌。
包含帳戶級事件的帳戶級審計日誌。

有關每種類型的事件和相關服務的列表，請參見審計事件。

作為Databricks帳戶所有者或帳戶管理員，您可以配置以JSON文件格式交付審計日誌到穀歌雲存儲(GCS)存儲桶中，您可以在該存儲桶中使用該數據使用情況分析。Databricks為您帳戶中的每個工作空間提供一個單獨的JSON文件，並為帳戶級事件提供一個單獨的文件。

要配置審計日誌交付，您必須設置一個GCS桶，給Databricks對桶的訪問權，然後使用賬戶控製台定義日誌發送配置它告訴Databricks將日誌發送到哪裏。

創建後不能編輯日誌傳遞配置，但可以使用帳戶控製台臨時或永久禁用日誌傳遞配置。您最多可以有兩個當前啟用的審計日誌交付配置。

配置日誌下發請參見配置審計日誌交付。

配置詳細審計日誌

除了默認值之外事件，您可以通過啟用來配置工作空間以生成其他事件詳細審計日誌。

其他筆記本操作

審計日誌類別中的其他操作筆記本：

動作名稱runCommand，在Databricks在筆記本中運行命令後發出。一個命令對應於筆記本中的一個單元格。

請求參數:

notebookId:筆記本ID
- executionTime:命令執行的時間，單位為秒。這是一個十進製值，例如13.789。
- 狀態:命令的狀態。可能的值有完成了(命令結束)，跳過(該命令被跳過)，取消了(命令被取消)，或者失敗的(命令失敗)。
- commandId:該命令的唯一ID。
- commandText:命令的文本。對於多行命令，行之間用換行符分隔。

其他Databricks SQL操作

審計日誌類別中的其他操作databrickssql：

動作名稱commandSubmit，在將命令提交給Databricks SQL時運行。
請求參數:
- commandText:用戶指定的SQL語句或命令。
- warehouseId: SQL倉庫的ID。
- commandId:命令ID。
動作名稱commandFinish，它在命令完成或命令被取消時運行。
請求參數:
- warehouseId: SQL倉庫的ID。
- commandId:命令ID。
檢查響應字段，以獲取與命令結果相關的其他信息:
- statusCode—HTTP響應碼。如果是一般錯誤，則為錯誤400。
- errorMessage-錯誤信息。
  
  請注意
  
  在某些情況下，對於某些長時間運行的命令errorMessage字段可能不會在失敗時填充。
- 結果：這個字段是空的。

啟用或禁用詳細審計日誌

作為管理員，進入Databricks“管理設置”頁麵。
點擊工作空間設置。
旁邊詳細審計日誌，啟用或禁用該特性。

啟用或禁用詳細日誌記錄時，將在類別中發出一個可審計事件工作空間用行動workspaceConfKeys。的workspaceConfKeys請求參數為enableVerboseAuditLogs。請求參數workspaceConfValues是真正的(功能啟用)或假(功能禁用)。

延遲

在日誌交付配置後的一小時內，審計交付開始，您可以訪問JSON文件。
審計日誌交付開始後，可審計事件通常在一小時內被記錄下來。新的JSON文件可能會覆蓋每個工作區的現有文件。重寫確保了隻執行一次的語義，而不需要對您的帳戶進行讀取或刪除訪問。
啟用或禁用日誌交付配置可能需要長達一個小時才能生效。

位置

交貨地點為:

             gs：//<桶-名字>/<交付-路徑-前綴>/workspaceId= <workspaceId>/日期= <yyyy-毫米-dd>/auditlogs_<內部-id>。json
            

如果省略可選交付路徑前綴，則交付路徑不包含< delivery-path-prefix > /。

與任何單個工作空間不關聯的帳戶級審計事件被交付給workspaceId = 0分區。

有關使用Databricks訪問和分析這些文件的詳細信息，請參見分析審計日誌。

模式

Databricks以JSON格式提供審計日誌。審計日誌記錄的模式如下。

版本:審計日誌格式的模式版本。
時間戳:操作的UTC時間戳。
workspaceId:與此事件相關的工作空間的ID。對於不應用於任何工作區的帳戶級事件，此字段設置為“0”。
sourceIPAddress:源請求的IP地址。
userAgent:用於發出請求的瀏覽器或API客戶端。
sessionId:動作的會話ID。
userIdentity:請求用戶的信息。
- 電子郵件:用戶郵箱地址。
名:記錄請求的服務。
actionName:操作，如登錄、注銷、讀、寫等。
requestId:唯一的請求ID。
requestParams:審計事件中使用的參數鍵值對。
響應:響應請求。
- errorMessage:出錯時的錯誤信息。
- 結果:請求的結果。
- statusCode:表示請求成功或失敗的HTTP狀態碼。
auditLevel:指定這是否是工作空間級事件(WORKSPACE_LEVEL)或帳戶級事件(ACCOUNT_LEVEL）.
accountId: Databricks帳戶的ID。

審計事件

的名和actionName屬性標識審計日誌記錄中的審計事件。命名約定遵循DatabricksREST API。

工作空間級審計日誌可用於以下服務:

賬戶
集群
clusterPolicies
dbfs
精靈
gitCredentials
globalInitScripts
組
iamRole
instancePools
工作
mlflowExperiment
筆記本
回購
秘密
sqlAnalytics
sqlPermissions，其中包含啟用表訪問控製列表時表訪問的所有審計日誌。
ssh
webTerminal
工作空間

帳戶級審計日誌可用於以下服務:

accountBillableUsage:訪問該帳戶的可計費使用。
logDelivery:日誌下發配置。
accountsManager:在帳戶控製台中執行的操作。
unityCatalog:在Unity Catalog和Delta Sharing中執行的操作。

請注意

如果操作需要很長時間，則請求和響應將分別記錄，但請求和響應對具有相同的記錄requestId。
除掛載相關操作外，Databricks審計日誌中不包含與dbfs相關的操作。
自動操作(如由於自動伸縮而調整集群大小或由於調度而啟動作業)由用戶執行係統用戶。

請求參數

字段中的請求參數requestParams對於每個支持的服務和操作，將按工作區級事件和帳戶級事件分組，並在以下部分中列出。

重要的

的requestParams字段將被截斷。如果其JSON表示的大小超過100 KB，則值將被截斷，字符串將被刪除…截斷被追加到截斷的條目。在極少數情況下，截斷後的映射仍然大於100 KB截斷鍵的值為空。

工作空間級審計日誌事件

此表列出了在工作空間級別發生的事件。

服務	行動	請求參數
賬戶	添加	[" targetUserName "， " endpoint "， " targetUserId "]
	addPrincipalToGroup	[" targetGroupId "， " endpoint "， " targetUserId "， " targetGroupName "， " targetUserName "]
	changePassword	[" newPasswordSource "， " targetUserId "， " serviceSource "， " wasPasswordChanged "， " userId "]
	createGroup	[" endpoint "， " targetGroupId "， " targetGroupName "]
	createIpAccessList	[" ipAccessListId”、“標識”)
	刪除	[" targetUserId "， " targetUserName "， " endpoint "]
	deleteIpAccessList	[" ipAccessListId”、“標識”)
	garbageCollectDbToken	[" tokenExpirationTime”、“標識”)
	generateDbToken	(“標識”、“tokenExpirationTime”)
	IpAccessDenied	(“路徑”,“標識”)
	ipAccessListQuotaExceeded	["標識"]
	jwtLogin	(“用戶”)
	登錄	(“用戶”)
	注銷	(“用戶”)
	removeAdmin	[" targetUserName "， " endpoint "， " targetUserId "]
	removeGroup	[" targetGroupId "， " targetGroupName "， " endpoint "]
	resetPassword	[" serviceSource "， " userId "， " endpoint "， " targetUserId "， " targetUserName "， " wasPasswordChanged "， " newPasswordSource "]
	revokeDbToken	["標識"]
	samlLogin	(“用戶”)
	setAdmin	[" endpoint "， " targetUserName "， " targetUserId "]
	tokenLogin	[" tokenId”、“用戶”)
	updateIpAccessList	[" ipAccessListId”、“標識”)
	validateEmail	[" endpoint "， " targetUserName "， " targetUserId "]
集群	changeClusterAcl	[" shardName "， " aclPermissionSet "， " targetUserId "， " resourceId "]
	創建	[" cluster_log_conf "， " num_workers "， " enable_elastic_disk "， " driver_node_type_id "， " start_cluster "， " docker_image "， " ssh_public_keys "， " aws_attributes "， " acl_path_prefix "， " node_type_id "， " instance_pool_id "， " spark_env_vars "， " init_scripts "， " spark_version "， " cluster_source "， " autotermination_minutes "， " cluster_name "， " autoscale "， " custom_tags "， " cluster_creator "， " enable_local_disk_encryption "， " idempotency_token "， " spark_conf "， " organization_id "， " no_driver_daemon "， " user_id "]
	createResult	[" clusterName "， " clusterState "， " clusterId "， " clusterWorkers "， " clusterOwnerUserId "]
	刪除	[" cluster_id "]
	deleteResult	[" clusterWorkers "， " clusterState "， " clusterId "， " clusterOwnerUserId "， " clusterName "]
	編輯	[" spark_env_vars "， " no_driver_daemon "， " enable_elastic_disk "， " aws_attributes "， " driver_node_type_id "， " custom_tags "， " cluster_name "， " spark_conf "， " ssh_public_keys "， " autotermination_minutes "， " cluster_source "， " docker_image "， " enable_local_disk_encryption "， " cluster_id "， " spark_version "， " autoscale "， " cluster_log_conf "， " instance_pool_id "， " num_workers "， " init_scripts "， " node_type_id "]
	permanentDelete	[" cluster_id "]
	調整	[" cluster_id "， " num_workers "， " autoscale "]
	resizeResult	[" clusterWorkers "， " clusterState "， " clusterId "， " clusterOwnerUserId "， " clusterName "]
	重新啟動	[" cluster_id "]
	restartResult	[" clusterId "， " clusterState "， " clusterName "， " clusterOwnerUserId "， " clusterWorkers "]
	開始	[" init_scripts_safe_mode”、“cluster_id”)
	startResult	[" clusterName "， " clusterState "， " clusterWorkers "， " clusterOwnerUserId "， " clusterId "]
clusterPolicies	創建	["名稱")
	編輯	[" policy_id”、“名稱”)
	刪除	[" policy_id "]
	changeClusterPolicyAcl	[" shardName "， " targetUserId "， " resourceId "， " aclPermissionSet "]
dbfs (REST API)	addBlock	(“處理”、“data_length”)
	創建	[" path "， " bufferSize "， " overwrite "]
	刪除	(“遞歸”、“路徑”)
	mkdir	(“路徑”)
	移動	[" dst "， " source_path "， " src "， " destination_path "]
	把	(“路徑”,“覆蓋”)
dbfs(操作)	山	(“掛載點”、“所有者”)
	卸載	(“掛載點”)
databrickssql	addDashboardWidget	[" dashboardId”、“widgetId”)
	cancelQueryExecution	[" queryExecutionId "]
	changeWarehouseAcls	[" aclPermissionSet "， " resourceId "， " shardName "， " targetUserId "]
	changePermissions	[" granteeAndPermission "， " objectId "， " objectType "]
	cloneDashboard	[" dashboardId "]
	commandSubmit(隻詳細審計日誌）	[" orgId "， " sourceIpAddress "， " timestamp "， " userAgent "， " userIdentity "， " shardName "，參見。細節）]
	命令完成(僅用於詳細審計日誌）	[" orgId "， " sourceIpAddress "， " timestamp "， " userAgent "， " userIdentity "， " shardName "，參見。細節）]
	createNotificationDestination	[" notificationDestinationId”、“notificationDestinationType”)
	createDashboard	[" dashboardId "]
	createDataPreviewDashboard	[" dashboardId "]
	createWarehouse	[" auto_resume "， " auto_stop_mins "， " channel "， " cluster_size "， " conf_pairs "， " custom_cluster_confs "， " enable_databricks_compute "， " enable_photon "， " enable_serverless_compute "， " instance_profile_arn "， " max_num_clusters "， " min_num_clusters "， " name "， " size "， " spot_instance_policy "， " tags "， " test_overrides "]
	createQuery	[" queryId "]
	createQueryDraft	[" queryId "]
	createQuerySnippet	[" querySnippetId "]
	createRefreshSchedule	[" alertId "， " dashboardId "， " refreshScheduleId "]
	createSampleDashboard	[" sampleDashboardId "]
	createSubscription	[" dashboardId "， " refreshScheduleId "， " subscriptionId "]
	createVisualization	[" queryId”、“visualizationId”)
	deleteAlert	[" alertId "]
	deleteNotificationDestination	[" notificationDestinationId "]
	deleteDashboard	[" dashboardId "]
	deleteDashboardWidget	[" widgetId "]
	deleteWarehouse	[" id "]
	deleteExternalDatasource	[" dataSourceId "]
	deleteQuery	[" queryId "]
	deleteQueryDraft	[" queryId "]
	deleteQuerySnippet	[" querySnippetId "]
	deleteRefreshSchedule	[" alertId "， " dashboardId "， " refreshScheduleId "]
	deleteSubscription	[" subscriptionId "]
	deleteVisualization	[" visualizationId "]
	downloadQueryResult	[" fileType "， " queryId "， " queryResultId "]
	editWarehouse	[" auto_stop_mins "， " channel "， " cluster_size "， " confs "， " enable_photon "， " enable_serverless_compute "， " id "， " instance_profile_arn "， " max_num_clusters "， " min_num_clusters "， " name "， " spot_instance_policy "， " tags "]
	executeAdhocQuery	[" dataSourceId "]
	executeSavedQuery	[" queryId "]
	executeWidgetQuery	[" widgetId "]
	favoriteDashboard	[" dashboardId "]
	favoriteQuery	[" queryId "]
	forkQuery	[" originalQueryId”、“queryId”)
	listQueries	[" filter_by "， " include_metrics "， " max_results "， " page_token "]
	moveDashboardToTrash	[" dashboardId "]
	moveQueryToTrash	[" queryId "]
	muteAlert	[" alertId "]
	publishBatch	["狀態")
	publishDashboardSnapshot	[" dashboardId "， " hookId "， " subscriptionId "]
	restoreDashboard	[" dashboardId "]
	restoreQuery	[" queryId "]
	setWarehouseConfig	[" data_access_config "， " enable_serverless_compute "， " instance_profile_arn "， " security_policy "， " serverless_agreement "， " sql_configuration_parameters "， " try_create_databricks_managed_starter_warehouse "]
	snapshotDashboard	[" dashboardId "]
	startWarehouse	[" id "]
	stopWarehouse	[" id "]
	subscribeAlert	[" alertId”、“destinationId”)
	transferObjectOwnership	[" newOwner "， " objectId "， " objectType "]
	unfavoriteDashboard	[" dashboardId "]
	unfavoriteQuery	[" queryId "]
	unmuteAlert	[" alertId "]
	unsubscribeAlert	[" alertId”、“subscriberId”)
	updateAlert	[" alertId”、“queryId”)
	updateNotificationDestination	[" notificationDestinationId "]
	updateDashboard	[" dashboardId "]
	updateDashboardWidget	[" widgetId "]
	updateOrganizationSetting	[" has_configured_data_access "， " has_explored_sql_庫房"，" has_granted_permissions "]
	updateQuery	[" queryId "]
	updateQueryDraft	[" queryId "]
	updateQuerySnippet	[" querySnippetId "]
	updateRefreshSchedule	[" alertId "， " dashboardId "， " refreshScheduleId "]
	updateVisualization	[" visualizationId "]
精靈	databricksAccess	[" duration "， " approver "， " reason "， " authType "， " user "]
gitCredentials	getGitCredential	[" id "]
	listGitCredentials	［］
	deleteGitCredential	[" id "]
	updateGitCredential	[" id "， " git_provider "， " git_username "]
	createGitCredential	[" git_provider”、“git_username”)
globalInitScripts	創建	[" name "， " position "， " script-SHA256 "， " enabled "]
	更新	[" script_id "， " name "， " position "， " script-SHA256 "， " enabled "]
	刪除	[" script_id "]
組	addPrincipalToGroup	[" user_name”、“parent_name”)
	createGroup	[" group_name "]
	getGroupMembers	[" group_name "]
	removeGroup	[" group_name "]
iamRole	changeIamRoleAcl	[" targetUserId "， " shardName "， " resourceId "， " aclPermissionSet "]
instancePools	changeInstancePoolAcl	[" shardName "， " resourceId "， " targetUserId "， " aclPermissionSet "]
	創建	[" enable_elastic_disk "， " preloaded_spark_versions "， " idle_instance_autotermination_minutes "， " instance_pool_name "， " node_type_id "， " custom_tags "， " max_capacity "， " min_idle_instances "， " aws_attributes "]
	刪除	[" instance_pool_id "]
	編輯	[" instance_pool_name "， " idle_instance_autotermination_minutes "， " min_idle_instances "， " preloaded_spark_versions "， " max_capacity "， " enable_elastic_disk "， " node_type_id "， " instance_pool_id "， " aws_attributes "]
工作	取消	[" run_id "]
	cancelAllRuns	[" job_id "]
	changeJobAcl	[" shardName "， " aclPermissionSet "， " resourceId "， " targetUserId "]
	創建	[" spark_jar_task "， " email_notifications "， " notebook_task "， " spark_submit_task "， " timeout_seconds "， " libraries "， " name "， " spark_python_task "， " job_type "， " new_cluster "， " existing_cluster_id "， " max_retries "， " schedule "]
	刪除	[" job_id "]
	deleteRun	[" run_id "]
	重置	[" job_id”、“new_settings”)
	resetJobAcl	(“撥款”、“job_id”)
	runFailed	[" jobClusterType "， " jobTriggerType "， " jobId "， " jobTaskType "， " runId "， " jobTerminalState "， " idInJob "， " orgId "]
	runNow	[" notebook_params "， " job_id "， " jar_params "， " workflow_context "]
	runSucceeded	[" idInJob "， " jobId "， " jobTriggerType "， " orgId "， " runId "， " jobClusterType "， " jobTaskType "， " jobTerminalState "]
	submitRun	[" shell_command_task "， " run_name "， " spark_python_task "， " existing_cluster_id "， " notebook_task "， " timeout_seconds "， " libraries "， " new_cluster "， " spark_jar_task "]
	更新	[" fields_to_remove "， " job_id "， " new_settings "]
mlflowExperiment	deleteMlflowExperiment	[" experimentId "， " path "， " experimentName "]
	moveMlflowExperiment	[" newPath "， " experimentId "， " oldPath "]
	restoreMlflowExperiment	[" experimentId "， " path "， " experimentName "]
mlflowModelRegistry	listModelArtifacts	[" name "， " version "， " path "， " page_token "]
	getModelVersionSignedDownloadUri	[“名稱”，“版本”，“路徑”]
	createRegisteredModel	(“名字”、“標簽”)
	deleteRegisteredModel	["名稱")
	renameRegisteredModel	(“名字”,“new_name”)
	setRegisteredModelTag	[" name "， " key "， " value "]
	deleteRegisteredModelTag	(“名字”,“關鍵”)
	createModelVersion	[" name "， " source "， " run_id "， " tags "， " run_link "]
	deleteModelVersion	(“名字”、“版本”)
	getModelVersionDownloadUri	(“名字”、“版本”)
	setModelVersionTag	[“名稱”，“版本”，“鍵”，“值”]
	deleteModelVersionTag	[“名稱”、“版本”、“密鑰”]
	createTransitionRequest	[“名稱”，“版本”，“舞台”]
	deleteTransitionRequest	[“名稱”，“版本”，“舞台”，“創作者”]
	approveTransitionRequest	[" name "， " version "， " stage "， " archive_existing_versions "]
	rejectTransitionRequest	[“名稱”，“版本”，“舞台”]
	transitionModelVersionStage	[" name "， " version "， " stage "， " archive_existing_versions "]
	transitionModelVersionStageDatabricks	[" name "， " version "， " stage "， " archive_existing_versions "]
	createComment	(“名字”、“版本”)
	updateComment	[" id "]
	deleteComment	[" id "]
筆記本	attachNotebook	[" path "， " clusterId "， " notebookId "]
	createNotebook	[" notebookId”、“路徑”)
	deleteFolder	(“路徑”)
	deleteNotebook	[" notebookkid "， " notebookName "， " path "]
	detachNotebook	[" notebookId "， " clusterId "， " path "]
	downloadLargeResults	[" notebookId”、“notebookFullPath”)
	downloadPreviewResults	[" notebookId”、“notebookFullPath”)
	importNotebook	(“路徑”)
	moveNotebook	[" newPath "， " oldPath "， " notebookkid "]
	renameNotebook	[" newName "， " oldName "， " parentPath "， " notebookkid "]
	restoreFolder	(“路徑”)
	restoreNotebook	[" path "， " notebookkid "， " notebookName "]
	runCommand(僅用於詳細審計日誌）	[" notebookId "， " executionTime "， " status "， " commandId "， " commandText "(參見細節）]
	takeNotebookSnapshot	(“路徑”)
回購	createRepo	[" url "， " provider "， " path "]
	updateRepo	[" id ",“分支”,“標簽”,“git_url”,“git_provider”)
	getRepo	[" id "]
	listRepos	[" path_prefix”、“next_page_token”)
	deleteRepo	[" id "]
	拉	[" id "]
	commitAndPush	[" id "， " message "， " files "， " checkSensitiveToken "]
	checkoutBranch	[" id ",“分支”]
	丟棄	[" id ",“file_paths”]
秘密	createScope	["範圍"]
	deleteScope	["範圍"]
	deleteSecret	(“關鍵”、“範圍”)
	getSecret	(“範圍”、“關鍵”)
	listAcls	["範圍"]
	listSecrets	["範圍"]
	putSecret	[" string_value "， " scope "， " key "]
sqlanalytics	createEndpoint
	startEndpoint
	stopEndpoint
	deleteEndpoint
	editEndpoint
	changeEndpointAcls
	setEndpointConfig
	createQuery	[" queryId "]
	updateQuery	[" queryId "]
	forkQuery	[" queryId”、“originalQueryId”)
	moveQueryToTrash	[" queryId "]
	deleteQuery	[" queryId "]
	restoreQuery	[" queryId "]
	createDashboard	[" dashboardId "]
	updateDashboard	[" dashboardId "]
	moveDashboardToTrash	[" dashboardId "]
	deleteDashboard	[" dashboardId "]
	restoreDashboard	[" dashboardId "]
	createAlert	[" alertId”、“queryId”)
	updateAlert	[" alertId”、“queryId”)
	deleteAlert	[" alertId "]
	createVisualization	[" visualizationId”、“queryId”)
	updateVisualization	[" visualizationId "]
	deleteVisualization	[" visualizationId "]
	changePermissions	[" objectType "， " objectId "， " granteeAndPermission "]
	createNotificationDestination	[" notificationDestinationId”、“notificationDestinationType”)
	updateNotificationDestination	[" notificationDestinationId "]
	deleteNotificationDestination	[" notificationDestinationId "]
	createQuerySnippet	[" querySnippetId "]
	updateQuerySnippet	[" querySnippetId "]
	deleteQuerySnippet	[" querySnippetId "]
	downloadQueryResult	[" queryId "， " queryResultId "， " fileType "]
sqlPermissions	createSecurable	(“可獲得的”)
	grantPermission	(“許可”)
	removeAllPermissions	(“可獲得的”)
	requestPermissions	["請求"]
	revokePermission	(“許可”)
	showPermissions	["可到手的”、“主要”)
ssh	登錄	[" containerId "， " userName "， " port "， " publicKey "， " instanceId "]
	注銷	[" userName "， " containerId "， " instanceId "]
webTerminal	startSession	[" socketGUID "， " clusterId "， " serverPort "， " ProxyTargetURI "]
	closeSession	[" socketGUID "， " clusterId "， " serverPort "， " ProxyTargetURI "]
工作空間	changeWorkspaceAcl	[" shardName "， " targetUserId "， " aclPermissionSet "， " resourceId "]
	deleteSetting	[" settingKeyTypeName "， " settingKeyName "， " settingTypeName "， " settingName "]
	fileCreate	(“路徑”)
	fileDelete	(“路徑”)
	moveWorkspaceNode	[" destinationPath”、“路徑”)
	purgeWorkspaceNodes	[" treestoreId "]
	setSetting	[" settingKeyTypeName "， " settingKeyName "， " settingTypeName "， " settingName "， " settingValueForAudit "]
	workspaceConfEdit	[" workspaceConfKeys (values: enableresultsdownloads, enableExportNotebook) "， " workspaceConfValues "]
	workspaceExport	[" workspaceExportFormat”、“notebookFullPath”)

帳戶級審計日誌事件

此表列出了在帳戶級別發生的事件。

請注意

帳戶級事件具有workspaceId字段設置為有效的工作空間ID，如果它們引用與工作空間相關的事件，如創建或刪除工作空間。如果它們沒有與工作空間關聯，則workspaceId字段設置為0。

隻有當日誌下發配置為空時，才會下發帳戶級審計日誌workspace_ids_filter字段。

服務	行動	請求參數
accountBillableUsage	getAggregatedUsage	[" account_id "， " window_size "， " start_time "， " end_time "， " meter_name "， " workspace_ids_filter "]
	getDetailedUsage	[" account_id”、“start_month”、“end_month”、“with_pii”)
賬戶	deleteSetting	[" settingKeyTypeName "， " settingKeyName "， " settingTypeName "， " settingName "， " settingValueForAudit "]
	gcpWorkspaceBrowserLogin	(“用戶”)
	登錄	(“用戶”)
	注銷	(“用戶”)
	setSetting	[" settingKeyTypeName "， " settingKeyName "， " settingTypeName "， " settingName "， " settingValueForAudit "]
accountsManager	updateAccount	[" account_id”、“賬戶”)
	changeAccountOwner	[" account_id”、“first_name”、“last_name”,“電子郵件”)
	updateSubscription	[" account_id "， " subscription_id "， " subscription "]
	listSubscriptions	[" account_id "]
	createWorkspaceConfiguration	(“工作區”)
	getWorkspaceConfiguration	[" account_id”、“workspace_id”)
	listWorkspaceConfigurations	[" account_id "]
	updateWorkspaceConfiguration	[" account_id”、“workspace_id”)
	deleteWorkspaceConfiguration	[" account_id”、“workspace_id”)
	createNetworkConfiguration	(“網絡”)
	getNetworkConfiguration	[" account_id”、“network_id”)
	listNetworkConfigurations	[" account_id "]
	deleteNetworkConfiguration	[" account_id”、“network_id”)
	listWorkspaceEncryptionKeyRecords	[" account_id”、“workspace_id”)
	listWorkspaceEncryptionKeyRecordsForAccount	[" account_id "]
	createVpcEndpoint	[" vpc_endpoint "]
	getVpcEndpoint	[" account_id”、“vpc_endpoint_id”)
	listVpcEndpoints	[" account_id "]
	deleteVpcEndpoint	[" account_id”、“vpc_endpoint_id”)
	createPrivateAccessSettings	[" private_access_settings "]
	getPrivateAccessSettings	[" account_id”、“private_access_settings_id”)
	listPrivateAccessSettings	[" account_id "]
	deletePrivateAccessSettings	[" account_id”、“private_access_settings_id”)
logDelivery	createLogDeliveryConfiguration	[" account_id”、“config_id”)
	updateLogDeliveryConfiguration	[" config_id "， " account_id "， " status "]
	getLogDeliveryConfiguration	[" log_delivery_configuration "]
	listLogDeliveryConfigurations	[" account_id "， " storage_configuration_id "， " credentials_id "， " status "]
ssoConfigBackend	創建	[" account_id "， " sso_type "， " config "]
	更新	[" account_id "， " sso_type "， " config "]
	得到	[" account_id”、“sso_type”)
unityCatalog(見請注意）	createMetastore	(“名字”,“storage_root”)
	getMetastore	[" id "]
	getMetastoreSummary
	listMetastores
	updateMetastores	[" id "， " name "， " storage_root "， " default_data_access_config_id "， " delta_sharing_enabled "， " owner "]
	deleteMetastore	[" id ",“力量”)
	createMetastore	[" workspace_id "， " metastore_id "， " default_catalog_name "]
	updateMetastoreAssignment	[" workspace_id "， " metastore_id "， " default_catalog_name "]
	createExternalLocation
	getExternalLocation
	listExternalLocations
	updateExternalLocation
	deleteExternalLocation
	createCatalog	["名稱")
	deleteCatalog	[" name_arg "]
	getCatalog	[" name_arg "]
	updateCatalog	[" name_arg "， " name "， " owner "， " comment "]
	listCatalog
	createSchema	(“名字”,“catalog_name”)
	deleteSchema	[" full_name_arg "]
	getSchema	[" full_name_arg "]
	listSchema	[" catalog_name "]
	updateSchema	[" full_name_arg "， " name "， " owner "， " comment "]
	createStagingTable	[" name "， " catalog_name "， " schema_name "]
	不知道	[" name "， " catalog_name "， " schema_name "， " table_type "， " data_source_format "， " column_infos "， " storage_location "， " sql_path "， " view_definition "， " comment "]
	deleteTable	[" full_name_arg "]
	可以獲得的	[" full_name_arg "]
	privilegedGetTable	[" full_name_arg "]
	listTables	[" catalog_name”、“schema_name”)
	listTablesSummaries
	updateTables	[" name "， " table_type "， " data_source_format "， " column_infos "， " storage_location "， " sql_path "， " view_definition "， " owner "， " comment "]
	createStorageCredentials
	listStorageCredentials
	getStorageCredentials
	updateStorageCredentials
	deleteStorageCredentials
	createCredentials	[" data_access_configuration_id "， " table_id "， " operation "]
	generateTemporaryTableCredential
	generateTemporaryPathCredential
	getPermissions	[" securable_type "， " securable_full_name "， " principal "]
	updatePermissions	[" securable_type "， " securable_full_name "， " changes "]
	createRecipient	(“名字”、“評論”)
	deleteRecipient	["名稱")
	getRecipient	["名稱")
	listRecipient
	createShare	(“名字”、“評論”)
	deleteShare	["名稱")
	getShare	["名稱")
	updateShare	(“名字”,“更新”)
	listShares
	getSharesPermissions	["名稱")
	updateSharePermissions	(“名字”,“變化”)
	getRecipientSharePermissions	["名稱")
	createProvider
	updateProvider
	deleteProvider
	getProvider
	listProvider
	listProviderShares
	rotateRecipientToken
	privilegedGetAllPermissions	(“可獲得的”)
	getActivationUrInfo	[" recipient_name "]
	retrieveRecipientToken	[" recipient_name "]
	metadataSnapshot
	metadataAndPermissionsSnapshot
	getInformationSchema

請注意

返回Delta共享操作unityCatalog服務。上表列出了其中的許多操作，但要了解更多操作和詳細信息，請參見使用增量共享審計和監控數據共享(適用於提供商)和使用差值共享審計和監視數據訪問(針對接收方)。

已棄用的審計日誌事件

Databricks已棄用以下審計事件:

createAlertDestination(現在是createNotificationDestination)
deleteAlertDestination(現在是deletenotifationdestination)
updateAlertDestination(現在是updateNotificationDestination)

分析審計日誌

您可以使用Databricks分析審計日誌。下麵的示例使用日誌報告Databricks訪問和Apache Spark版本。

將審計日誌加載為DataFrame，並將DataFrame注冊為臨時表。

             瓦爾df＝火花。讀。格式（“json”）.負載（“gs: / / bucketName /道路/ /你/審計日誌”）df。createOrReplaceTempView（“audit_logs”）
            

列出訪問Databricks的用戶和從哪裏訪問的。

             ％sql選擇截然不同的userIdentity。電子郵件，sourceIPAddress從audit_logs在哪裏名＝“賬戶”和actionName就像登錄“% %”
            

檢查使用的Apache Spark版本。

             ％sql選擇requestParams。spark_version，數（*）從audit_logs在哪裏名＝“集群”和actionName＝“創造”集團通過requestParams。spark_version
            

檢查表數據訪問。

             ％sql選擇*從audit_logs在哪裏名＝“sqlPermissions”和actionName＝“requestPermissions”
            