Skip to content

You are viewing documentation for Immuta version 2.8.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

cancel

Audit HTTP API

Audience: Data Owners

Content Summary: The Audit API allows users to programmatically create Audit Records in Immuta.

Create Audit Record

Method Path Successful Status Code
POST /audit/createRecord 200

Request Path Parameters: General Details

  • profileId (integer): The profile ID for the user generating the action.
  • component (string): Required The Immuta component used to perform the action. Available options are
    • console
    • featureStore
    • dataSource
    • bim
    • audit
    • policy
    • project
    • plugin
    • governance
    • admin
    • tag
  • sqlUser (string): The database user account performing the action. This parameter should only be used if the action is being performed using a database user account.
  • dataSourceId (integer): The data source ID of the accessed data source. This parameter should only be used if the action is associated with a data source.
  • projectId (integer): The project ID of the project used to access the data source. This parameter should only be used if the action is associated with a project.
  • purposeIds (integer): The purpose ID of the purpose used to access the data source. This parameter should only be used if the action is associated with a purpose.
  • policyId (integer): The policy ID of the policy. This parameter should only be used if the action is associated with a Global Policy.

Request Path Parameters: Data Access

  • dataAccess (object): Describes access to an individual blob or a query that may grant access to data.
    • accessType (string): Indicates whether access was granted to an individual blob or if this was a query accessing data. Available options are
      • blob
      • query
    • blobId (string): The blob ID of the blob accesses. This parameter should be used when accessType equals blob.
    • query (string): The query used to access data. This parameter should only be used when accessType equals query.
    • dataSourceTableName (string): The data source table name that was queried.

Action Result

  • success (boolean): Required Denotes whether the action was successful.
  • failureReason (string): Describes the reason that the action failed. This parameter should only be used if success is false. Acceptable values are
    • systemError
    • insufficientAuthorizations
    • insufficientPermissions
    • userError
  • failureDetails (string): Additional details about the failed action. This parameter should only be used if success is false.

Record Details

  • recordType (string): Required The type of action being captured. Acceptable values are
    • auditQuery
    • blobVisibility
    • blobFetch
    • blobIndex
    • blobDelete
    • blobUpdateFeatures
    • blobUpdateTags
    • sqlAccess
    • spark
    • sqlCreateUser
    • sqlDeleteUser
    • sqlResetPassword
    • featureList
    • sqlQuery
    • dataSourceCreate
    • dataSourceDelete
    • dataSourceExpired
    • dataSourceSave
    • dataSourceGet
    • dataSourceListMine
    • dataSourceSubscription
    • dataSourceTestQuery
    • dictionaryCreate
    • dictionaryDelete
    • dictionaryUpdate
    • projectCreate
    • projectUpdate
    • projectDelete
    • addToProject
    • removeFromProject
    • projectSubscription
    • acknowledgePurposes
    • accessUser
    • accessGroup
    • apiKey
    • tagAdded
    • tagCreated
    • tagDeleted
    • tagUpdated
    • tagRemoved
    • userKernelCreate
    • userKernelUpdate
    • userKernelDelete
    • querySampleData
    • authenticate
    • checkPendingRequest
    • policyExemption
    • governanceUpdate
    • purposeCreate
    • purposeUpdate
    • purposeDelete
    • licenseCreate
    • licenseDelete
    • copySubscribers
    • policyHandlerCreate
    • policyHandlerUpdate
    • globalPolicyCreate
    • globalPolicyUpdate
    • globalPolicyDelete
    • globalPolicyConflictResolved
    • globalPolicyDisabled
    • globalPolicyApplied
    • hdfsUserChanged
    • externalQuery
  • record (object): Describes the action being captured.
    • blobSize (integer): The size (in bytes) of the blob being fetched.
    • sqlUser (string): The username of the user whose access is being manipulated.
    • action (string): Denotes whether access was granted or revoked. Acceptable values are
      • revoked
      • granted
    • subscriptionState (string): Indicates the state to which the record was changed. Acceptable values are
      • denied
      • subscribed
      • expert
      • owner
      • ingest
      • unsubscribed
    • accessedId (integer): The user identifier of the user who is being acted upon.
    • accessedIdType (string): Type of user being acted upon. Acceptable values are
      • user
      • group
    • hardDelete (boolean): Denotes whether this was a hard delete.
    • expirationDate (datetime): Denotes when the action expired in Immuta.
    • accessType (string): Denotes how the specified user was accessed. Acceptable values are
      • update
      • get
      • search
      • create
      • delete
      • complete
      • newToken
      • clone
      • disable
    • accessedIamId (string): The IAM ID for the user being accessed.
    • accessedUserId (string): The user being accessed.
    • groupAccessType (string): Denotes how the specified group was accessed. Acceptable values are
      • update
      • get
      • search
      • create
      • delete
      • addUser
      • removeUser
    • groupIamId (string): The IAM ID for the group being accessed.
    • accessedGroupId (integer): The group being accessed.
    • keyAction (string): The action taken on the API key. Acceptable values are
      • get
      • delete
    • keyId (integer): The API key ID.
    • keyIamId (string): The IAM ID for the user who owns the API key accessed.
    • keyUserId (string): The user who owns the API key accessed.
  • extra (object): A JSON object representing the additional information to be logged/audited.

Response

The endpoint returns an object with a success array and failure array.

Example Requests

SQL Query: Data Source is Known:

{
"component": "featureStore",
"recordType": "externalQuery"
"profileId": 1,
"dataSourceId": 1,
"dataAccess": {
    "accessType": "query",
    "query": "SELECT * FROM my_data_source",
    "dataSourceTableName": "my_data_source"
},
"success": true
}

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/audit/createRecord

SQL Query: Data Source and Project are Known:

{
"component": "featureStore",
"recordType": "externalQuery"
"profileId": 1,
"projectId": 1,
"dataSourceId": 1,
"dataAccess": {
    "accessType": "query",
    "query": "SELECT * FROM my_data_source",
    "dataSourceTableName": "my_data_source"
},
"success": true
}

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/audit/createRecord

Failed SQL Query: Data Source and Project are Known:

{
"component": "featureStore",
"recordType": "externalQuery"
"profileId": 1,
"projectId": 1,
"purposeIds": [1],
"dataSourceId": 1,
"dataAccess": {
    "accessType": "query",
    "query": "SELECT * FROM my_data_source",
    "dataSourceTableName": "my_data_source"
},
"success": false,
"failureReason": "insufficientPermissions",
"recordType": "sqlQuery"
}

curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer dea464c07bd07300095caa8" \
    --data @example-payload.json \
    https://demo.immuta.com/audit/createRecord