Skip to content

Latest commit

 

History

History
100 lines (86 loc) · 3.09 KB

5.11.md

File metadata and controls

100 lines (86 loc) · 3.09 KB
Raw

5.11 - Recent dataset activity with granular permissions details

List who/how performed various Dataset activities (create, read, delete) in the past month. Include what kind of permissions users had to perform that operation.

Category: Data Usage
Use Cases: Audit, Respond
Data Sources: Audit Logs - Admin Activity

Queries or Rules

BigQuery Chronicle Log Analytics
SQL Contribute rule SQL

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

google.cloud.bigquery.v2.JobService.InsertJob-dataRead

[
  {
    "logName": "projects/1234/logs/cloudaudit.googleapis.com%2Fdata_access",
    "resource": {
      "type": "bigquery_dataset",
      "labels": {
        "method": null,
        "version": null,
        "location": null,
        "project_id": "1234",
        "service": null,
        "name": null,
        "dataset_id": "my_dataset"
      }
    },
    "protopayload_auditlog": {
      "serviceName": "bigquery.googleapis.com",
      "methodName": "google.cloud.bigquery.v2.JobService.InsertJob",
      "resourceName": "projects/1234/datasets/my_dataset/tables/my_table",
      "resourceLocation": null,
      "numResponseItems": null,
      "status": null,
      "authenticationInfo": {
        "principalEmail": "test-user@example.com",
        "authoritySelector": null,
        "serviceAccountKeyName": null,
        "serviceAccountDelegationInfo": [

        ],
        "principalSubject": null
      },
      "authorizationInfo": [
        {
          "resource": "projects/1234/datasets/my_dataset/tables/my_table",
          "permission": "bigquery.tables.getData",
          "granted": "true",
          "resourceAttributes": null
        }
      ],
      "requestMetadata": {
        "callerIp": "203.0.113.255",
        "callerSuppliedUserAgent": "<redacted>",
        "callerNetwork": null,
        "requestAttributes": null,
        "destinationAttributes": null
      },
      "requestJson": null,
      "servicedata_v1_bigquery": null,
      "metadataJson": "{\"@type\":\"type.googleapis.com/google.cloud.audit.BigQueryAuditMetadata\",\"tableDataRead\":{\"fields\":[\"_PARTITIONDATE\",\"columnA\",\"structA\",\"structA.foo\",\"structA.bar\"],\"jobName\":\"projects/1234/jobs/12345678\",\"reason\":\"JOB\"}}",
      "responseJson": null,
      "servicedata_v1_iam": null,
      "policyViolationInfo": null
    },
    "textPayload": null,
    "timestamp": "2022-08-22T02:12:57.630Z",
    "receiveTimestamp": "2022-08-22T02:12:58.346Z",
    "severity": "INFO",
    "insertId": "2ihezydi73o",
    "httpRequest": null,
    "operation": null,
    "trace": null,
    "spanId": null,
    "traceSampled": null,
    "sourceLocation": null,
    "split": null
  }
]

References