Skip to content

Unknown Users in Audit Logs

Unity Catalog native query audit brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This can be seen on the audit page or in user and data activity dashboards.

Identify users

While the Immuta user is unknown, the user's Databricks Unity Catalog username can be found within the audit log. To view the user's data platform username:

  1. Navigate to the event page.
  2. Select View JSON.
  3. The username can be found in the auditPayload.technologyContext.account.username field.

Register users

To improve your future audit records, ensure these users are properly registered and can be named in the logs:

  1. If you have not registered any users, pull in users from your IAM.
  2. If you have registered users but this user was missed, manually create the Immuta user.
  3. If this user is in Immuta but not appearing in the audit record, map the user's Databricks username into Immuta.