Unity Catalog native query audit brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This can be seen on the audit page or in user and data activity dashboards.
While the Immuta user is unknown, the user's Databricks Unity Catalog username can be found within the audit log. To view the user's data platform username:
Navigate to the event page.
Select View JSON.
The username can be found in the auditPayload.technologyContext.account.
username
field.
To improve your future audit records, ensure these users are properly registered and can be named in the logs:
If you have not registered any users, pull in users from your IAM.
If you have registered users but this user was missed, manually create the Immuta user.
If this user is in Immuta but not appearing in the audit record, map the user's Databricks username into Immuta.