Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Immuta provides robust audit logging on actions within the application and on queries in remote technologies like Snowflake, Databricks, and Unity Catalog. Users with the audit permission can view the audit page in Immuta and export audit logs to S3 or ADLS Gen2.
Export audit logs to S3: Use the CLI or GraphQL to export Immuta audit logs to S3. These logs can then be stored long-term, used for compliance, or viewed in analytic platforms.
: Use the CLI or GraphQL to export Immuta audit logs to ADLS Gen2. These logs can then be stored long-term, used for compliance, or viewed in analytic platforms.
: Use the Immuta UI audit page to find audit event logs.
: Create a governance report in the Immuta UI to understand the state of your Immuta environment.
: This reference guide describes Immuta's universal audit model, the events available in this model, and the recommended audit workflow.
: This reference guide lists the UAM events and examples of the logs.
Query audit logs: These reference guides describe the audit available for the specific integration, details about enabling and configuring audit, and an example schema.
Audit export GraphQL reference guide: This reference guide describes the commands available in the GraphQL for exporting audit logs.
Governance reports: This reference guide describes the different reports available in Immuta.
Unknown users in audit logs: Unity Catalog query audit brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This guide illustrates how to determine the username of these Unknown users and register them in Immuta.
Immuta’s universal audit model (UAM) provides audit logs with a consistent structure for query, authentication, policy, project, and tag events from your Immuta users and data sources. You can view the information in these UAM audit logs on the audit dashboards or export the full audit logs to S3 and ADLS for long-term backup and processing with log data processors and tools. This capability fosters convenient integrations with log monitoring services and data pipelines.
You can specify an S3 bucket destination where Immuta will periodically export audit logs when using S3. When using ADLS, you can specify the container destination where Immuta will export audit logs. If desired, users can configure both export options to export their audit logs to S3 and ADLS simultaneously.
The events captured are events relevant to user and system actions that affect Immuta or the integrated data platforms, such as creating policies or data sources and running queries.
See a list of the events captured and example schemas on the UAM schema reference guide.
The Immuta audit service is an independent microservice that captures audit events from Immuta and queries run against your Snowflake, Databricks Spark, Databricks Unity Catalog, or Starburst (Trino) integration.
Immuta stores the export endpoints you provide during configuration, retrieves the audit records pushed to the audit service by your integration, and manages the audit exports based on an export schedule you define. These audit records are also stored to support future reporting and user interface enhancements that will allow you to search based on keywords and facets easily across the entire body of audit events.
When you configure the audit export using the CLI for and , the audit service stores the export endpoint you provided.
After the integration endpoint has been configured, the export scheduler will run on the schedule you defined in your configuration.
When users query data and the event is audited, the audit service receives events from your Snowflake, Databricks Spark, Databricks Unity Catalog, or Starburst (Trino) integration.
Immuta exports the audit logs to your configured S3 bucket or ADLS container.
The table below outlines what information is included in the query audit logs for each integration where query audit is supported.
Legend:
✅ This is available and the information is included in audit logs.
❌ This is not available and the information is not included in audit logs.
The audit service does not capture system-level logging and debugging information, such as 404 errors.
Snowflake query audit events from a query using cached results will show 0 for the rowsProduced field.
Immuta determines unauthorized events based on error messages within Unity Catalog records. When the error messages contain expected language, unauthorized events will be available for Databricks Unity Catalog audit logs. In other cases, it is not possible to determine the cause of an error.
Immuta audit records include unregistered data sources and users; however, activity from them will not appear in any .
Databricks queries where the response is being served from cache will not be represented in the system.access.column_lineage table which means the query audit records will be unmapped in Immuta.
Audit for unauthorized access is not currently supported.
objectsAccessed is not available with Hive or Iceberg views.
columnsAccessed will include columns related to the query that were not actually accessed in some cases:
Immuta reports allow data governors to use a natural language builder to instantly create reports that detail user activity across Immuta.
Click select entity and choose the option you would like the report based on from the dropdown menu. Your options include User, Group, Project, Data Source, Purpose,
After making your selection, type your entity name in the enter name field.
Select the name from the dropdown menu that appears. Once the entity name has been selected, a number of reports will populate the center window.
Click a tile with the description of the report to run that report. You may only see up to 100 rows of output in the UI when you run a report. To see the full results of your report, follow the step below to export to CSV.
Once you've run the report, you can click the Export to CSV button to download the report.
If you would like to switch reports from this page, you can make changes by clicking the dropdown menu and then Refresh to run a new report. Otherwise, click Back to Report Builder to return to the full report builder.
Default 9-minute timeout
Governance report queries will time out after 9 minutes to avoid overconsumption of resources. If your governance report was not generated because of this timeout, submit a support ticket to change the default setting.
Columns returned
✅
❌
✅
✅
Rows returned
✅
❌
✅
✅
Query text
✅
✅
✅
✅
Unauthorized information
Limited support
✅
✅
❌
columnsAccessed.For conditional masking, if the policy protects a column accessed, then the conditional column will be included in the columnsAccessed.
Table and user coverage
Registered data sources and users
Registered data sources and users
All tables and users
Registered data sources and users
Object queried
✅
✅
✅
✅
brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This can be seen on the audit page or in user and data activity dashboards.
While the Immuta user is unknown, the user's Databricks Unity Catalog username can be found within the audit log. To view the user's data platform username:
Navigate to the event page.
Select View JSON.
The username can be found in the auditPayload.technologyContext.account.username field.
To improve your future audit records, ensure these users are properly registered and can be named in the logs:
If you have not registered any users, pull in users from your IAM.
If you have registered users but this user was missed, manually create the Immuta user.
If this user is in Immuta but not appearing in the audit record, map the user's Databricks username into Immuta.
Click Filters, and select the filter you want from the options.
To remove the filters, click the delete (X) icon.
Note: For a more responsive experience, Immuta limits the number of auto-suggested filter values to 100 of the most active values. The total item count for each filter type still reflects the number of events in the dashboard time range.
By default, the time range for the audit page is 24 hours. To select a different time range,
Click the date range.
Select the time range you want from the options, choose to enter a custom date range, or choose to enter a custom time range in hours.
Note this will revert back to the default when you log out.
Audit events from Snowflake and Databricks Unity Catalog are ingested on a configurable schedule; however, users can manually pull in audit events from these integrations at any time by completing the following steps.
Click Insights in the navigation menu and select Audit.
Click Load Audit Events.
The ingestion job may take time to finish, but will complete in the background. Once it is complete, the new audit events will populate on the events page.
Requirements:
Immuta permission AUDIT
If you will use the Immuta CLI instead of GraphQL API, . Must be CLI v1.4.0 or newer.
Use the following how-to to configure a periodical export of your Immuta audit logs to an S3 bucket. This export configuration requires access to your S3 bucket to add objects using one of the following authentication methods:
Configure your Immuta audit logs to export to your S3 bucket and allow Immuta to authenticate using your AWS access key ID and secret access key.
Before Immuta can export audit events to your S3 bucket, you need to create a bucket policy that allows the Immuta audit service to add objects to your specified S3 bucket. The following Amazon S3 action will be granted to the audit service in the bucket policy:
: Allows Immuta to add an object to a bucket.
If your S3 bucket is encrypted, the following permissions must also be granted to the role:
: Allows Immuta to download an object encrypted with an AWS key. Immuta requires this to encrypt the audit objects exported to S3.
: Allows Immuta to upload an encrypted object to an S3 bucket.
To create the policy for the bucket, you must be the bucket owner.
Follow for adding a bucket policy in the Amazon S3 console. To create the policy for the bucket, you must be the bucket owner.
Edit the JSON in the Policy section to include a bucket policy like the example below. In this example, the policy allows immuta-audit-service (the ) to add objects to your-bucket-name (and the contents within that bucket).
Note: If you use this example, replace the content in angle brackets with your and bucket name.
Save your changes.
Configure the audit export to S3 using the Immuta CLI or GraphQL API with the following fields:
interval: The interval at which audit logs will be exported to your S3 bucket. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
bucket name: Name of the bucket your audit logs will be sent to that you added the policy to above.
bucket path: The name of the folder within the bucket to put the audit logs in. This field is optional.
region: AWS region (such as "us-east-1").
Run the following command with the above fields in a JSON file:
Example ./exportConfig.json file
For additional CLI commands, see the .
Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:
Example response
For additional GraphQL API commands, see the.
If the configuration is successful, you will see an .immuta.export.log file in your bucket.
Configure your Immuta audit logs to export to your S3 bucket and allow Immuta to authenticate using an . With this option, you provide Immuta with an IAM role from your AWS account that is granted a trust relationship with Immuta’s IAM role for adding objects to your S3 bucket. Immuta will assume this IAM role from Immuta’s AWS account in order to perform operations in your AWS account.
Immuta requires a role with the following allowed action to the S3 bucket you want the audit logs exported to:
which allows the role to add an object to a bucket.
If your S3 bucket is encrypted, the following permissions must also be granted to the role:
: Allows Immuta to download an object encrypted with an AWS key. Immuta requires this to encrypt the audit objects exported to S3.
: Allows Immuta to upload an encrypted object to an S3 bucket.
Follow to create a new role for Immuta to assume and add objects to your S3 bucket.
Follow for creating IAM policies in the Amazon S3 console for the new role. Use the example JSON below to allow the provided role to add objects to the specified buckets. Ensure the buckets provided here are the ones used when configuring the export.
Note: If you use this example, replace the content in angle brackets with your bucket name.
Response error
When creating the export configuration, this step will return an error. Take the returned export configuration ID and continue with step 3 and 4 to create a trust relationship and verify the connection between Immuta and S3.
Configure the audit export to S3 using the Immuta CLI or GraphQL API with the following fields:
interval: The interval at which audit logs will be exported to your S3 bucket. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
bucket name: Name of the bucket your audit logs will be sent to.
bucket path: The name of the folder within the bucket to put the audit logs in. This field is optional.
region: AWS region (such as "us-east-1").
Run the following command with the above fields in a JSON file:
Example ./exportConfig.json file
Example response:
For additional CLI commands, see the
Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:
Example response
For additional GraphQL API commands, see the .
Follow for creating IAM policies in the Amazon S3 console. Use the example JSON below to create a trust policy between Immuta and your AWS bucket.
Fill in the content in angle brackets with the following:
Immuta AWS Account ID: Contact your Immuta representative for this ID.
Export Configuration ID: Insert the ID from step 2's response.
Now that the configuration and the trust relationship have been created, test the connection from Immuta to S3 to ensure your audit logs are exported to your S3 bucket. Additionally, if the configuration is successful, you will see an .immuta.export.log file in your bucket.
If connectionStatus returns SUCCESS, your export configuration has been successfully set up.
Run the following command
Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql:
Requirements:
Immuta permission AUDIT
If you will use the Immuta CLI instead of GraphQL API, install and configure the Immuta CLI. Must be CLI v1.4.0 or newer.
Before Immuta can export audit events to your Azure Data Lake Storage (ADLS) Gen2 storage account, you need to create a shared access signature (SAS) token that allows the Immuta audit service to add audit logs to your specified ADLS storage account and file system.
Follow the Azure documentation to create the following in Azure:
with the following settings required for audit export:
Enable hierarchical namespace
Standard performance is adequate, but premium may be used
.
Save the SAS token to use in the next steps. Do not navigate away from the SAS page unless you have saved the token.
Configure the audit export to ADLS using the Immuta CLI or GraphQL API with the following fields:
interval: The interval at which audit logs will be exported to your ADLS storage. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
storage account: The name of the storage account you created that your audit logs will be sent to.
file system: The name of the file system (or container) you created that your audit logs will be written to.
path: The name of the path in the file system. This will be a new folder or directory in the container where Immuta will send your audit logs for storage.
Run the following command with the above fields in a JSON file:
Example ./your-exportConfig.json file
For additional CLI commands, see the .
Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:
Example response
For additional GraphQL API commands, see the .
Immuta reports allow data governors to use a natural language builder to instantly create reports that delineate user activity across Immuta. These reports can be based on various entity types, including users, groups, projects, data sources, purposes, policy types, or connection types.
or .
Default 9-minute timeout
Governance report queries will time out after 9 minutes to avoid overconsumption of resources. If your governance report was not generated because of this timeout, to change the default setting.
User reports can be run for all users or for individual users who have been registered in Immuta. Non-registered users' activity will not appear in reports.
Data sources subscribed to. This report lists data sources each user is subscribed to and includes user roles, subscription types, when users last subscribed, who approved the users' subscriptions to the data sources, when the subscriptions expire, what attributes the users possess, and the groups the users belong to.
Status of all users. This report lists account information of all users in the system, including the users' full names, usernames, IAMs, HDFS principals, and last login dates.
Groups the user belongs to. This report lists the names of the groups the user belongs to and the dates that groups were joined.
Data sources the user subscribes to. This report details the data source names, the user's roles, when the user last subscribed, who approved the subscriptions, when the subscriptions expire (if applicable), and the reasons for subscribing (if applicable).
Projects the user is currently a member of. This report lists the project names, whether the projects are public or private, the user's roles in the projects, the creator of the projects, when the projects were created, and when the user joined the projects.
All data sources ever accessed by the user. This report lists the data source names, when the data sources were first accessed by the user (or "read date"), and when the data sources were last accessed by the user. By default, this report only displays the last month of results. (You can download the full report by clicking Export to CSV.) The time period can be configured in the Date Range fields.
Attributes the user has. This report lists the current attributes a user has and the values assigned to each attribute.
Purposes for accessing data. This report lists all purposes under which the user has accessed data sources. By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.) The time period can be configured in the Date Range fields.
Group reports can be run for all groups or for individual groups.
Data sources that groups are manually subscribed to. This report lists the data source names, the group's role, when the group last subscribed to the data sources, who approved the subscriptions, and the expiration dates (if applicable), and reasons (if applicable) for the subscriptions.
Users who belong to the group. This report lists the names of users and the dates the users joined the group.
Data sources that this group is manually subscribed to. This report lists the data source names, the group's role, when the group last subscribed to the data sources, who approved the subscriptions, and the expiration dates (if applicable), and reasons (if applicable) for the subscriptions.
Projects that users in this group are members of. This report includes the names of the projects, whether the projects are public or private, the group's role in the projects, the names of the project creators, when the projects were created, and when the group joined the projects.
Attributes of the group. This report includes the names of the attributes assigned to this group.
Users and groups who are members of the project. This report includes usernames, email addresses, user roles in the project, when the users joined, and the subscription types. The subscription types may be "Individual User," indicating that the user joined the project directly, or it might be "Group," in which case the name of the group will be stated. Group subscriptions occur when an entire group is added to a project.
Data sources that are part of the project. This report lists the data source names, the reasons given when added to the project (if applicable), the users who added the data sources, and when the data sources were added to the project.
Purpose of the project. This report includes the purpose name, the user who added the purpose, and when the purpose was added to the project.
Data source reports can be run for all data sources or for individual data sources that are registered in Immuta. Activity to non-registered tables will not appear in the reports.
Users and groups subscribed to data sources. This report lists all users and groups subscribed to every data source and includes usernames, email addresses, subscription types, user roles, subscription dates, who approved the subscriptions, expiration dates, and user attributes.
Users and groups subscribed to the data source. This report lists the names of users, reasons for accessing the data sources (if applicable), user roles, email addresses, when users last subscribed, who approved the subscriptions, when the subscriptions expire (if applicable), and the subscription types. A subscription type may be "Individual User," indicating that the user subscribed to the data sources directly, or it might be "Group," in which case the name of the group will be stated. Group subscriptions occur when an entire group is added to a data source.
Projects that contain the data source. This report lists the project names, the users who added the data source to projects, when the data source was added to projects, the reasons for adding the data sources (if applicable), whether the projects are public or private, who created the projects, and when the projects were created.
Purposes of all projects that contain the data source. This report states the purpose names, the users who assigned the purposes to the projects, the dates the purposes were assigned, the names of the projects, the reasons the purposes were added (if applicable), whether the projects are public or private, who created the projects, and when the projects were created.
All users who have accessed the data source. This report lists usernames, email addresses, each user's latest query, and the date of the last access. By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.) The time period can be configured in the Date Range fields.
All purposes for data source access. This report lists users who have accessed the data source and the purposes under which they were working. By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.) The time period can be configured in the date field.
All users who have subscribed to the data source. This report lists users or groups, email addresses, when users subscribed, reasons for subscriptions (if applicable), who approved the subscriptions, when the subscriptions expire, and the dates and reasons users unsubscribed (if applicable). By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.)
All identifiers for the columns of the data source. This report lists all the identifiers that matched to a column of the data source through identification. It includes information about the column name, the hit percentage, and the number of rows sampled.
The statistics of the last identification run on the data source. This report lists the columns of the data source and scoring information based on the identification run. Generate and send this report to your Immuta support professional if you need assistance tuning identification.
Users who are members of projects with this purpose. This report lists usernames, email addresses, their roles in the project, the names of the projects, whether the projects are public or private, the creators of the projects, when the projects were created, when users joined, and their subscription types (individual or group).
Data sources that are part of projects with this purpose. This report lists the names of the data sources, who created the data sources, the project names, whether the projects are public or private, the creators of the projects, whether the projects have other purposes, and when the projects were created. Note that whether projects have other purposes will be assigned as "True" or "False."
Whether any other purposes have been combined with this purpose. This report lists the names of the other purposes combined with the purpose you select, the project name where they are combined, the users who added each purpose, the project creator, whether the project is public or private, and the date the project was created.
Projects that have this purpose. This report lists the names of the projects, the users who added the purpose, whether the projects are public or private, creators of the projects, whether the projects have other purposes, and when the projects were created.
Data sources that have been accessed for this purpose. This report lists the names of the data sources, the users who accessed data sources for this purpose, the project names, and whether projects have other purposes. By default, this report only displays the last month of results, but the time period can be configured in the date field.
Data sources with this policy type. Immuta supports a range of policy types, such as masking, WHERE clauses, purpose restrictions, and more. This report lists every data source with this policy type, including when they were created, who created the data sources, who created the policy, and when the policy was created.
Global policy reports can be run for all global policies or for individual global policies.
Global policies that have been disabled. This report details the names of the policies, the policies themselves, the policy types, the data sources from which the policies were disabled, who disabled the policies, when they were disabled, the justifications the users provided for disabling the policies, who created the policies, when the policies were created, and how the policies were associated with the data sources.
Global policies that cannot currently be applied. This report details the names of the policies, the policies themselves, the policy types, the names of the data sources the policies cannot be applied to, when the data sources were created, when the policies were created, the reasons the policies cannot be applied, who created the policies, and how the policies are associated with the data sources.
Data sources impacted by the policy. This report lists the data sources, when the data sources were created, and whether or not the policy is fully applied to the data sources.
Data sources impacted by the policy that have not been certified. This report lists the data sources that have not been certified, when the global policy was applied, and the data owner.
Data sources impacted by the policy that have been certified. This report lists the data sources that have been certified, the user that certified it, when the global policy was applied, and when it was certified.
Data sources with this connection type. This report lists the data sources, each data source's creator, the creation date, and the tables or queries used by the connection selected.
Tag reports can be run for all tags or for individual tags.
Data sources this tag has been assigned to. This report generates a list of data sources associated with that tag and includes the columns tagged, the value types of the data tagged, who tagged the data sources, when the data sources were tagged, and when the data sources were created.
Purposes associated with data sources containing this tag. This report generates a list of purposes under which users have accessed data sources containing this tag. By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.) The time period can be configured in the Date Range fields.
Users who have accessed data sources containing this tag. This report lists users who have accessed data sources with this tag, their email addresses, when they queried the data, and when the data sources were created.
Projects that contain data with this tag. This report details the projects associated with this tag, whether or not the projects are public or private, when the projects were created, the data sources in the projects, and when the data sources were created.
Users that have subscribed to data sources with any tag. This report lists users, their subscription type, and all of the tags in Immuta with information of whether or not users are subscribed to at least one data source where that tag is applied.
Data sources any tag has been applied to. This report lists data sources with the tags applied to them and the columns they are applied to.
Projects that contain a data source with any tag. This report lists projects and the data sources assigned to them with the tag they have applied.
Columns with SDD tags applied. This report generates a list of all tags that have been applied to data sources by identification. It includes information about the column it is applied to within each data source and active policies that use the tag.
accessKeyId: AWS access key ID for authentication. See the AWS documentation for information about using an access key ID and secret access key.
secretAccessKey: AWS secret access key for authentication.
roleArn: AWS role ARN for authentication that you added the policies to above. Immuta will assume this role when exporting audit logs to S3.
A shared access signature (SAS) for your dedicated container with at least the following permissions at the storage account or container level:
Create
Write
SAS token: The previously-generated SAS token.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<Your AWS account ID>:user/<Your IAM User>"
},
"Action": [
"s3:PutObject",
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:s3:::<your-s3-bucket>",
"arn:aws:s3:::<your-s3-bucket>/*"
]
}
]
}immuta audit exportConfig create:s3:accessKey ./exportConfig.json{
"interval": "EVERY_12_HOURS",
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-aws-region",
"accessKeyId": "YOURACCESSKEYID",
"secretAccessKey": "YOUR/SECRET/ACCESSKEY"
}mutation {
createS3AccessKeyExportConfiguration(
data: {
interval: EVERY_12_HOURS
bucket: "your-s3-bucket"
path: "your-optional-s3-bucket-path"
region: "your-aws-region"
accessKeyId: "YOURACCESSKEYID"
secretAccessKey: "YOUR/SECRET/ACCESSKEY"
}
)
{
id
interval
enabled
connectionStatus
endpointConfiguration {
... on S3AccessKeyEndpointConfiguration {
bucket
path
region
}
}
}
}{
"data": {
"createS3AccessKeyExportConfiguration": {
"id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
"interval": "EVERY_12_HOURS",
"enabled": true,
"connectionStatus": "SUCCESS",
"endpointConfiguration": {
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-region",
}
}
}
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:s3:::<your-s3-bucket>",
"arn:aws:s3:::<your-s3-bucket>/*"
]
}
]
}immuta audit exportConfig create:s3:assumedRole ./exportConfig.json{
"interval": "EVERY_12_HOURS",
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-region",
"roleArn": "arn:aws:iam::<Your AWS Account ID>:role/<the prepared role>"
}{
"data": {
"createS3AssumedRoleExportConfiguration": {
"id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
"interval": "EVERY_12_HOURS",
"enabled": true,
"connectionStatus": "Error testing access to S3 using AssumedRole <Your Role> - User: <Immuta Account> is not authorized to perform: sts:AssumeRole on resource: <Your Role>",
"endpointConfiguration": {
"__typename": "S3AssumedRoleEndpointConfiguration",
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-region",
}
}
}
}mutation {
createS3AssumedRoleExportConfiguration(
data: {
interval: EVERY_12_HOURS
bucket: "your-s3-bucket"
path: "your-optional-s3-bucket-path"
region: "your-region"
roleArn: "arn:aws:iam::<Your AWS Account ID>:role/<the prepared role>"
}
)
{
id
interval
enabled
connectionStatus
endpointConfiguration {
... on S3AssumedRoleEndpointConfiguration {
bucket
path
region
}
}
}
}{
"data": {
"createS3AssumedRoleExportConfiguration": {
"id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
"interval": "EVERY_12_HOURS",
"enabled": true,
"connectionStatus": "Error testing access to S3 using AssumedRole <Your Role> - User: <Immuta Account> is not authorized to perform: sts:AssumeRole on resource: <Your Role>",
"endpointConfiguration": {
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-region",
}
}
}
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<Immuta AWS Account ID>:root"
},
"Action": "sts:AssumeRole",
"Condition": {"StringEquals": {"sts:ExternalId": "<Export Configuration ID>"}}
}
]
}immuta audit exportConfig listquery {
getAllExportConfigurations{
id
connectionStatus
}
}immuta audit exportConfig create:adls:sasToken ./your-exportConfig.json{
"interval": "EVERY_12_HOURS",
"storageAccount": "your-adls-storage-account",
"fileSystem": "audit-output",
"path": "immuta-audit",
"sasToken": "your-sas-token"
}mutation {
createAdlsSasTokenEndpointConfiguration(
data: {
interval: "EVERY_12_HOURS",
storageAccount: "your-adls-storage-account",
fileSystem: "audit-output",
path: "immuta-audit",
sasToken: "your-sas-token"
}
)
{
id
interval
enabled
connectionStatus
endpointConfiguration {
... on AdlsSasTokenEndpointConfiguration {
storageAccount
fileSystem
path
}
}
}
}{
"data": {
"createAdlsSasTokenEndpointConfiguration": {
"id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
"interval": "EVERY_12_HOURS",
"enabled": true,
"connectionStatus": "SUCCESS",
"endpointConfiguration": {
"storageAccount": "your-adls-storage-account",
"fileSystem": "audit-output",
"path": "immuta-audit"
}
}
}
}Use these audit export configuration commands to manage exporting your audit logs to S3 and ADLS Gen2. To configure an audit export see the Export to S3 or Export to ADLS guides.
To disable a configuration, use the disableExportConfiguration mutation:
To enable a disabled configuration, use the enableExportConfiguration mutation:
To delete a configuration, use the deleteExportConfiguration mutation:
To update an existing configuration, use the mutation for your specific export configuration:
: updateS3AccessKeyExportConfiguration
: updateS3AssumedRoleExportConfiguration
: updateAdlsSasTokenExportConfiguration
Update the configuration to make small changes, i.e., to rotate the token, rather than deleting the existing one and creating a new one.
mutation {
disableExportConfiguration(
id: "<export configuration ID>"
)
{
id
}
}"data": {
"disableExportConfiguration": {
"id": "<export configuration ID>"
}
}mutation {
enableExportConfiguration(
id: "<export configuration ID>"
)
{
id
}
}"data": {
"enableExportConfiguration": {
"id": "<export configuration ID>"
}
}mutation {
deleteExportConfiguration(
id: "<export configuration ID>"
)
{
id
}
}"data": {
"deleteExportConfiguration": {
"id": "<export configuration ID>"
}
}mutation {
updateAdlsSasTokenExportConfiguration(
data: {
id: "<export configuration ID>"
interval: EVERY_2_HOURS
storageAccount: "your-adls-storage-account",
fileSystem: "audit-output",
path: "immuta-audit",
sasToken: "your-sas-token"
}
)
{
id
interval
enabled
endpointConfiguration {
__typename
... on AdlsSasTokenEndpointConfiguration {
storageAccount
path
fileSystem
}
}
}
}{
"data": {
"updateAdlsSasTokenExportConfiguration": {
"id": "<export configuration ID>",
"interval": "EVERY_12_HOURS",
"enabled": true,
"endpointConfiguration": {
"storageAccount": "your-adls-storage-account",
"fileSystem": "audit-output",
"path": "immuta-audit"
}
}
}
}Snowflake query audit logs is a feature that audits queries that users run natively in Snowflake and presents them in a universal format as Immuta audit logs. Immuta uses the Snowflake QUERY_HISTORY and ACCESS_HISTORY tables and translates them into the audit logs that can be viewed at query events in the Immuta UI or exported. Immuta audits the activity of Immuta users on Immuta data sources.
Snowflake Enterprise Edition or higher
: Note that the users' . Without this, Immuta will not know the users are Immuta users and will not collect audit events for their data access activity.
Immuta collects audit records once an hour by default, and the frequency can be . The frequency is a global setting based on integration type, so organizations with multiple Snowflake integrations will have the same audit frequency for all of them. The more frequent the audit records are ingested, the more current the audit records. However, there could be performance and cost impacts from the frequent jobs.
To manually request query audit ingestion, click Load Audit Events on the Immuta audit page.
Each audit message from the Immuta platform will be a one-line JSON object containing the properties listed below.
Query audit for Databricks Unity Catalog captures user's data access within Unity Catalog and presents the query audit logs in Immuta. Using the Databricks system.query.history and system.access.column_lineage tables, Immuta joins the tables and pulls out key details about the user's queries, which are then translated into audit logs that can be viewed in the Immuta UI or exported.
Immuta audits the activity of all Unity Catalog users and tables regardless of whether they are registered in Immuta.
A Databricks deployment with capabilities
Immuta collects audit records once an hour by default, and the frequency can be . The frequency is a global setting based on integration type, so organizations with multiple Databricks Unity Catalog integrations will have the same audit frequency for all of them. The more frequent the audit records are ingested, the more current the audit records. However, there could be performance and cost impacts from the frequent jobs because Immuta will start a Databricks cluster to complete the audit ingest job if one is not already running.
To manually prompt the query audit, click Load Audit Events on the Immuta audit page.
Immuta audits all data sources and users in Unity Catalog. An administrator can configure the integration to just ingest specific workspaces when . The audit is intended to ingest user queries for data access, so queries with
Each audit message from the Immuta platform will be a one-line JSON object containing the properties listed below.
Immuta determines unauthorized events based on error messages within Unity Catalog records. When the error messages contain expected language, unauthorized events will be available for Databricks Unity Catalog audit logs. In other cases it is not possible to determine the cause of an error.
Immuta audit records include unregistered data sources and users; however, activity from them will not appear in any .
Databricks queries where the response is being served from cache will not be represented in the system.access.column_lineage table which means the query audit records will be unmapped in Immuta.
Starburst (Trino) query audit logs is a feature that audits queries that users run natively in Starburst (Trino) and presents them in a universal format as Immuta audit logs. Users can view audit records for queries made in Starburst (Trino) against Immuta data sources on the audit page. Immuta audits the activity of Immuta users on Immuta data sources.
with the Starburst or Trino plugin version 443 or newer, or Trino 435 with the Immuta Trino 435.1 plugin
actor.identityProvider
The IAM the user is registered in. bim is the built-in Immuta IAM.
bim
sessionId
The session ID of the user who performed the action.
01ee14d9-cab3-1ef6-9cc4-f0c315a53788
actionStatus
Indicates whether or not the user was granted access to the data. Possible values are UNAUTHORIZED, FAILURE, or SUCCESS.
SUCCESS
actionStatusReason
When available, the reason from Unity Catalog that the user’s query was denied.
null if actionStatus is SUCCESS
eventTimestamp
The time the query occurred.
2023-06-27T11:03:59.000Z
id
The unique ID of the audit record.
9f542dfd-5099-4362-a72d-8377306db3b8
userAgent
Client information of the user who made the query.
Snowflake Web App
tenantId
The Immuta SaaS tenant ID.
your-immuta.com
targetType
The type of targets affected by the query; this value will always be DATASOURCE.
DATASOURCE
targets
A list of the targets affected by the query.
See the example below
auditPayload.type
The type of audit record; this value will always be: QueryAuditPayload.
QueryAuditPayload
auditPayload.queryId
The unique ID of the query. If the query joins multiple tables, each table will appear as a separate log, but all will have the same query ID.
01ee14da-517a-1670-afce-0c3e0fdcf7d4
auditPayload.query
The command text of the query that was run in the integration. Immuta truncates the query text to the first 2048 characters.
SELECT VERSION AS 'version' FROM 'sample-data'.'__immuta_version'
auditPayload.startTime
The date and time the query started in UTC.
2023-06-27T11:03:59.000Z
auditPayload.duration
The time the query took in seconds.
0.557
auditPayload.errorCode
The errorCode for the denied query.
null if actionStatus is SUCCESS
auditPayload.technologyContext.type
The technology the query was made in.
SnowflakeContext
auditPayload.technologyContext.host
The host that the integration is connected to.
your-hostname.snowflake.computing.com
auditPayload.technologyContext.rowsProduced
The number of rows returned in the query. Note that rows produced will show 0 for cached queries.
3
auditPayload.technologyContext.roleName
The Snowflake role the user used to make the query.
ACCOUNTADMIN
auditPayload.technologyContext.warehouseId
The ID of the warehouse where the query was made.
null
auditPayload.technologyContext.warehouseName
The name of the warehouse where the query was made.
null
auditPayload.technologyContext.clusterNumber
The number of the cluster where the query was made.
0
auditPayload.objectsAccessed
An array of the data sources accessed in the query.
See example below.
auditPayload.objectsAccessed.name
The name of the data source accessed in the query.
\"tpch\".\"tiny\".\"customer\"
auditPayload.objectsAccessed.datasourceId
The Immuta data source ID.
17
auditPayload.objectsAccessed.databaseName
The name of the Snowflake database.
tpch
auditPayload.objectsAccessed.schemaName
The name of the Snowflake schema.
tiny
auditPayload.objectsAccessed.type
Specifies if the queried data source is a table or view.
TABLE
auditPayload.objectsAccessed.columns
An array of the columns accessed in the query.
See example below.
auditPayload.objectsAccessed.columns.name
The name of the column.
custkey
auditPayload.objectsAccessed.columns.tags
An array of the tags on the column.
See example below.
auditPayload.objectsAccessed.columns.securityProfile
Details about the sensitivity of the column. Available when .
See example below.
auditPayload.objectsAccessed.columns.inferred
If true, the column accessed has been determined by Immuta using query parsing; false if it is explicitly provided.
false
auditPayload.objectsAccessed.securityProfile
A classification for all the columns accessed together. Available when .
See example below.
auditPayload.securityProfile.sensitivity.score
The sensitivity score of the query. Classification must be configured for this field.
INDETERMINATE
receivedTimestamp
The timestamp of when the audit event was received and stored by Immuta.
2023-06-27T15:18:22.314Z
action
The action associated with the audit log.
QUERY
actor.type
The Immuta user type of the actor who made the query.
USER_ACTOR
actor.id
The Immuta user ID of the actor who made the query.
actor.name
The Immuta name of the user who made the query.
Taylor
actor.identityProvider
The IAM the user is registered in. bim is the built-in Immuta IAM. When the user is not registered with Immuta, this field will be omitted.
bim
actor.profileId
The profile ID of the user who made the query. When the user is not registered with Immuta, this field will be omitted.
10
sessionId
The session ID of the user who performed the action.
01ee14d9-cab3-1ef6-9cc4-f0c315a53788
actionStatus
Indicates whether or not the user was granted access to the data. Possible values are UNAUTHORIZED, FAILURE, or SUCCESS.
SUCCESS
actionStatusReason
When available, the reason from Unity Catalog that the user’s query was denied.
null if actionStatus is SUCCESS
eventTimestamp
The time the query occurred.
2023-06-27T11:03:59.000Z
id
The unique ID of the audit record.
9f542dfd-5099-4362-a72d-8377306db3b8
tenantId
The Immuta SaaS tenant ID.
your-immuta.com
targetType
The type of targets affected by the query; this value will always be DATASOURCE.
DATASOURCE
targets
A list of the targets affected by the query.
See the example below
auditPayload.type
The type of audit record; this value will always be: QueryAuditPayload.
QueryAuditPayload
auditPayload.queryId
The unique ID of the query. If the query joins multiple tables, each table will appear as a separate log, but all will have the same query ID.
01ee14da-517a-1670-afce-0c3e0fdcf7d4
auditPayload.query
The command text of the query that was run in the integration. Immuta truncates the query text to the first 2048 characters.
SELECT VERSION AS 'version' FROM 'sample-data'.'__immuta_version'
auditPayload.startTime
The date and time the query started in UTC.
2023-06-27T11:03:59.000Z
auditPayload.endTime
The date and time the query ended in UTC.
2023-06-27T11:03:59.000Z
auditPayload.duration
The time the query took in seconds.
0.557
auditPayload.technologyContext.type
The technology the query was made in.
DatabricksContext
auditPayload.technologyContext.clusterId
The Unity Catalog cluster ID.
null
auditPayload.technologyContext.workspaceId
The Unity Catalog workspace ID.
8765531160949612
auditPayload.technologyContext.service
Where in Unity Catalog the query was made. Possible values are
PLUGIN
CLUSTER
WAREHOUSE
WAREHOUSE
auditPayload.technologyContext.queryLanguage
The language used to write the query.
sql
auditPayload.technologyContext.warehouseId
The Unity Catalog warehouse ID.
559483c6eac0359f
auditPayload.technologyContext.notebookId
The Unity Catalog notebook ID.
869500255746458
auditPayload.technologyContext.account.id
The actor’s Unity Catalog account ID
52e863bc-ea7f-46a9-8e17-6aed7541832d
auditPayload.technologyContext.host
The Unity Catalog host.
deployment-name.cloud.databricks.com
auditPayload.objectsAccessed
The Unity Catalog objects accessed.
[]
auditPayload.securityProfile.sensitivity.score
The sensitivity score of the query. Classification must be configured for this field.
INDETERMINATE
auditPayload.version
The version of the audit event schema.
1
receivedTimestamp
The timestamp of when the audit event was received and stored by Immuta.
2023-06-27T15:18:22.314Z
action
The action associated with the audit log.
QUERY
actor.type
The Immuta user type of the actor who made the query. When the actor is not registered with Immuta, the type, id, and name fields will be unknown.
USER_ACTOR
actor.id
The Immuta user ID of the actor who made the query. When the actor is not registered with Immuta, the type, id, and name fields will be unknown.
actor.name
The Immuta name of the user who made the query. When the user is not registered with Immuta, the type, id, and name fields will be unknown.
Taylor
Starburst (Trino) users registered as Immuta users: Note that the users' Starburst (Trino) usernames must be mapped to Immuta. Without this, Immuta will not know the users are Immuta users and will not collect audit events for their data access activity.
Each audit message from the Immuta platform will be a one-line JSON object containing the properties listed below, and the audit logs payload will also include immutaPlanningDuration, which represents the planning overhead in Immuta.
action
The action associated with the audit log.
QUERY
actor.type
The Immuta user type of the actor who made the query.
USER_ACTOR
actor.name
The Immuta name of the user who made the query.
Taylor
Audit for unauthorized access is not currently supported.
objectsAccessed is not available with Hive or Iceberg views.
columnsAccessed will include columns related to the query that were not actually accessed in some cases:
For row access policies that rely on a column in the queried table, even if that column was not a part of the query, it will be included in the columnsAccessed.
For conditional masking, if the policy protects a column accessed, then the conditional column will be included in the columnsAccessed.
{
"action": "QUERY",
"actor": {
"type": "USER_ACTOR",
"name": "Taylor",
"id": "[email protected]",
"identityProvider": "bim",
"impersonatedBy": null
},
"sessionId": "18245308848957358",
"actionStatus": "SUCCESS",
"actionStatusReason": null,
"eventTimestamp": "2023-03-21T13:39:45.040598-04:00",
"id": "abcd",
"userAgent": "Snowflake Web App",
"tenantId": "your-immuta.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "2034",
"name": "University Art Gallery Exhibition",
"technology": "SNOWFLAKE"
}
],
"relatedResources": [],
"auditPayload": {
"type": "QueryAuditPayload",
"queryId": "01a9c8f5-0602-eeb3-0040-d203014c166a",
"query": "SELECT T2.theme , T1.date , T1.attendance FROM \"DETECT_DEMO_DB\".\"UNIVERSITY_ART_GALLERY\".\"EXHIBITION_RECORD\" AS T1 JOIN \"DETECT_DEMO_DB\".\"UNIVERSITY_ART_GALLERY\".\"EXHIBITION\" AS T2 ON T1.exhibition_id = T2.exhibition_id WHERE T2.year = 2004",
"startTime": "2023-03-21T13:39:45.040598-04:00",
"endTime": "2023-03-21T13:05:07.040598-04:00",
"duration": 163,
"errorCode": null,
"technologyContext": {
"type": "SnowflakeContext",
"host": "example.snowflakecomputing.com",
"clientIp": "xxx.xx.xx.xx",
"snowflakeUsername": "[email protected]",
"rowsProduced": 3,
"roleName": "ACCOUNTADMIN",
"warehouseId": "3",
"warehouseName": "DETECT_WH",
"clusterNumber": 1
},
"objectsAccessed": [
{
"name": "DB.PUBLIC.CASE",
"datasourceId": "3",
"databaseName": "DB",
"schemaName": "PUBLIC",
"type": "TABLE",
"columns": [
{
"name": "DOB",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "COUNTRY",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "DEPARTMENT",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "FIRSTNAME",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "SSN",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "ID",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "COMPANY",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
},
{
"name": "LASTNAME",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"inferred": false
}
],
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
}
}
],
"securityProfile": {
"sensitivity": {
"score": "NONSENSITIVE"
}
}
},
"receivedTimestamp": "2023-03-22T13:22:04.979644-04:00"
}{
"action": "QUERY",
"actor": {
"type": "USER_ACTOR",
"id": "[email protected]",
"name": "Taylor",
"identityProvider": "bim",
"profileId": "10"
},
"sessionId": "01ee14d9-cab3-1ef6-9cc4-f0c315a53788",
"actionStatus": "SUCCESS",
"actionStatusReason": null,
"eventTimestamp": "2023-06-27T11:03:59.000Z",
"id": "01ee14da-517a-1670-afce-0c3e0fdcf7d4",
"tenantId": "your-immuta.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "2034",
"name": "University Art Gallery Exhibition",
"technology": "DATABRICKS"
}
],
"relatedResources": [],
"auditPayload": {
"type": "QueryAuditPayload",
"queryId": "01ee14da-517a-1670-afce-0c3e0fdcf7d4",
"query": "SELECT VERSION AS `version` FROM `sample-data`.`__immuta_version`",
"startTime": "2023-06-27T11:03:59.000Z",
"endTime": "2023-06-27T11:05:59.000Z",
"duration": 23.568,
"technologyContext": {
"type": "DatabricksContext",
"clusterId": null,
"workspaceId": "3841033049363283",
"service": "WAREHOUSE",
"queryLanguage": "sql"
"warehouseId": "559483c6eac0359f",
"notebookId": null,
"account": {
"id": "52e863bc-ea7f-46a9-8e17-6aed7541832d",
"username": "[email protected]"
},
"host": "deployment-name.cloud.databricks.com",
"rowsProduced": 2
},
"objectsAccessed": [
{
"name": "catalog.audit_uc_test.University Art Gallery Exhibition",
"datasourceId": "2034",
"databaseName": "catalog",
"schemaName": "audit_uc_test",
"type": "TABLE",
"columns": [
{
"name": "status_description",
"tags": [
{
"type": "TAG",
"id": "122",
"name": "Personally Identifiable Information.true",
"source": "collibra",
"context": "catalog",
"deleted": false,
"transient": false
}
],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
}
}]
}],
"securityProfile": {
"sensitivity": {
"score": "INDETERMINATE"
}
},
"version": 1
},
"receivedTimestamp": "2023-06-27T15:18:22.314Z"
}{
"id": "20240221_200952_00200_qhadw",
"action": "QUERY",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "13",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "35",
"name": "Tiny Lineitem",
"technology": "STARBURST_TRINO"
},
{
"type": "DATASOURCE",
"id": "33",
"name": "Tiny Orders",
"technology": "STARBURST_TRINO"
}
],
"relatedResources": [],
"auditPayload": {
"type": "QueryAuditPayload",
"version": 1,
"queryId": "20240417_193813_00005_67mum",
"query": "select c.name, o.clerk from tpch.tiny.customer c join tpch.tiny.orders o on c.custkey = o.custkey limit 10",
"startTime": "2024-04-17T19:38:13.651Z",
"endTime": "2024-04-17T19:38:14.068Z",
"duration": 417.00005531311035,
"objectsAccessed": [
{
"name": "\"tpch\".\"tiny\".\"customer\"",
"datasourceId": "17",
"databaseName": "tpch",
"schemaName": "tiny",
"type": "LOGICAL_TABLE",
"columns": [
{
"name": "custkey",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "NONSENSITIVE"
}
},
"inferred": true
},
{
"name": "name",
"tags": [
{
"type": "TAG",
"name": "Discovered.Entity.Person Name",
"id": "104",
"source": "curated",
"context": "manual",
"deleted": false,
"transient": false
},
{
"type": "TAG",
"name": "DSF.Control.Personal",
"id": "116",
"source": "curated",
"context": "manual",
"deleted": false,
"transient": false
},
{
"type": "TAG",
"name": "RAF.Confidentiality.Medium",
"id": "21882",
"source": "curated",
"context": "framework",
"deleted": false,
"transient": false,
"framework": {
"id": "9144acdd-f92e-4324-bcd4-d22e49dd895e",
"version": "d37671bc-58ef-906f-19b0-daf7ce32e878",
"name": "Risk Assessment Framework",
"measures": {
"sensitivity": "SENSITIVE"
}
}
}
],
"securityProfile": {
"sensitivity": {
"score": "SENSITIVE"
}
},
"inferred": true
}
],
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "SENSITIVE"
}
},
"directlyReferenced": true
},
{
"name": "\"tpch\".\"tiny\".\"orders\"",
"datasourceId": "13",
"databaseName": "tpch",
"schemaName": "tiny",
"type": "LOGICAL_TABLE",
"columns": [
{
"name": "clerk",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "NONSENSITIVE"
}
},
"inferred": true
},
{
"name": "custkey",
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "NONSENSITIVE"
}
},
"inferred": true
}
],
"tags": [],
"securityProfile": {
"sensitivity": {
"score": "NONSENSITIVE"
}
},
"directlyReferenced": true
}
],
"technologyContext": {
"trinoUsername": "[email protected]",
"immutaPluginVersion": "444",
"rowsProduced": 10,
"type": "TrinoContext"
}
},
"eventTimestamp": "2024-02-21T20:09:52.000Z",
"receivedTimestamp": "2024-02-21T20:09:53.599Z"
}SERVERLESS_COMPUTE
actor.identityProvider
The IAM the user is registered in. bim is the built-in Immuta IAM.
bim
actor.profileId
The profile ID of the user who made the query.
10
actionStatus
Indicates whether or not the user was granted access to the data. Possible values are FAILURE or SUCCESS. Unauthorized access is not audited for Starburst (Trino).
SUCCESS
eventTimestamp
The time the query occurred.
2023-06-27T11:03:59.000Z
id
The unique Immuta ID of the audit record. This will match the Trino query ID.
20240221_200952_00200_qhadw
tenantId
The Immuta SaaS tenant ID.
your-immuta.com
targetType
The type of targets affected by the query; this value will always be DATASOURCE.
DATASOURCE
targets
A list of the targets affected by the query.
See the example below
auditPayload.type
The type of audit record; this value will always be: QueryAuditPayload.
QueryAuditPayload
auditPayload.queryId
The unique Starburst (Trino) ID of the query.
20240221_200952_00200_qhadw
auditPayload.query
The command text of the query that was run in the integration. Immuta truncates the query text to the first 2048 characters.
select * from lineitem l join orders o on l.orderkey = o.orderkey limit 10
auditPayload.startTime
The date and time the query started in UTC.
2023-06-27T11:03:59.000Z
auditPayload.duration
The time the query took in seconds.
0.557
auditPayload.objectsAccessed
An array of the data sources accessed in the query.
See example below.
auditPayload.objectsAccessed.name
The name of the data source accessed in the query.
\"tpch\".\"tiny\".\"customer\"
auditPayload.objectsAccessed.datasourceId
The Immuta data source ID.
17
auditPayload.objectsAccessed.databaseName
The name of the Starburst (Trino) catalog.
tpch
auditPayload.objectsAccessed.schemaName
The name of the Starburst (Trino) schema.
tiny
auditPayload.objectsAccessed.type
Specifies if the queried data source is a table or view. Starburst (Trino) queries are always LOGICAL_TABLE, which could be either.
LOGICAL_TABLE
auditPayload.objectsAccessed.columns
An array of the columns accessed in the query.
See example below.
auditPayload.objectsAccessed.columns.name
The name of the column.
custkey
auditPayload.objectsAccessed.columns.tags
An array of the tags on the column.
See example below.
auditPayload.objectsAccessed.columns.securityProfile
Details about the sensitivity of the column. Available when classification frameworks are configured.
See example below.
auditPayload.objectsAccessed.columns.inferred
If true, the column accessed has been determined by Immuta based on the available audit information from Starburst (Trino) and query parsing. It was not explicitly provided.
true
auditPayload.objectsAccessed.securityProfile
A classification for all the columns accessed together. Available when classification frameworks are configured.
See example below.
auditPayload.technologyContext.type
The technology the query was made in.
TrinoContext
auditPayload.technologyContext.trinoUsername
The Starburst (Trino) user ID for the user who made the query.
auditPayload.technologyContext.immutaPluginVersion
The version of the Immuta plugin in Starburst (Trino).
437-SNAPSHOT
auditPayload.technologyContext.rowsProduced
The number of rows returned in the query.
3
auditPayload.version
The version of the audit event schema.
1
receivedTimestamp
The timestamp of when the audit event was received and stored by Immuta.
2023-06-27T15:18:22.314Z
Each audit message from the Immuta platform will be a one-line JSON object containing the properties listed below.
action
The action associated with the audit log.
QUERY
actor.type
The Immuta user type of the actor who made the query.
USER_ACTOR
actor.name
The Immuta name of the user who made the query.
Taylor
Below is an example of the queryText, which contains the full notebook cell (since the query was the result of a notebook). If the query had been from a JDBC connection, the queryText would contain the full SQL query.
This notebook cell had multiple audit records associated with it.
Beyond raw audit events (such as “John Doe queried Table X in Databricks"), the Databricks audit records include the policy information enforced during the query execution, even if a query was denied.
Queries will be denied if at least one of the conditions below is true:
User does not meet policy conditions.
User is not subscribed to the data source.
Data source is not in the user's current project.
Data source is in the user's current project, but the user is not subscribed to the data source.
Data source is not registered in Immuta.
The user's entitlements represent the state at the time of the query. This includes the following fields:
project
The user's current project.
attributes
The user's attributes.
groups
The user's groups.
impersonatedUsers
The user that the current user is impersonating.
The policySet includes the following fields:
subscriptionPolicyType
The type of subscription policy.
MANUAL, ADVANCED, or ENTITLEMENTS
type
Indicates whether the policy is a subscription or data policy. Query denied records will always be a subscription policy type.
SUBSCRIPTION or DATA
ruleAppliedForUser
True if the policy was applied for the user. If false, the user was an exception to the policy.
true or false
rationale
The policy rationale written by the policy creator.
testTable = 'default.crime_data_delta'
testDb = 'test'
df = spark.table(testTable)
df.limit(1).collect()
filteredDf = df.filter('victim_age > 20')
filteredDf.write.saveAsTable('{}.audit_cell'.format(testDb))
spark.table('{}.audit_cell'.format(testDb)).limit(1).collect()
spark.sql('DROP TABLE IF EXISTS {}.audit_cell'.format(testDb)){
"action": "QUERY",
"actor": {
"type": "USER_ACTOR",
"name": "Taylor",
"id": "[email protected]",
"identityProvider": "okta",
"impersonatedBy": null
},
"sessionId": "abc123456589",
"actionStatus": "SUCCESS",
"actionStatusReason": null,
"actorIp": "1.2.3.4",
"eventTimestamp": "2022-10-13T20:03:41.013Z",
"id": "abc123",
"customerId": "abc123",
"targetType": "DATASOURCE",
"targets": [{
"id": "4",
"name": "Movies",
"technology": "DATABRICKS"
}],
"auditPayload": {
"type": "QueryAuditPayload",
"queryId": "81fe4385-1329-444a-b6d9-b26bce5c8dc7",
"query": "Project [director#778904]\n+- Filter ((YEAR#778903L = 1999) OR (YEAR#778903L = 2000))\n +- Relation[movie_id#778901L,Title#778902,Year#778903L,Director#778904,Budget_million#778905,Gross_worldwide#778906L] parquet\n",
"startTime": "2022-10-13T20:03:41.013Z",
"endTime": null,
"duration": null,
"accessControls": {
"entitlements": {
"groups": [],
"attributes": []
},
"policySet": [{
"type": "SUBSCRIPTION",
"global": false,
"subscriptionPolicyType": "MANUAL",
"ruleAppliedForUser": true
}]
},
"technologyContext": {
"type": "DatabricksContext",
"clusterId": "1006-194110-8j0shd5d",
"clusterName": "databricks-cluster-name",
"workspaceId": "123456789",
"pathUris": [
"dbfs:/user/hive/warehouse/your_database.db/movies"
],
"metastoreTables": ["your_database.movies"],
"queryLanguage": "python",
"queryText": "query_success = []\nnum_queries_run = 0\nimpersonate_probability = .20\nspark.sql(\"set immuta.impersonate.user=\")\n\ndef make_fail_query(query):\n try:\n spark.sql(\"set [email protected]\")\n spark.sql(query).toPandas()\n except: \n pass\n \nfor index, query in enumerate(new_queries.values):\n if(num_queries_run % 100 == 0):\n print(f\"Queries Successfully Ran: {num_queries_run}/2000, out of total queries ran: {index+1}\")\n to_impersonate = random.randrange(100)\n if to_impersonate < impersonate_probability * 100:\n make_fail_query(query)\n spark.sql(\"set immuta.impersonate.user=\")\n num_queries_run += 1\n else:\n try:\n spark.sql(query).toPandas()\n query_success.append((query, True))\n num_queries_run += 1\n if num_queries_run == 2000:\n break\n except Exception as e:\n query_success.append((query, False))\n \n ",
"immutaPluginVersion": "2022.3.0-spark-3.1.1"
}
},
"receivedTimestamp": "2022-10-13T20:03:41.044Z"
}actor.identityProvider
The IAM the user is registered in. bim is the built-in Immuta IAM.
bim
sessionId
The session ID of the user who performed the action.
01ee14d9-cab3-1ef6-9cc4-f0c315a53788
actionStatus
Indicates whether or not the user was granted access to the data. Possible values are UNAUTHORIZED, FAILURE, or SUCCESS.
SUCCESS
actionStatusReason
When a user's query is denied, this property explains why. When a query is successful, this value is null.
eventTimestamp
The time the query occurred.
2023-06-27T11:03:59.000Z
id
The unique ID of the audit record.
9f542dfd-5099-4362-a72d-8377306db3b8
customerId
The unique Databricks customer ID.
9f542dfd-5099-4362-a72d-8377306db3b8
targetType
The type of targets affected by the query; this value will always be DATASOURCE.
DATASOURCE
targets
A list of the targets affected by the query.
See the example below
auditPayload.type
The type of audit record; this value will always be: QueryAuditPayload.
QueryAuditPayload
auditPayload.queryId
The unique ID of the query. If the query joins multiple tables, each table will appear as a separate log, but all will have the same query ID.
01ee14da-517a-1670-afce-0c3e0fdcf7d4
auditPayload.query
The query that was run in the integration. Immuta truncates the query text to the first 2048 characters.
See the example below
auditPayload.startTime
The date and time the query started in UTC.
2023-06-27T11:03:59.000Z
auditPayload.duration
Not available for Databricks Spark audit events.
null
auditPayload.accessControls
Includes the user's groups, attributes, and current project at the time of the query.
auditPayload.policySet
Provides policy details.
auditPayload.technologyContext.type
The technology the query was made in.
DatabricksContext
auditPayload.technologyContext.clusterId
The Databricks cluster ID.
null
auditPayload.technologyContext.clusterName
The Databricks cluster name.
databricks-cluster-name
auditPayload.technologyContext.workspaceId
The Databricks workspace ID.
8765531160949612
auditPayload.technologyContext.pathUris
The Databricks URI scheme for the storage type.
["dbfs:/user/hive/warehouse/your_database.db/movies"]
auditPayload.technologyContext.metastoreTables
The Databricks metastore tables.
["your_database.movies"]
auditPayload.technologyContext.queryLanguage
The queryLanguage corresponds to the programming language used: SQL, Python, Scala, or R. Audited JDBC queries will indicate that it came from JDBC here.
python
auditPayload.technologyContext.queryText
The queryText will contain either the full notebook cell (when the query is the result of a notebook) or the full SQL query (when it is a query from a JDBC connection).
See the example below
auditPayload.technologyContext.immutaPluginVersion
The Immuta plugin version for the Databricks Spark integration.
2022.3.0-spark-3.1.1
receivedTimestamp
The timestamp of when the audit event was received and stored by Immuta.
2023-06-27T15:18:22.314Z
-
global
True if the policy was a global policy. If false, the policy is local.
true or false
mergedPolicies
Shows the policy information for each of the merged global subscription policies, if available.
-
Universal audit model (UAM) is Immuta's consistent structure for all Immuta system and user query audit logs. This reference guide provides example schemas of all the UAM events available in Immuta.
There are some parameter details throughout to help better understand the UAM schemas. But there are two important parameters to each event:
targetType: Informs the Immuta object that's the target of the action being audited. This will specify if it was a user, project, policy, etc. being affected by the action.
action: Informs the base action being performed on the target. This will specify if something was created, deleted, updated, etc.
To learn more about Immuta's audit, see the or view the examples below.
Event: ApiKeyCreated
Legacy event: apiKey
Description: An API key is created on the Immuta app settings page or from an Immuta user's profile page.
Event: ApiKeyDeleted
Legacy event: apiKey
Description: An API key is deleted.
Event: AttributeApplied
Legacy events: accessUser and accessGroup
Description: An attribute is applied to a user or group.
Event: AttributeRemoved
Legacy events: accessUser and accessGroup
Description: An attribute is removed from a user or group.
Event: ConfigurationUpdated
Legacy event: configurationUpdate
Description: The Immuta configuration on the app settings page is updated.
Event: DatasourceAppliedToProject
Legacy event: addToProject
Description: A data source is added to a project.
Event: DatasourceCatalogSynced
Legacy event: catalogUpdate
Description: An external catalog and its tags are synced on a data source.
Event: DatasourceCreated
Legacy event: dataSourceCreate
Description: A data source is created.
Event: DatasourceDeleted
Legacy event: dataSourceDelete
Description: A data source is deleted.
Event: DatasourceDisabled
Legacy event: None
Description: A data source is disabled.
Event: DatasourceGlobalPolicyApplied
Legacy event: globalPolicyApplied
Description: A global policy is applied to a data source.
Event: DatasourceGlobalPolicyConflictResolved
Legacy event: globalPolicyConflictResolved
Description: A policy conflict between two global policies on a data source is resolved.
Event: DatasourceGlobalPolicyDisabled
Legacy event: globalPolicyDisabled
Description: A global policy is disabled on a data source.
Event: DatasourceGlobalPolicyRemoved
Legacy event: globalPolicyRemoved
Description: A global policy is removed from a data source.
Event: DatasourcePolicyCertificationExpired
Legacy event: policyCertificationExpired
Description: The global policy certification on a data source is expired.
Event: DatasourcePolicyCertified
Legacy event: globalPolicyCertify
Description: A global policy is certified for a data source.
Event: DatasourcePolicyDecertified
Legacy events: None
Description: A global policy is decertified for a data source.
Event: DatasourceRemovedFromProject
Legacy event: removeFromProject
Description: A data source is removed from a project.
Event: DatasourceUpdated
Legacy events: dataSourceUpdate and dataSourceSave
Description: A data source is updated.
Event: DomainCreated
Legacy event: collectionCreated
Description: A domain is created.
Event: DomainDataSourcesUpdated
Legacy events: collectionDataSourceAdded, collectionDataSourceRemoved, and collectionDataSourceUpdated
Description: Data sources are assigned to or removed from the domain.
Event: DomainDeleted
Legacy event: collectionDeleted
Description: A domain is deleted.
Event: DomainPermissionsUpdated
Legacy events: collectionPermissionGranted and collectionPermissionRevoked
Description: A domain-specific permission is applied to or removed from a user or group.
Event: DomainUpdated
Legacy event: collectionUpdated
Description: A domain's details (name, description, settings etc.) are updated.
Event: GlobalPolicyApprovalRescinded
Legacy event: globalPolicyApprovalRescinded
Description: The approval for a global policy is rescinded with the approve to promote feature (private preview).
Event: GlobalPolicyApproved
Legacy event: globalPolicyApproved
Description: A global policy is approved with the approve to promote feature (private preview).
Event: GlobalPolicyChangeRequested
Legacy event: globalPolicyChangeRequested
Description: A change to a global policy is requested with the approve to promote feature (private preview).
Event: GlobalPolicyCreated
Legacy event: globalPolicyCreate
Description: A global policy is created.
Event: GlobalPolicyDeleted
Legacy event: globalPolicyDelete
Description: A global policy is deleted.
Event: GlobalPolicyPromoted
Legacy event: globalPolicyPromoted
Description: A global policy is promoted to production with the approve to promote feature (private preview).
Event: GlobalPolicyReviewRequested
Legacy event: globalPolicyReviewRequested
Description: A review is requested for a global policy with the approve to promote feature (private preview).
Event: GlobalPolicyUpdated
Legacy event: globalPolicyUpdate
Description: A global policy is updated.
Event: GroupCreated
Legacy event: accessGroup
Description: A group is created in Immuta by user actions in the UI or ingested from an external IAM.
Event: GroupDeleted
Legacy event: accessGroup
Description: A group is deleted in Immuta by user actions in the UI or from within an external IAM.
Event: GroupMemberAdded
Legacy event: accessGroup
Description: A user is added to a group in Immuta by user actions in the UI or from within an external IAM.
Event: GroupMemberRemoved
Legacy event: accessGroup
Description: A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.
Event: GroupUpdated
Legacy event: accessGroup
Description: A group's details (email, name, description, etc.) are updated.
Event: LicenseCreated
Legacy event: licenseCreate
Description: An Immuta license is created.
Event: LicenseDeleted
Legacy event: licenseDelete
Description: An Immuta license is deleted.
Event: LocalPolicyCreated
Legacy event: policyHandlerCreate
Description: A local policy is created on a data source.
Event: LocalPolicyUpdated
Legacy event: policyHandlerUpdate
Description: A local policy is updated on a data source.
Event: PermissionApplied
Legacy event: accessUser
Description: A global permission is applied to a user.
Event: PermissionRemoved
Legacy event: accessUser
Description: A global permission is removed from a user.
Event: ProjectCreated
Legacy event: projectCreate
Description: A project is created.
Event: ProjectDeleted
Legacy event: projectDelete
Description: A project is deleted.
Event: ProjectDisabled
Legacy events: None
Description: A project is disabled.
Event: ProjectPurposeApproved
Legacy event: projectPurposeApprove
Description: A purpose is approved within a project.
Event: ProjectPurposeDenied
Legacy event: projectPurposeDeny
Description: A purpose is denied within a project.
Event: ProjectPurposesAcknowledged
Legacy event: acknowledgePurposes
Description: A user acknowledged a purpose within a project.
Event: ProjectUpdated
Legacy event: projectPurposeDeny
Description: A project is updated.
Event: PurposeDeleted
Legacy event: purposeDelete
Description: A purpose is deleted.
Event: PurposeUpdated
Legacy event: purposeUpdate
Description: A purpose is updated.
Event: PurposeUpserted
Legacy event: purposeCreate
Description: A purpose is created.
Event: SDDClassifierCreated
Legacy event: sddClassifierCreated
Description: An identifier is created.
Event: SDDClassifierDeleted
Legacy event: sddClassifierDeleted
Description: An identifier is deleted.
Event: SDDClassifierUpdated
Legacy event: sddClassifierUpdated
Description: An identifier is updated.
Event: SubscriptionCreated
Legacy events: dataSourceSubscription and projectSubscription
Description: A user is subscribed to a data source or project.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description: A user's subscription to a data source or project is removed.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description: A user's request to subscribe to a data source or project is approved.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description: A user's request to subscribe to a data source or project is denied.
Event: SubscriptionRequested
Legacy events: dataSourceSubscription and projectSubscription
Description: A user requests to subscribe to a data source or project.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description: A user's subscription to a data source or project is updated.
Event: TagApplied
Legacy event: tagAdded
Description: A tag is applied to a data source or column.
Event: TagCreated
Legacy event: tagCreated
Description: A tag is created.
Event: TagDeleted
Legacy event: tagDeleted
Description: A tag is deleted.
Event: TagRemoved
Legacy event: tagRemoved
Description: A tag is removed from a data source or column.
Event: TagUpdated
Legacy event: tagUpdated
Description: A tag is updated.
Event: UserAuthenticated
Legacy event: authenticate
Description: A user signs in to Immuta.
Event: UserCloned
Legacy event: accessUser
Description: A user is cloned.
Event: UserCreated
Legacy event: accessUser
Description: A user is created.
Event: UserDeleted
Legacy event: accessUser
Description: A user is deleted.
Event: UserLogout
Legacy events: None
Description: A user logs out of Immuta.
Additional parameter details:
Event: UserOneTimeTokenCreated
Legacy event: accessUser
Description: A sign-in token is created for a user.
Event: UserPasswordUpdated
Legacy event: accessUser
Description: A user's password is updated.
Event: UserUpdated
Legacy event: externalUserIdChanged
Description: A user's details are updated.
Event: WebhookCreated
Legacy event: webhookCreate
Description: A webhook is created.
Event: WebhookDeleted
Legacy event: webhookDelete
Description: A webhook is deleted.
Groups
: A group is created in Immuta by user actions in the UI or ingested from an external IAM.
: A group is deleted in Immuta by user actions in the UI or from within an external IAM.
: A user is added to a group in Immuta by user actions in the UI or from within an external IAM.
: A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.
License
: An Immuta license is created.
: An Immuta license is deleted.
Local policies
: A local policy is created on a data source.
: A local policy is updated on a data source.
Permissions
: A global permission is applied to a user.
: A global permission is removed from a user.
Projects
: A project is created.
A project is deleted.
: A project is disabled.
: A purpose is approved within a project.
Purposes
: A purpose is deleted.
: A purpose is updated.
: A purpose is created.
Queries
DatabricksQuery: Available for or
Identification
: An identifier is created.
: An identifier is deleted.
: An identifier is updated.
Subscriptions
: A user is subscribed to a data source or project.
: A user's subscription to a data source or project is removed.
: A user's request to subscribe to a data source or project is approved.
: A user's request to subscribe to a data source or project is denied.
Tags
: A tag is applied to a data source or column.
: A tag is created.
: A tag is deleted.
: A tag is removed from a data source or column.
Users
: A user signs in to Immuta.
: A user is cloned.
: A user is created.
: A user is deleted.
Webhooks
: A webhook is created.
: A webhook is deleted.
Additional parameter details: targetType will specify whether the attribute was added to a USER or GROUP.
Additional parameter details: targetType will specify whether the attribute was removed from a USER or GROUP.
Additional parameter details: auditPayload.updateType will specify whether the data source was added to or removed from the domain.
Additional parameter details: auditPayload.updateType will specify whether the permission was granted to or revoked from a user.
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
Additional parameter details: auditPayload.modelType will specify whether the user was subscribed to a DATASOURCE or PROJECT.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was removed from a DATASOURCE or PROJECT.
Additional parameter details: targets.model.type will specify whether the subscription was approved for a DATASOURCE or PROJECT.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was denied for a DATASOURCE or PROJECT.
Additional parameter details: auditPayload.modelType will specify whether the user requested to subscribe to a DATASOURCE or PROJECT.
Additional parameter details: targets.model.type will specify whether the subscription was updated on a DATASOURCE or PROJECT.
authenticationMethod possible values includeOAuth: The user authenticated using the 3rd party authentication OAuth.
OpenId: The user authenticated using the 3rd party authentication OpenId.
SAML: The user authenticated using the 3rd party authentication SAML.
apiKey: The user authenticated or impersonated using an API key. The user is running API calls and did not sign in to the UI.
password: The user authenticated with username and password.
authenticationMethod possible values include
OAuth: The user authenticated using the 3rd party authentication OAuth.
OpenId: The user authenticated using the 3rd party authentication OpenId.
SAML: The user authenticated using the 3rd party authentication SAML.
apiKey: The user authenticated or impersonated using an API key.
password: The user authenticated with username and password.
logoutReason possible values include
EXPIRATION: The user was logged out because the token expired.
IDP_INITIATED: The IdP initiated the logout.
API keys
ApiKeyCreated: An API key is created on the Immuta app settings page or from an Immuta user's profile page.
ApiKeyDeleted: An API key is deleted.
Attributes
AttributeApplied: An attribute is applied to a user or group.
AttributeRemoved: An attribute is removed from a user or group.
Configuration
ConfigurationUpdated: The Immuta configuration on the app settings page is updated.
Data sources
DatasourceAppliedToProject: A data source is added to a project.
DatasourceCatalogSynced: An external catalog and its tags are synced on a data source.
DatasourceCreated: A data source is created.
DatasourceDeleted: A data source is deleted.
: A data source is disabled.
: A global policy is applied to a data source.
: A policy conflict between two global policies on a data source is resolved.
: A global policy is disabled on a data source.
: A global policy is removed from a data source.
: The global policy certification on a data source is expired.
: A global policy is certified for a data source.
: A global policy is decertified for a data source.
: A data source is removed from a project.
: A data source is updated.
Domains
DomainCreated: A domain is created.
DomainDataSourcesUpdated: Data sources are assigned to or removed from the domain.
DomainDeleted: A domain is deleted.
DomainPermissionsUpdated: A domain-specific permission is applied to or removed from a user or group.
: A domain's details (name, description, settings etc.) are updated.
Global policies
GlobalPolicyApprovalRescinded (private preview): The approval for a global policy is rescinded with the approve to promote feature.
GlobalPolicyApproved (private preview): A global policy is approved with the approve to promote feature.
GlobalPolicyChangeRequested (private preview): A change to a global policy is requested with the approve to promote feature.
GlobalPolicyCreated: A global policy is created.
: A global policy is deleted.
(private preview): A global policy is promoted to production with the approve to promote feature.
(private preview): A review is requested for a global policy with the approve to promote feature.
: A global policy is updated.
{
"relatedResources": [],
"auditPayload": {
"type": "ApiKeyCreatedAuditPayload",
"apiKeyId": "1112158",
"name": "T1",
"version": 1
},
"action": "CREATE",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"eventTimestamp": "2024-01-25T18:04:58.368Z",
"actor": {
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR",
"name": "Taylor Smith"
},
"targetType": "APIKEY",
"id": "d9dc3cee-98d0-47d6-ba81-e0b38f9f4014",
"receivedTimestamp": "2024-01-25T18:04:58.505Z",
"actorIp": "xxx.xx.xx.xx",
"targets": [],
"requestId": "60c68659-ac83-5299-bf3e-14856178a0de",
"sessionId": "9c553d7ace0aa3ee735fd3c14f737bc6"
}{
"id": "fe47ddd1-fd22-4dcf-9648-83950a10ef34",
"targetType": "APIKEY",
"receivedTimestamp": "2024-01-25T18:08:28.891Z",
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1",
"name": "Taylor Smith"
},
"requestId": "220c7faa-7f56-5d8c-aa31-8ac2212b7707",
"sessionId": "9c553d7ace0aa3ee735fd3c14f737bc6",
"targets": [],
"actorIp": "xxx.xx.xx.xx",
"relatedResources": [],
"auditPayload": {
"type": "ApiKeyDeletedAuditPayload",
"apiKeyId": "1112158",
"version": 1
},
"eventTimestamp": "2024-01-25T18:08:21.319Z",
"action": "DELETE",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com"
}{
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "20",
"type": "USER"
}
],
"requestId": "e45652cd-4d00-5def-8e8c-aca696822fc2",
"sessionId": "cdbffff8804103418350947c6586712c",
"actor": {
"type": "USER_ACTOR",
"profileId": "1",
"id": "[email protected]",
"identityProvider": "bim",
"name": "Taylor Smith"
},
"id": "63f111a7-0835-4696-8fdb-188130c44fac",
"targetType": "USER",
"receivedTimestamp": "2023-09-13T14:36:02.926Z",
"action": "ATTRIBUTE_APPLY",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"eventTimestamp": "2023-09-13T14:36:02.688Z",
"relatedResources": [
{
"values": ["Product"],
"name": "Department",
"id": "department",
"type": "ATTRIBUTE"
}
],
"auditPayload": {
"entityType": "USER",
"type": "AttributeAppliedAuditPayload",
"version": 1,
"attributes": [
{
"values": ["Product"],
"attribute": "Department"
}
],
"entityIdProvider": "bim",
"entityId": "[email protected]"
}
}{
"relatedResources": [
{
"values": ["UNCLASSIFIED"],
"name": "classification",
"id": "classification",
"type": "ATTRIBUTE"
}
],
"auditPayload": {
"type": "AttributeRemovedAuditPayload",
"entityType": "USER",
"version": 1,
"attributes": [
{
"values": ["UNCLASSIFIED"],
"attribute": "classification"
}
],
"entityIdProvider": "bim",
"entityId": "[email protected]"
},
"action": "ATTRIBUTE_REMOVE",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"eventTimestamp": "2024-02-20T19:46:50.259Z",
"actor": {
"profileId": "1",
"id": "[email protected]",
"identityProvider": "bim",
"type": "USER_ACTOR",
"name": "Taylor Smith"
},
"id": "0fd77c61-f08a-488c-9d10-c356ffea0d11",
"targetType": "USER",
"receivedTimestamp": "2024-02-20T19:46:50.426Z",
"targets": [
{
"name": "Deepu Murty",
"type": "USER",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "20"
}
],
"actorIp": "xxx.xx.xx.xx",
"requestId": "146ec771-ec2e-5f40-8551-1dbc38e64078",
"sessionId": "893db38b8f1977fda75f60d168c4e74e"
}{
"eventTimestamp": "2023-12-04T18:38:25.801Z",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"action": "CONFIGURATION_UPDATED",
"auditPayload": {
"version": 1,
"type": "ConfigurationUpdatedAuditPayload",
"changeSet": {
"plugins": {
"policy": {
"approveToPromote": {
"requiredApprovalCount": [
{
"newValue": 1,
"oldValue": 2
}
]
}
}
}
},
"configurationId": "20"
},
"relatedResources": [],
"sessionId": "aed83ab8b46affcb1169532dada92b72",
"requestId": "c80f510f-3f55-5450-8dea-d5e243708686",
"targets": [
{
"name": "20",
"type": "CONFIGURATION",
"id": "20"
}
],
"actorIp": "xxx.xx.xx.xx",
"receivedTimestamp": "2023-12-04T18:38:26.039Z",
"id": "3989e233-c791-43e9-813f-7738f4c8e26b",
"targetType": "CONFIGURATION",
"actor": {
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR",
"name": "Taylor Smith"
}
}{
"auditPayload": {
"type": "DatasourceAppliedToProjectAuditPayload",
"errors": [],
"projectId": "2",
"version": 1,
"datasources": [
{
"id": "2",
"name": "Public Case"
}
]
},
"sessionId": "6b928653b1411078647a2764a72beca6",
"targets": [
{
"projectKey": "HumanResources",
"id": "2",
"type": "PROJECT",
"name": "Human Resources"
}
],
"action": "DATASOURCE_APPLY",
"id": "8106b44f-cf56-4ca2-a111-641d0e80e6ff",
"targetType": "PROJECT",
"actionStatus": "SUCCESS",
"relatedResources": [
{
"id": "2",
"technology": "SNOWFLAKE",
"type": "DATASOURCE",
"name": "Public Case"
}
],
"actor": {
"id": "[email protected]",
"profileId": "1",
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"eventTimestamp": "2023-10-13T14:08:20.427Z",
"actorIp": "xxx.xx.xx.xx",
"requestId": "8823f3f0-4e46-590c-bbb2-209cce750ff9",
"tenantId": "your-immuta-tenant.com",
"receivedTimestamp": "2023-10-13T14:08:20.660Z"
}{
"tenantId": "your-immuta-tenant.com",
"action": "CATALOG_SYNC",
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"id": "[email protected]"
},
"targetType": "DATASOURCE",
"actionStatus": "SUCCESS",
"eventTimestamp": "2023-04-14T16:48:21.159Z",
"id": "159d4299-fca5-47cb-aa6b-81d93bafa526",
"targets": [
{
"id": "9",
"name": "Public case",
"technology": "SNOWFLAKE",
"type": "DATASOURCE"
}
],
"relatedResources": [],
"receivedTimestamp": "2023-04-14T16:48:21.209Z",
"auditPayload": {
"datasourceId": "9",
"changes": {
"before": {
"catalogId": null,
"documentation": null,
"dictionary": [
{
"tags": [],
"columnName": "country"
},
{
"columnName": "date",
"tags": []
},
{
"tags": [],
"columnName": "fastest_qualifying"
},
{
"columnName": "location",
"tags": []
},
{
"columnName": "round",
"tags": []
},
{
"columnName": "winning_aircraft",
"tags": []
},
{
"tags": [],
"columnName": "winning_pilot"
}
],
"tableTags": null,
"description": null
},
"after": {
"description": "",
"tableTags": null,
"dictionary": [
{
"columnName": "country",
"description": "",
"tags": []
},
{
"tags": [],
"description": "",
"columnName": "date"
},
{
"tags": [],
"columnName": "fastest_qualifying",
"description": ""
},
{
"tags": [],
"columnName": "location",
"description": ""
},
{
"columnName": "round",
"description": "",
"tags": []
},
{
"tags": [],
"description": "",
"columnName": "winning_aircraft"
},
{
"columnName": "winning_pilot",
"description": "",
"tags": []
}
],
"catalogId": "immuta-product_engineering"
}
},
"type": "DatasourceCatalogSyncedAuditPayload"
}
}{
"id": "dc0b7313-ecc9-42f1-ba33-df0a1a753c08",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "102",
"name": "Pgboss Job",
"technology": "POSTGRESQL"
}
],
"relatedResources": [
{
"type": "CONNECTION",
"id": "4",
"name": "data-source-connection-name",
"connectionKey": "data-source-connection-key"
}
],
"auditPayload": {
"type": "DatasourceCreatedAuditPayload",
"version": 1,
"description": null,
"documentation": null,
"expiration": null,
"columnDetectionEnabled": true,
"disabled": false,
"technology": "POSTGRESQL",
"connectionId": "4",
"table": "job",
"schema": "pgboss",
"sensitiveDataDiscoveryEnabled": true
},
"eventTimestamp": "2024-02-22T13:59:04.681Z",
"receivedTimestamp": "2024-02-22T13:59:04.715Z"
}{
"id": "1403b675-70f6-4833-ab4c-a7486c63f494",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "93",
"name": "Audit",
"technology": "POSTGRESQL"
}
],
"relatedResources": [],
"auditPayload": {
"type": "DatasourceDeletedAuditPayload",
"version": 1,
"datasourceId": "93",
"name": "Audit",
"technology": "POSTGRESQL"
},
"eventTimestamp": "2024-02-22T14:20:42.379Z",
"receivedTimestamp": "2024-02-22T14:20:42.392Z"
}{
"id": "a09b9bc3-3775-4496-87ec-b808cf649794",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "153fe145-32a0-5c33-930d-c571c1d7748d",
"action": "DISABLE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "57",
"name": "Activity",
"technology": "POSTGRESQL"
}
],
"relatedResources": [],
"auditPayload": {
"type": "DatasourceDisabledAuditPayload",
"version": 1,
"datasourceId": "57",
"name": "Activity",
"technology": "POSTGRESQL"
},
"eventTimestamp": "2024-02-22T14:22:20.039Z",
"receivedTimestamp": "2024-02-22T14:22:20.183Z"
}{
"receivedTimestamp": "2023-10-24T18:06:27.645Z",
"auditPayload": {
"conflict": null,
"version": 1,
"policy": {
"actions": [
{
"dataPolicyType": "MASKING",
"rules": [
{
"exceptions": null,
"type": "MASKING_HASH",
"fields": ["AWARD_ID"],
"ruleAppliedForUser": false
}
],
"type": "DATA",
"global": false,
"rationale": null
}
],
"type": "DATA"
},
"type": "DatasourceGlobalPolicyAppliedAuditPayload"
},
"relatedResources": [
{
"policyKey": "Mask PII",
"name": "Mask PII",
"type": "GLOBAL_POLICY",
"id": "7"
}
],
"id": "7f57d63a-5db8-412a-ad93-c6baa61384b3",
"targetType": "DATASOURCE",
"actor": {
"profileId": "1",
"identityProvider": "bim",
"id": "[email protected]",
"type": "USER_ACTOR",
"name": "Taylor Smith"
},
"eventTimestamp": "2023-10-24T18:06:27.617Z",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"targets": [
{
"id": "47",
"type": "DATASOURCE",
"technology": "SNOWFLAKE",
"name": "Public case"
}
],
"action": "POLICY_APPLIED"
}{
"actor": {
"name": "Taylor Smith",
"profileId": "1",
"identityProvider": "bim",
"id": "[email protected]",
"type": "USER_ACTOR"
},
"id": "ac9c699a-aad0-4899-964c-279cd7eba125",
"targetType": "DATASOURCE",
"relatedResources": [],
"auditPayload": {
"type": "DatasourceGlobalPolicyConflictResolvedAuditPayload",
"version": 1
},
"receivedTimestamp": "2023-10-24T18:34:04.330Z",
"action": "POLICY_CONFLICT_RESOLVED",
"targets": [
{
"name": "Public case",
"technology": "SNOWFLAKE",
"id": "47",
"type": "DATASOURCE"
}
],
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"eventTimestamp": "2023-10-24T18:34:04.301Z"
}{
"relatedResources": [
{
"id": "7",
"type": "GLOBAL_POLICY",
"name": "Mask PII",
"policyKey": "mask pii"
}
],
"targetType": "DATASOURCE",
"id": "4853154c-8825-4138-800d-913cbab56af6",
"receivedTimestamp": "2023-10-24T18:13:25.004Z",
"auditPayload": {
"version": 1,
"type": "DatasourceGlobalPolicyDisabledAuditPayload"
},
"actor": {
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR",
"name": "Taylor Smith"
},
"eventTimestamp": "2023-10-24T18:13:24.975Z",
"action": "POLICY_DISABLED",
"targets": [
{
"id": "47",
"type": "DATASOURCE",
"name": "Public case",
"technology": "SNOWFLAKE"
}
],
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com"
}{
"actor": {
"name": "Taylor Smith",
"type": "USER_ACTOR",
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1"
},
"auditPayload": {
"type": "DatasourceGlobalPolicyRemovedAuditPayload",
"conflict": null,
"policy": {
"type": "DATA",
"actions": [
{
"dataPolicyType": "MASKING",
"rationale": null,
"global": false,
"type": "DATA",
"rules": [
{
"type": "MASKING_HASH",
"exceptions": null,
"ruleAppliedForUser": false,
"fields": ["PII"]
}
]
}
]
},
"version": 1
},
"receivedTimestamp": "2023-10-24T18:06:27.635Z",
"id": "4a27ab2f-156e-4cff-a3bc-65184d74ccd5",
"targetType": "DATASOURCE",
"relatedResources": [
{
"policyKey": "mask pii",
"name": "Mask PII",
"id": "7",
"type": "GLOBAL_POLICY"
}
],
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"targets": [
{
"type": "DATASOURCE",
"id": "47",
"name": "Public case",
"technology": "SNOWFLAKE"
}
],
"action": "POLICY_REMOVED",
"eventTimestamp": "2023-10-24T18:06:27.617Z"
}{
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"technology": "SNOWFLAKE",
"name": "Public case",
"type": "DATASOURCE",
"id": "47"
}
],
"action": "DECERTIFY_POLICY",
"eventTimestamp": "2023-10-16T19:49:25.365Z",
"actor": {
"type": "SYSTEM_ACCOUNT",
"id": "immuta_system_account",
"name": "Immuta System Account"
},
"auditPayload": {
"expirationDate": "2023-10-16T19:49:25.365Z",
"type": "DatasourcePolicyCertificationExpiredAuditPayload",
"version": 1
},
"receivedTimestamp": "2023-10-16T19:49:25.387Z",
"targetType": "DATASOURCE",
"id": "aedc4025-d888-4407-b837-659dca4d0e80",
"relatedResources": [
{
"type": "GLOBAL_POLICY",
"id": "7",
"policyKey": "mask pii",
"name": "Mask PII"
}
]
}{
"receivedTimestamp": "2023-10-03T18:35:32.666Z",
"id": "04947a9b-0206-4c2d-bce0-0d969b68350b",
"targetType": "DATASOURCE",
"actor": {
"type": "USER_ACTOR",
"profileId": "1",
"id": "[email protected]",
"identityProvider": "bim",
"name": "Taylor Smith"
},
"sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
"requestId": "bf443424-2e49-5a13-9009-8b527a3f65f3",
"targets": [
{
"id": "44",
"type": "DATASOURCE",
"technology": "SNOWFLAKE",
"name": "Public case"
}
],
"actorIp": "xxx.xx.xx.xx",
"auditPayload": {
"type": "DatasourcePolicyCertifiedAuditPayload",
"columns": [
{
"name": "Full name",
"tags": [
{
"deleted": false,
"id": "23",
"type": "TAG",
"context": "manual",
"source": "curated",
"name": "PII"
}
]
}
],
"certificationDate": "2023-10-03T18:35:32.607Z",
"version": 1
},
"relatedResources": [
{
"type": "GLOBAL_POLICY",
"id": "3",
"name": "Mask PHI",
"policyKey": "Mask PHI"
}
],
"eventTimestamp": "2023-10-03T18:35:32.484Z",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"action": "POLICY_CERTIFY"
}{
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"id": "44",
"type": "DATASOURCE",
"technology": "SNOWFLAKE",
"name": "Public case"
}
],
"requestId": "270aa26c-e424-53cf-af06-d290c8bfa308",
"sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
"actor": {
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR",
"name": "Taylor Smith"
},
"targetType": "DATASOURCE",
"id": "31c902a8-5cbc-4171-baaa-2428080fac91",
"receivedTimestamp": "2023-10-03T19:25:34.166Z",
"action": "DECERTIFY_POLICY",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"eventTimestamp": "2023-10-03T19:25:34.094Z",
"relatedResources": [
{
"name": "Mask PII",
"policyKey": "mask pii",
"id": "7",
"type": "GLOBAL_POLICY"
}
],
"auditPayload": {
"version": 1,
"type": "DatasourcePolicyDecertifiedAuditPayload",
"decertificationDate": "2023-10-03T19:25:34.121Z"
}
}{
"id": "77de32df-1655-4618-b0bf-e6883483a151",
"sessionId": "285574f9f1fd35b1fc7dba060e0786a2",
"requestId": "e35f9736-f206-53fd-ab02-043bce216e52",
"action": "DATASOURCE_REMOVE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PROJECT",
"targets": [
{
"type": "PROJECT",
"name": "Human Resources",
"id": "13",
"projectKey": "humanresources"
}
],
"relatedResources": [
{
"type": "DATASOURCE",
"id": "54",
"name": "Customers",
"technology": "POSTGRESQL"
}
],
"auditPayload": {
"type": "DatasourceRemovedFromProjectAuditPayload",
"version": 1,
"projectId": "13",
"datasources": [
{
"id": "54",
"name": "Customers"
}
],
"errors": []
},
"eventTimestamp": "2024-02-29T18:19:08.881Z",
"receivedTimestamp": "2024-02-29T18:19:09.071Z"
}{
"id": "d6e6115a-e508-4ace-83af-5b6da9a25884",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "66",
"name": "Public case",
"technology": "POSTGRESQL"
}
],
"relatedResources": [],
"auditPayload": {
"type": "DatasourceUpdatedAuditPayload",
"version": 1,
"name": "Public case",
"description": null,
"documentation": "New documentation to descripe the table.",
"expiration": null,
"columnDetectionEnabled": true,
"disabled": false,
"datasourceId": "66"
},
"eventTimestamp": "2024-02-22T14:24:45.048Z",
"receivedTimestamp": "2024-02-22T14:24:45.069Z"
}{
"sessionId": "227c3dbbbfe78ecd693c84979a930c22",
"actionStatus": "SUCCESS",
"targetType": "DOMAIN",
"actorIp": "xxx.xx.xx.xx",
"receivedTimestamp": "2023-12-20T20:01:03.651Z",
"requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
"id": "f99bc30e-13f6-4041-a0ad-20750a27519e",
"actor": {
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"action": "CREATE",
"tenantId": "your-immuta-tenant.com",
"auditPayload": {
"domain": {
"description": "A domain for financial data.",
"name": "Finance Domain",
"domainType": "DOMAIN",
"id": "11e7011d-a365-4933-abcb-d5febc03d310"
},
"version": 1,
"type": "DomainCreatedAuditPayload"
},
"relatedResources": [],
"targets": [
{
"name": "Finance Domain",
"domainType": "domain",
"type": "DOMAIN",
"id": "11e7011d-a365-4933-abcb-d5febc03d310"
}
],
"eventTimestamp": "2023-12-20T20:01:03.065Z"
}{
"action": "MODIFY_DOMAIN",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"targetType": "DOMAIN",
"modifiedResourceType": "DATASOURCE",
"actor": {
"type": "USER_ACTOR",
"profileId": "1",
"identityProvider": "bim",
"name": "Taylor Smith",
"id": "[email protected]"
},
"id": "bef14718-5fa8-4891-bb9e-47f7a332a70b",
"eventTimestamp": "2023-12-20T20:23:14.432Z",
"auditPayload": {
"updateType": "ADD",
"version": 1,
"type": "DomainDataSourcesUpdatedAuditPayload"
},
"receivedTimestamp": "2023-12-20T20:23:14.456Z",
"relatedResources": [
{
"name": "Public case",
"type": "DATASOURCE",
"technology": "POSTGRESQL",
"id": "381"
}
],
"targets": [
{
"id": "11e7011d-a365-4933-abcb-d5febc03d310",
"name": "Finance Domain",
"domainType": "domain",
"type": "DOMAIN"
}
]
}{
"relatedResources": [],
"targets": [
{
"type": "DOMAIN",
"name": "Finance Domain",
"domainType": "DOMAIN",
"id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea"
}
],
"auditPayload": {
"version": 1,
"domain": {
"id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea",
"name": "Finance Domain",
"domainType": "DOMAIN"
},
"type": "DomainDeletedAuditPayload"
},
"eventTimestamp": "2023-12-20T20:21:13.981Z",
"actor": {
"id": "[email protected]",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"action": "DELETE",
"requestId": "7884603d-8911-5f33-a9a7-d8560eb49a89",
"receivedTimestamp": "2023-12-20T20:21:14.077Z",
"id": "3a82ceb6-6592-4ddf-9055-6920d87bba32",
"actionStatus": "SUCCESS",
"targetType": "DOMAIN",
"sessionId": "227c3dbbbfe78ecd693c84979a930c22",
"actorIp": "xxx.xx.xx.xx"
}{
"eventTimestamp": "2023-12-20T20:01:03.065Z",
"relatedResources": [
{
"type": "USER",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1",
"id": "[email protected]"
},
{
"type": "USER",
"profileId": "1",
"name": "Taylor Smith",
"identityProvider": "bim",
"id": "[email protected]"
}
],
"targets": [
{
"name": "Finance Domain",
"domainType": "domain",
"type": "DOMAIN",
"id": "11e7011d-a365-4933-abcb-d5febc03d310"
}
],
"auditPayload": {
"updateType": "GRANT",
"version": 1,
"permissionUpdates": [
{
"permission": "MANAGE_POLICIES",
"profileId": "1"
}
],
"type": "DomainPermissionsUpdatedAuditPayload"
},
"tenantId": "your-immuta-tenant.com",
"action": "MODIFY_DOMAIN",
"actor": {
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"type": "USER_ACTOR",
"id": "[email protected]"
},
"modifiedResourceType": "USER",
"id": "377ee78b-74da-4466-bdc1-22d531c1f61c",
"requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
"receivedTimestamp": "2023-12-20T20:01:03.576Z",
"actorIp": "xxx.xx.xx.xx",
"sessionId": "227c3dbbbfe78ecd693c84979a930c22",
"targetType": "DOMAIN",
"actionStatus": "SUCCESS"
}{
"id": "d61d6ac9-2897-4d34-84f3-16181ddb9212",
"sessionId": "adba345c6949d7f7761367c0769b983d",
"requestId": "9a64147e-5b57-5905-9e7c-54b5a5c461c8",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "DOMAIN",
"targets": [
{
"type": "DOMAIN",
"id": "69347b14-1cda-41e1-9186-e85853158299",
"name": "Finance Domain v2",
"domainType": "domain"
}
],
"relatedResources": [],
"auditPayload": {
"type": "DomainUpdatedAuditPayload",
"modifiedFields": [
"name",
"description"
],
"domain": {
"id": "69347b14-1cda-41e1-9186-e85853158299",
"name": "Finance Domain v2",
"description": "Only use for finance tables."
},
"version": 1
},
"eventTimestamp": "2023-12-12T18:26:29.618Z",
"receivedTimestamp": "2023-12-12T18:26:32.472Z"
}{
"targets": [
{
"id": "12",
"type": "GLOBAL_POLICY",
"name": "Mask PII",
"policyKey": "mask pii"
}
],
"actorIp": "xxx.xx.xx.xx",
"sessionId": "c6eb428b869864f798f17fd7d5d0215a",
"requestId": "10a78dee-6181-52dd-8b68-5461b6172e40",
"actor": {
"name": "Deepu Murty",
"profileId": "999111223",
"identityProvider": "bim",
"id": "[email protected]",
"type": "USER_ACTOR"
},
"receivedTimestamp": "2023-11-03T18:23:25.966Z",
"id": "5ff5640f-4fc3-4634-a0e2-c625e0ffb447",
"targetType": "GLOBAL_POLICY",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"action": "GLOBAL_POLICY_APPROVAL_RESCINDED",
"eventTimestamp": "2023-11-03T18:23:25.861Z",
"auditPayload": {
"comment": "This policy isn't ready for production. Please mask PII.",
"type": "GlobalPolicyApprovalRescindedAuditPayload",
"approvalRequestId": "2",
"version": 1
},
"relatedResources": []
}{
"auditPayload": {
"comment": "This policy looks good for production.",
"approvalRequestId": "2",
"type": "GlobalPolicyApprovedAuditPayload",
"version": 1
},
"relatedResources": [],
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"action": "GLOBAL_POLICY_APPROVED",
"eventTimestamp": "2023-11-03T18:22:12.040Z",
"actor": {
"name": "Deepu Murty",
"type": "USER_ACTOR",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111223"
},
"receivedTimestamp": "2023-11-03T18:22:12.153Z",
"id": "271dc5ff-b23e-4da6-8066-91a35fda02e4",
"targetType": "GLOBAL_POLICY",
"targets": [
{
"name": "Mask PII",
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"id": "12"
}
],
"actorIp": "xxx.xx.xx.xx",
"sessionId": "c6eb428b869864f798f17fd7d5d0215a",
"requestId": "50863cf9-6a8a-5299-89e2-200771eab62c"
}{
"eventTimestamp": "2023-11-03T18:20:16.483Z",
"action": "GLOBAL_POLICY_CHANGE_REQUESTED",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"relatedResources": [],
"auditPayload": {
"approvalRequestId": "1",
"type": "GlobalPolicyChangeRequestedAuditPayload",
"comment": "Please add additional controls on personal data.",
"version": 1
},
"requestId": "4afc86e6-dee6-5756-b02e-b22e92d237c4",
"sessionId": "be1e7a02ba2a5e65a6848c752ee0838b",
"targets": [
{
"name": "Mask PII",
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"id": "12"
}
],
"actorIp": "xxx.xx.xx.xx",
"id": "77277757-331a-4a13-ba21-cbfeab01d47f",
"targetType": "GLOBAL_POLICY",
"receivedTimestamp": "2023-11-03T18:20:16.581Z",
"actor": {
"profileId": "999111223",
"id": "[email protected]",
"identityProvider": "bim",
"type": "USER_ACTOR",
"name": "Deepu Murty"
}
}{
"targetType": "GLOBAL_POLICY",
"id": "aac7cb75-c6ec-48ed-a11e-f6d8bf29dfe6",
"relatedResources": [],
"actor": {
"id": "[email protected]",
"profileId": "1",
"identityProvider": "bim",
"name": "Taylor Smith",
"type": "USER_ACTOR"
},
"actionStatus": "SUCCESS",
"sessionId": "517a11643dcdbba0b5ba30d49ee7a334",
"auditPayload": {
"type": "GlobalPolicyCreatedAuditPayload",
"policy": {
"type": "DATA",
"actions": [
{
"type": "DATA",
"rules": [
{
"type": "MASKING_HASH",
"columnCondition": {
"type": "TAG",
"tags": ["Testing"]
},
"exceptions": null
}
],
"dataPolicyType": "MASKING",
"rationale": null
}
],
"circumstance": {
"conditions": [
{
"type": "TAG",
"tagType": "COLUMN",
"tag": "Testing"
}
],
"operator": "any",
"type": "CONDITIONAL"
}
}
},
"targets": [
{
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"name": "Mask PII",
"id": "5"
}
],
"action": "CREATE",
"eventTimestamp": "2023-05-10T18:29:39.438Z",
"actorIp": "xxx.xx.xx.xx",
"requestId": "2b126931-7a15-5678-99c4-11f0c5b40365",
"receivedTimestamp": "2023-05-10T18:29:39.636Z",
"tenantId": "your-immuta-tenant.com"
}{
"requestId": "12674fb7-4b90-5500-906f-7277a240e0f8",
"eventTimestamp": "2023-09-13T19:42:53.029Z",
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"receivedTimestamp": "2023-09-13T19:42:53.157Z",
"id": "d8cb76a2-516d-41f7-98d9-1cb616b759a4",
"targetType": "GLOBAL_POLICY",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR",
"id": "[email protected]",
"profileId": "1"
},
"relatedResources": [],
"auditPayload": {
"version": 1,
"policy": {
"actions": [
{
"subscriptionPolicyType": "AUTOMATIC",
"type": "SUBSCRIPTION",
"rationale": null,
"accessGrant": "READ"
}
],
"type": "SUBSCRIPTION",
"circumstance": {
"type": "WHEN_SELECTED"
}
},
"type": "GlobalPolicyDeletedAuditPayload"
},
"sessionId": "2d48cc8df46b3b3eedf543f4192b6726",
"action": "DELETE",
"targets": [
{
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"name": "Mask PII",
"id": "6"
}
]
}{
"sessionId": "89fc6c8f7b6e04d9b9d4f720dbd84890",
"requestId": "6abef8eb-6acb-5364-9a88-7479b03227cf",
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"name": "Mask PII",
"policyKey": "maks pii",
"type": "GLOBAL_POLICY",
"id": "12"
}
],
"receivedTimestamp": "2023-11-08T14:57:36.465Z",
"targetType": "GLOBAL_POLICY",
"id": "990f260b-eef6-4eed-8f71-f48c8e9b88cb",
"actor": {
"name": "Taylor Smith",
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR"
},
"eventTimestamp": "2023-11-08T14:57:36.387Z",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS",
"action": "GLOBAL_POLICY_PROMOTED",
"auditPayload": {
"type": "GlobalPolicyPromotedAuditPayload",
"policyName": "Mask PII",
"version": 1,
"policyId": "12"
},
"relatedResources": []
}{
"targetType": "GLOBAL_POLICY",
"id": "a26fa653-e545-4a34-9488-d7f1b92379d0",
"receivedTimestamp": "2023-11-03T18:16:30.588Z",
"actor": {
"name": "Taylor Smith",
"type": "USER_ACTOR",
"profileId": "1",
"identityProvider": "bim",
"id": "[email protected]"
},
"requestId": "9a03030a-09ef-5d2b-abea-b65305901e9b",
"sessionId": "1f468d12a437bceb59b71054d6ad8bf8",
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"name": "Mask PII",
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"id": "12"
}
],
"relatedResources": [],
"auditPayload": {
"type": "GlobalPolicyReviewRequestedAuditPayload",
"approvalRequestId": "1",
"version": 1
},
"eventTimestamp": "2023-11-03T18:16:30.281Z",
"action": "GLOBAL_POLICY_REVIEW_REQUESTED",
"tenantId": "your-immuta-tenant.com",
"actionStatus": "SUCCESS"
}{
"tenantId": "your-immuta-tenant.com",
"receivedTimestamp": "2023-10-24T18:06:21.278Z",
"eventTimestamp": "2023-10-24T18:06:21.155Z",
"actorIp": "xxx.xx.xx.xx",
"requestId": "c2554ade-fbea-54b4-bfa5-a652d8a34309",
"actionStatus": "SUCCESS",
"relatedResources": [],
"actor": {
"type": "USER_ACTOR",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1",
"id": "[email protected]"
},
"id": "f2346f5b-07b3-4f71-a0e1-9635e3b7cacc",
"targetType": "GLOBAL_POLICY",
"targets": [
{
"id": "7",
"policyKey": "mask pii",
"type": "GLOBAL_POLICY",
"name": "Mask PII"
}
],
"action": "UPDATE",
"auditPayload": {
"version": 1,
"policy": {
"circumstance": {
"type": "WHEN_SELECTED"
},
"actions": [
{
"dataPolicyType": "MASKING",
"type": "DATA",
"rules": [
{
"type": "MASKING_HASH",
"columnCondition": {
"tags": ["AuditTesting"],
"type": "TAG"
},
"exceptions": null
}
],
"rationale": null
}
],
"type": "DATA",
"certification": {
"label": "Personal information certification",
"tags": ["AuditTesting"],
"description": "I certify that I understand this data source contains personally identifiable information and will use the data appropriately and responsibly to the company policies."
}
},
"type": "GlobalPolicyUpdatedAuditPayload"
},
"sessionId": "1a8a16c58f29172d9a59224030617184"
}{
"sessionId": "c3e76e5f809b74fabe0975bcac5e0fca",
"auditPayload": {
"version": 1,
"groupIdProvider": "bim",
"name": "HR",
"groupId": "6",
"type": "GroupCreatedAuditPayload"
},
"action": "CREATE",
"targets": [
{
"id": "6",
"identityProvider": "bim",
"name": "HR",
"type": "GROUP"
}
],
"targetType": "GROUP",
"id": "24b9bce7-e255-47ed-8aa1-fefde19be539",
"relatedResources": [],
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"id": "[email protected]"
},
"actionStatus": "SUCCESS",
"eventTimestamp": "2023-12-19T21:18:23.711Z",
"actorIp": "xxx.xx.xx.xx",
"requestId": "a37ee299-cc6b-531b-8af1-891d853af995",
"receivedTimestamp": "2023-12-19T21:18:24.040Z",
"tenantId": "your-immuta-tenant.com"
}{
"actorIp": "xxx.xx.xx.xx",
"eventTimestamp": "2023-12-19T21:18:25.891Z",
"requestId": "92e7ba98-144b-502d-beae-48ceb865cdcf",
"receivedTimestamp": "2023-12-19T21:18:26.161Z",
"tenantId": "your-immuta-tenant.com",
"sessionId": "60e86f7be389dc21b11bdc4a5b6d6974",
"auditPayload": {
"name": "HR",
"groupIdProvider": "bim",
"groupId": "6",
"type": "GroupDeletedAuditPayload",
"version": 1
},
"targets": [
{
"id": "6",
"type": "GROUP",
"name": "HR",
"identityProvider": "bim"
}
],
"action": "DELETE",
"targetType": "GROUP",
"id": "45efee34-2147-4ea9-bc3f-9f88addaaa2a",
"relatedResources": [],
"actor": {
"identityProvider": "bim",
"name": "Taylor Smith",
"type": "USER_ACTOR",
"id": "[email protected]",
"profileId": "1"
},
"actionStatus": "SUCCESS"
}{
"sessionId": "5ff64ed8fe0a194b074415a73d4f9201",
"id": "93e2dade-fd6f-4c13-8274-e9dd843bb990",
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"name": "HR",
"id": "3",
"identityProvider": "bim",
"type": "GROUP"
}
],
"receivedTimestamp": "2024-01-17T13:32:15.929Z",
"actionStatus": "SUCCESS",
"eventTimestamp": "2024-01-17T13:32:15.755Z",
"relatedResources": [
{
"type": "USER",
"identityProvider": "bim",
"name": "Deepu Murty",
"id": "[email protected]",
"profileId": "999111223"
}
],
"targetType": "GROUP",
"actor": {
"identityProvider": "bim",
"type": "USER_ACTOR",
"profileId": "1",
"id": "[email protected]",
"name": "Taylor Smith"
},
"action": "MEMBER_ADD",
"auditPayload": {
"type": "GroupMemberAddedAuditPayload",
"version": 1,
"userIdProvider": "bim",
"groupId": "3",
"userId": "[email protected]"
},
"requestId": "e12e42ab-5ba5-54f4-9ff9-61e27c131d6d"
}{
"targetType": "GROUP",
"receivedTimestamp": "2024-01-17T13:27:04.061Z",
"actionStatus": "SUCCESS",
"relatedResources": [],
"eventTimestamp": "2024-01-17T13:27:03.841Z",
"auditPayload": {
"groupId": "3",
"version": 1,
"type": "GroupMemberRemovedAuditPayload"
},
"requestId": "73a295d1-504a-507c-ba6d-9a72f2b34b16",
"actor": {
"identityProvider": "bim",
"type": "USER_ACTOR",
"profileId": "1",
"id": "[email protected]",
"name": "Taylor Smith"
},
"action": "MEMBER_REMOVE",
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"id": "3",
"name": "HR",
"type": "GROUP",
"identityProvider": "bim"
}
],
"tenantId": "your-immuta-tenant.com",
"sessionId": "5ff64ed8fe0a194b074415a73d4f9201",
"id": "5201799f-2472-4b9d-ba5c-db32e06a0bfa"
}{
"targetType": "GROUP",
"actionStatus": "SUCCESS",
"relatedResources": [],
"eventTimestamp": "2023-12-19T21:18:32.490Z",
"receivedTimestamp": "2023-12-19T21:18:32.767Z",
"requestId": "09ecbab3-803e-5eff-bc15-b07fcf57260b",
"auditPayload": {
"name": "Human Resources Department",
"groupIdProvider": "bim",
"groupId": "8",
"version": 1,
"type": "GroupUpdatedAuditPayload"
},
"action": "UPDATE",
"actor": {
"profileId": "1",
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"type": "GROUP",
"identityProvider": "bim",
"name": "Human Resources Department",
"id": "8"
}
],
"actorIp": "xxx.xx.xx.xx",
"id": "f4cd509d-587e-4bc4-9c0f-87ca6e122d1a",
"sessionId": "320b8c29c32ce2407b00e0de98546528"
}{
"id": "c1a74870-ff01-43bf-8b2e-928b6fccb6ae",
"sessionId": "bdf4e26e67f4e3ceeb93705b639f8768",
"requestId": "4c48deb8-4e4d-5705-be82-fae9e165967a",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "LICENSE",
"targets": [
{
"type": "LICENSE",
"id": "2",
"name": "2"
}
],
"relatedResources": [],
"auditPayload": {
"type": "LicenseCreatedAuditPayload",
"version": 1,
"licenseKey": "a-unique-license-key"
},
"eventTimestamp": "2024-03-08T18:34:30.028Z",
"receivedTimestamp": "2024-03-08T18:34:30.475Z"
}{
"id": "e7a22a3c-8b08-48e7-a648-3b6946b085e4",
"sessionId": "0c52d87dd0437dd90b48bfd66e7cf3dd",
"requestId": "50c29e76-6f24-5a66-9acb-1c298496377e",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "LICENSE",
"targets": [
{
"type": "LICENSE",
"id": "2",
"name": "2"
}
],
"relatedResources": [],
"auditPayload": {
"type": "LicenseDeletedAuditPayload",
"version": 1,
"id": "2"
},
"eventTimestamp": "2024-03-08T18:38:12.382Z",
"receivedTimestamp": "2024-03-08T18:38:12.457Z"
}{
"targetType": "LOCAL_POLICY",
"actionStatus": "SUCCESS",
"eventTimestamp": "2023-10-13T18:16:19.643Z",
"relatedResources": [
{
"id": "129",
"name": "Public case",
"type": "DATASOURCE",
"technology": "POSTGRESQL"
}
],
"receivedTimestamp": "2023-10-13T18:16:19.680Z",
"auditPayload": {
"type": "LocalPolicyCreatedAuditPayload",
"policy": {
"actions": [
{
"rationale": null,
"rules": [
{
"exceptions": null,
"type": "MASKING_K_ANONYMIZATION",
"fields": ["c_birth_year", "c_birth_month", "c_birth_day"],
"kLevel": 8,
"ruleAppliedForUser": false
}
],
"type": "DATA",
"global": false,
"dataPolicyType": "MASKING"
}
],
"type": "DATA"
},
"version": 1
},
"action": "CREATE",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR",
"identityProvider": "bim"
},
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"type": "LOCAL_POLICY",
"name": "4",
"id": "4",
"datasource": {
"id": "129",
"name": "Public case",
"type": "DATASOURCE",
"technology": "POSTGRESQL"
}
}
],
"id": "761a4044-1dec-4b9b-815f-d83c056ff61e"
}{
"id": "c8066842-4c90-4b12-a108-232c93a5fe63",
"targets": [],
"tenantId": "your-immuta-tenant.com",
"action": "UPDATE",
"actor": {
"profileId": "1",
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"auditPayload": {
"version": 1,
"policyHandlerUpdateAction": "UPDATE",
"policy": {
"actions": [
{
"subscriptionPolicyType": "AUTOMATIC",
"rationale": null,
"type": "SUBSCRIPTION",
"accessGrant": "READ",
"global": false,
"ruleAppliedForUser": true
}
],
"type": "SUBSCRIPTION"
},
"policyUpdateType": "SUBSCRIPTION",
"type": "LocalPolicyUpdatedAuditPayload"
},
"actionStatus": "SUCCESS",
"eventTimestamp": "2024-02-07T19:26:54.447Z",
"relatedResources": [
{
"id": "1124",
"name": "Public case",
"technology": "SNOWFLAKE",
"type": "DATASOURCE"
}
],
"receivedTimestamp": "2024-02-07T19:26:54.478Z",
"targetType": "LOCAL_POLICY"
}{
"id": "d18cbe70-a620-4ae4-a82a-a24249832e12",
"sessionId": "86d602c9d57fcc55e103ee7a5fa650dc",
"requestId": "749dd9dd-e06f-5781-ad7e-91c002ed5043",
"action": "PERMISSION_APPLY",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111223",
"type": "USER"
}
],
"relatedResources": [
{
"name": "GOVERNANCE",
"id": "GOVERNANCE",
"type": "PERMISSION"
}
],
"auditPayload": {
"type": "PermissionAppliedAuditPayload",
"version": 1
},
"eventTimestamp": "2024-01-09T20:18:53.451Z",
"receivedTimestamp": "2024-01-09T20:18:53.578Z"
}{
"id": "51481c15-e40d-419d-b510-bd8c47028069",
"sessionId": "86d602c9d57fcc55e103ee7a5fa650dc",
"requestId": "bd789b1a-580f-5d59-a6e0-d805a1464114",
"action": "PERMISSION_REMOVE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111223",
"type": "USER"
}
],
"relatedResources": [
{
"name": "CREATE_PROJECT",
"id": "CREATE_PROJECT",
"type": "PERMISSION"
},
{
"name": "GOVERNANCE",
"id": "GOVERNANCE",
"type": "PERMISSION"
}
],
"auditPayload": {
"type": "PermissionRemovedAuditPayload",
"version": 1
},
"eventTimestamp": "2024-01-09T20:22:02.326Z",
"receivedTimestamp": "2024-01-09T20:22:02.451Z"
}{
"action": "CREATE",
"tenantId": "your-immuta-tenant.com",
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"id": "[email protected]"
},
"eventTimestamp": "2023-09-13T13:43:04.225Z",
"auditPayload": {
"equalization": null,
"projectKey": "hr",
"purposes": [],
"disabled": false,
"type": "ProjectCreatedAuditPayload",
"datasources": [],
"allowMaskedJoins": false,
"stagedPurposes": [],
"projectId": "6",
"version": 1,
"name": "HR",
"description": null,
"tags": [],
"documentation": "# A project for all internal employee data for HR use."
},
"targets": [
{
"id": "6",
"type": "PROJECT",
"projectKey": "hr",
"name": "HR"
}
],
"relatedResources": [],
"actorIp": "xxx.xx.xx.xx",
"sessionId": "cdbffff8804103418350947c6586712c",
"actionStatus": "SUCCESS",
"targetType": "PROJECT",
"id": "8d6da097-b5d8-4f19-8737-9c1d8e453f93",
"receivedTimestamp": "2023-09-13T13:43:04.515Z",
"requestId": "49b37341-83d2-576c-a560-29b224654c4e"
}{
"auditPayload": {
"projectId": "2",
"projectKey": "hr",
"type": "ProjectDeletedAuditPayload",
"name": "HR"
},
"requestId": "47ea1ce0-6464-54e3-8e0c-f7afaccd75a0",
"actor": {
"profileId": "1",
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"action": "DELETE",
"targetType": "PROJECT",
"receivedTimestamp": "2023-04-14T16:07:13.416Z",
"relatedResources": [],
"eventTimestamp": "2023-04-14T16:07:12.647Z",
"actionStatus": "SUCCESS",
"actorIp": "127.0.0.1",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"name": "HR",
"id": "2",
"type": "PROJECT",
"projectKey": "hr"
}
],
"sessionId": "635b928a3ba5001076f2ca6da4328be0",
"id": "37350b53-6e39-4ff9-bdb8-300df04aa1e0"
}{
"id": "d890dfb0-72ed-4c29-8a06-68ba5868a1ca",
"sessionId": "dda1a16c5446bc2309df1e37d8483e2c",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"name": "HR",
"id": "7",
"projectKey": "hr",
"type": "PROJECT"
}
],
"actorIp": "xxx.xx.xx.xx",
"action": "DISABLE",
"actor": {
"profileId": "1",
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"requestId": "ff7875f4-07ff-5349-a321-d9e59aaf97b5",
"auditPayload": {
"type": "ProjectDisabledAuditPayload",
"projectKey": "hr",
"version": 1,
"projectId": "7",
"name": "HR"
},
"actionStatus": "SUCCESS",
"relatedResources": [],
"eventTimestamp": "2023-12-23T13:32:57.895Z",
"receivedTimestamp": "2023-12-23T13:32:58.072Z",
"targetType": "PROJECT"
}{
"targetType": "PROJECT",
"receivedTimestamp": "2023-12-19T17:23:31.075Z",
"eventTimestamp": "2023-12-19T17:23:17.425Z",
"relatedResources": [
{
"type": "PURPOSE",
"name": "NoiseReduced.Small",
"id": "14"
}
],
"actionStatus": "SUCCESS",
"auditPayload": {
"purposeId": "14",
"projectId": "2",
"version": 1,
"type": "ProjectPurposeApprovedAuditPayload"
},
"requestId": "ab8dcd0c-49d3-57ec-83a9-09516a9cc919",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR",
"identityProvider": "bim"
},
"action": "PURPOSE_APPROVE",
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"id": "2",
"name": "HR",
"type": "PROJECT",
"projectKey": "hr"
}
],
"tenantId": "your-immuta-tenant.com",
"sessionId": "ed785f4e8bffe89a43f815dd66a3c401",
"id": "681e743c-0674-4e1f-bbc6-f64ac1b404bc"
}{
"action": "PURPOSE_DENY",
"actor": {
"identityProvider": "bim",
"type": "USER_ACTOR",
"profileId": "1",
"name": "Taylor Smith",
"id": "[email protected]"
},
"requestId": "3a186491-f497-567c-8715-49a1e6b37077",
"auditPayload": {
"version": 1,
"projectId": "11",
"purposeId": "6",
"type": "ProjectPurposeDeniedAuditPayload"
},
"relatedResources": [
{
"name": "Activities",
"id": "6",
"type": "PURPOSE"
}
],
"eventTimestamp": "2023-12-19T17:30:29.543Z",
"actionStatus": "SUCCESS",
"receivedTimestamp": "2023-12-19T17:30:32.388Z",
"targetType": "PROJECT",
"id": "f32dfb5e-f865-4c17-a25e-7ea37d568c03",
"sessionId": "ed785f4e8bffe89a43f815dd66a3c401",
"targets": [
{
"type": "PROJECT",
"projectKey": "hr",
"name": "HR",
"id": "11"
}
],
"tenantId": "your-immuta-tenant.com",
"actorIp": "xxx.xx.xx.xx"
}{
"requestId": "ea287df8-2fd2-57c2-86c3-cdb421ec3f64",
"auditPayload": {
"purposes": [
{
"id": "5",
"name": "Re-identification Prohibited.Expert Determination",
"acknowledgement": "I agree to use the data associated with this project for the stated purpose of the project, and for that purpose only, as listed in the project's homepage, and to refrain from sharing that data outside of the project or Immuta, unless the data recipient is required to adhere to a data sharing protocol specifying relevant security arrangements.\n\nI acknowledge that combining the project data (and derivations thereof) with other data, including data produced in different projects or under different utility adjustments within the same project, can undermine the expert determination, and is therefore outside its scope.\n\nI also agree not to re-identify or take any steps to re-identify the individuals whose health information is contained in the data sources attached to the project. In the event that these individuals have been identified or that I discover risks that I believe could lead to their identification, I agree to immediately notify the project owner or governance team and take immediate action to address and mitigate such risks. I further agree to refrain from contacting any individuals who might be identified."
}
],
"subscriptionId": "8",
"type": "ProjectPurposesAcknowledgedAuditPayload",
"version": 1,
"projectId": "2"
},
"action": "PURPOSE_ACKNOWLEDGE",
"actor": {
"id": "[email protected]",
"name": "Taylor Smith",
"profileId": "1",
"type": "USER_ACTOR",
"identityProvider": "bim"
},
"targetType": "PROJECT",
"eventTimestamp": "2023-10-13T14:12:18.083Z",
"relatedResources": [
{
"id": "5",
"name": "Re-identification Prohibited.Expert Determination",
"type": "PURPOSE"
}
],
"actionStatus": "SUCCESS",
"receivedTimestamp": "2023-10-13T14:12:18.216Z",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"id": "2",
"name": "HR",
"type": "PROJECT",
"projectKey": "hr"
}
],
"actorIp": "xxx.xx.xx.xx",
"id": "d21f9673-7b96-4bbe-abca-8d0aaec67c87",
"sessionId": "6b928653b1411078647a2764a72beca6"
}{
"sessionId": "6b928653b1411078647a2764a72beca6",
"id": "b39e1295-bcd6-4117-8551-e2663a2541cb",
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"id": "1",
"name": "HR",
"projectKey": "hr",
"type": "PROJECT"
}
],
"receivedTimestamp": "2023-10-13T13:07:36.937Z",
"eventTimestamp": "2023-10-13T13:07:36.626Z",
"relatedResources": [],
"actionStatus": "SUCCESS",
"targetType": "PROJECT",
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"id": "[email protected]",
"name": "Taylor Smith",
"profileId": "1"
},
"action": "UPDATE",
"auditPayload": {
"equalization": null,
"type": "ProjectUpdatedAuditPayload",
"projectId": "1",
"version": 1
},
"requestId": "e162dd46-11d1-544b-af68-d71d4e033af5"
}{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
{
"type": "PURPOSE",
"id": "1",
"name": "Human resources use"
}
],
"relatedResources": [],
"auditPayload": {
"id": "1",
"name": "Human resources use"
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeDeleted",
"version": "1.0.0"
}{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
{
"type": "PURPOSE",
"id": "1",
"name": "Human resources use"
}
],
"relatedResources": [],
"auditPayload": {
"type": "PurposeUpdatedAuditPayload",
"description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
"name": "Human resources use",
"acknowledgement": "I agree to use this data for internal human resources needs.",
"subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpdated",
"version": "1.0.0"
}{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "UPSERT",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
{
"type": "PURPOSE",
"id": "1",
"name": "Human resources use"
}
],
"relatedResources": [],
"auditPayload": {
"type": "PurposeUpsertedAuditPayload",
"description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
"name": "Human resources use",
"acknowledgement": "I agree to use this data for internal human resources needs.",
"subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpserted",
"version": "1.0.0"
}{
"receivedTimestamp": "2023-12-22T20:37:08.243Z",
"actor": {
"type": "USER_ACTOR",
"name": "Taylor Smith",
"identityProvider": "bim",
"id": "[email protected]",
"profileId": "1"
},
"actorIp": "xxx.xx.xx.xx",
"sessionId": "a21eddce1c9c1e18443ae04437e7c9c0",
"action": "CREATE",
"eventTimestamp": "2023-12-22T20:37:08.009Z",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"targetType": "SDD_CLASSIFIER",
"id": "b4aaefc0-2880-41cb-b3af-26f2fb83fd1f",
"requestId": "f741e950-0a72-5c8a-8e18-5bd7af7d3d92",
"auditPayload": {
"displayName": "My Column Name Regex Rule",
"name": "MY_COLUMN_NAME_REGEX_RULE",
"classifierId": "73",
"config": {
"columnNameRegex": "salary",
"tags": [
{
"id": "22402",
"name": "Discovered.column-name-regex-salary",
"type": "TAG",
"source": "curated"
}
]
},
"version": 1,
"type": "SDDClassifierCreatedAuditPayload"
},
"relatedResources": [
{
"id": "22402",
"name": "Discovered.column-name-regex-salary",
"type": "TAG",
"source": "curated"
}
],
"targets": [
{
"name": "MY_COLUMN_NAME_REGEX_RULE",
"id": "73",
"type": "SDD_CLASSIFIER"
}
]
}{
"id": "253cf57a-7fe7-4be8-bdd8-9d2f8860bb21",
"targetType": "SDD_CLASSIFIER",
"actionStatus": "SUCCESS",
"tenantId": "your-immuta-tenant.com",
"relatedResources": [],
"auditPayload": {
"classifierId": "69",
"name": "MY_DICTIONARY_RULE",
"version": 1,
"type": "SDDClassifierDeletedAuditPayload"
},
"requestId": "29e410fc-bdbe-528c-aaa0-6b75c42ad618",
"actorIp": "xxx.xx.xx.xx",
"receivedTimestamp": "2023-12-18T23:09:33.882Z",
"actor": {
"type": "USER_ACTOR",
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1"
},
"eventTimestamp": "2023-12-18T23:09:33.792Z",
"action": "DELETE",
"sessionId": "78fe82a7524125f911881de1721cfca4"
}{
"id": "4cae883b-9236-4052-a41a-893e3a734285",
"sessionId": "3541001fcfa1e1e3dd7c26398cdfd3c6",
"requestId": "e75761e9-c778-5e38-9933-f9ffd4192cb3",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "SDD_CLASSIFIER",
"targets": [
{
"type": "SDD_CLASSIFIER",
"id": "68",
"name": "Email identifier"
}
],
"relatedResources": [
{
"type": "TAG",
"name": "Discovered.Passport",
"id": "8",
"source": "curated"
}
],
"auditPayload": {
"type": "SDDClassifierUpdatedAuditPayload",
"version": 1,
"classifierId": "68",
"name": "Email identifier",
"displayName": "A really cool new identifier updated",
"config": {
"tags": [
{
"type": "TAG",
"name": "Discovered.Passport",
"id": "8",
"source": "curated"
}
],
"columnNameRegex": "^[A-Z_0-9]+$"
}
},
"eventTimestamp": "2024-03-08T19:07:57.304Z",
"receivedTimestamp": "2024-03-08T19:07:57.409Z"
}{
"actor": {
"id": "[email protected]",
"profileId": "1",
"name": "Taylor Smith",
"identityProvider": "bim",
"type": "USER_ACTOR"
},
"actionStatus": "SUCCESS",
"targetType": "SUBSCRIPTION",
"tenantId": "your-immuta-tenant.com",
"action": "CREATE",
"relatedResources": [
{
"id": "9",
"name": "Public case",
"type": "DATASOURCE",
"technology": "SNOWFLAKE"
},
{
"type": "USER",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1",
"id": "[email protected]"
}
],
"targets": [
{
"subscriber": {
"type": "USER",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"id": "[email protected]"
},
"model": {
"id": "9",
"type": "DATASOURCE",
"technology": "SNOWFLAKE",
"name": "Public case"
},
"id": "13",
"type": "SUBSCRIPTION",
"name": "13"
}
],
"auditPayload": {
"modelType": "DATASOURCE",
"subscriberId": "1",
"subscriberType": "USER",
"modelId": "9",
"role": "OWNER",
"isEntitlementsPolicyOverride": false,
"type": "SubscriptionCreatedAuditPayload",
"status": "APPROVED"
},
"receivedTimestamp": "2023-04-14T16:48:21.198Z",
"eventTimestamp": "2023-04-14T16:48:21.159Z",
"id": "1a0f362a-f1fd-417e-85c6-0fa7751a887e"
}{
"sessionId": "d8f9584665be06ae1a8e3b881c2eb635",
"targetType": "SUBSCRIPTION",
"actionStatus": "SUCCESS",
"actorIp": "xxx.xx.xx.xx",
"receivedTimestamp": "2023-04-28T17:25:15.268Z",
"requestId": "495a22d6-bea0-5758-a8a3-7f5cc3d7b8d6",
"id": "b6d2108e-fe93-4f05-a347-cb84c51fa528",
"actor": {
"id": "[email protected]",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "1",
"type": "USER_ACTOR"
},
"action": "DELETE",
"tenantId": "your-immuta-tenant.com",
"auditPayload": {
"subscriptionId": "28",
"subscriberType": "USER",
"subscriberId": "20",
"modelType": "DATASOURCE",
"type": "SubscriptionDeletedAuditPayload",
"modelId": "15",
"denialReason": "Subscription policy removed"
},
"targets": [
{
"type": "SUBSCRIPTION",
"name": "28",
"subscriber": {
"id": "[email protected]",
"type": "USER",
"identityProvider": "bim",
"name": "Taylor Smith",
"profileId": "20"
},
"model": {
"id": "15",
"name": "Public case",
"technology": "DATABRICKS",
"type": "DATASOURCE"
},
"id": "28"
}
],
"relatedResources": [
{
"type": "DATASOURCE",
"technology": "DATABRICKS",
"name": "Public case",
"id": "15"
},
{
"id": "[email protected]",
"type": "USER",
"profileId": "20",
"name": "Taylor Smith",
"identityProvider": "bim"
}
],
"eventTimestamp": "2023-04-28T17:25:14.837Z"
}{
"id": "f6162acd-f66c-4316-8e55-92bc89f03ab0",
"sessionId": "17c01a6d5413eadaa831a1ccec2ce823",
"requestId": "201d39f9-44b2-5346-bd0b-ef587651e2ce",
"action": "SUBSCRIPTION_REQUEST_APPROVE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "SUBSCRIPTION",
"targets": [
{
"type": "SUBSCRIPTION",
"id": "10",
"name": "10",
"model": {
"type": "DATASOURCE",
"id": "8",
"name": "Public case",
"technology": "STARBURST_TRINO"
},
"subscriber": {
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "13",
"type": "USER"
}
}
],
"relatedResources": [
{
"type": "DATASOURCE",
"id": "8",
"name": "Public case",
"technology": "STARBURST_TRINO"
},
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "13",
"type": "USER"
}
],
"auditPayload": {
"type": "SubscriptionRequestApprovedAuditPayload",
"version": 1,
"subscriptionId": "10",
"status": "APPROVED",
"approverPermissions": ["OWNER"]
},
"eventTimestamp": "2024-03-08T15:53:54.800Z",
"receivedTimestamp": "2024-03-08T15:53:54.922Z"
}{
"targets": [
{
"type": "SUBSCRIPTION",
"name": "127",
"subscriber": {
"profileId": "13",
"identityProvider": "bim",
"name": "Deepu Murty",
"type": "USER",
"id": "[email protected]"
},
"model": {
"id": "1",
"projectKey": "HR",
"name": "HR",
"type": "PROJECT"
},
"id": "127"
}
],
"relatedResources": [
{
"id": "1",
"type": "PROJECT",
"name": "HR",
"projectKey": "HR"
},
{
"profileId": "13",
"identityProvider": "bim",
"name": "Deepu Murty",
"type": "USER",
"id": "[email protected]"
}
],
"auditPayload": {
"subscriberId": "13",
"subscriberType": "USER",
"subscriptionId": "127",
"modelType": "PROJECT",
"type": "SubscriptionRequestDeniedAuditPayload",
"modelId": "1",
"denialReason": "Not part of the appropriate department",
"version": 1,
"approverPermissions": ["OWNER"]
},
"eventTimestamp": "2024-02-23T19:53:09.004Z",
"actor": {
"type": "USER_ACTOR",
"profileId": "1",
"identityProvider": "bim",
"name": "Taylor Smith",
"id": "[email protected]"
},
"tenantId": "your-immuta-tenant.com",
"action": "SUBSCRIPTION_REQUEST_DENY",
"requestId": "fcaf22c8-82ad-58d6-9443-ade4863ee11e",
"receivedTimestamp": "2024-02-23T19:53:09.153Z",
"id": "a3ed191a-6e8b-4429-a596-cbe1263695c8",
"sessionId": "9040b6cf4b2368534dab8735038453c7",
"targetType": "SUBSCRIPTION",
"actionStatus": "SUCCESS",
"actorIp": "xxx.xx.xx.xx"
}{
"auditPayload": {
"status": "PENDING",
"version": 1,
"modelId": "75",
"type": "SubscriptionRequestedAuditPayload",
"modelType": "DATASOURCE",
"subscriberType": "USER",
"subscriberId": "13",
"subscriptionId": "126"
},
"targets": [
{
"name": "Public case",
"technology": "POSTGRESQL",
"type": "DATASOURCE",
"id": "75"
}
],
"relatedResources": [
{
"id": "126",
"subscriber": {
"type": "USER",
"name": "Deepu Murty",
"identityProvider": "bim",
"profileId": "13",
"id": "[email protected]"
},
"model": {
"id": "75",
"name": "Public case",
"type": "DATASOURCE",
"technology": "POSTGRESQL"
},
"name": "126",
"type": "SUBSCRIPTION"
},
{
"type": "USER",
"profileId": "13",
"identityProvider": "bim",
"name": "Deepu Murty",
"id": "[email protected]"
}
],
"eventTimestamp": "2024-02-23T19:51:24.669Z",
"actor": {
"type": "USER_ACTOR",
"profileId": "13",
"name": "Deepu Murty",
"identityProvider": "bim",
"id": "[email protected]"
},
"action": "SUBSCRIPTION_REQUESTED",
"tenantId": "your-immuta-tenant.com",
"receivedTimestamp": "2024-02-23T19:51:24.810Z",
"requestId": "e1de955f-b233-5d37-a964-d5851b769dd4",
"id": "8bd099da-2082-4447-aa9f-961319593a4c",
"sessionId": "6ba328eafcbf736223a47b5ef3662f34",
"targetType": "DATASOURCE",
"actionStatus": "SUCCESS",
"actorIp": "xxx.xx.xx.xx"
}{
"actor": {
"type": "USER_ACTOR",
"profileId": "1",
"identityProvider": "bim",
"name": "Taylor Smith",
"id": "[email protected]"
},
"tenantId": "your-immuta-tenant.com",
"action": "UPDATE",
"relatedResources": [
{
"name": "Public case",
"type": "DATASOURCE",
"technology": "DATABRICKS",
"id": "17"
},
{
"name": "Deepu Murty",
"identityProvider": "bim",
"profileId": "999111223",
"type": "USER",
"id": "[email protected]"
}
],
"targets": [
{
"subscriber": {
"name": "Deepu Murty",
"identityProvider": "bim",
"profileId": "999111223",
"type": "USER",
"id": "[email protected]"
},
"model": {
"name": "Public case",
"technology": "DATABRICKS",
"type": "DATASOURCE",
"id": "17"
},
"id": "64",
"type": "SUBSCRIPTION",
"name": "64"
}
],
"auditPayload": {
"subscriptionId": "64",
"role": "OWNER",
"version": 1,
"type": "SubscriptionUpdatedAuditPayload"
},
"eventTimestamp": "2023-05-16T20:24:04.360Z",
"actionStatus": "SUCCESS",
"targetType": "SUBSCRIPTION",
"sessionId": "8c81a018617a6aa8501597dd2c57c9c6",
"actorIp": "xxx.xx.xx.xx",
"requestId": "b7a717f9-7187-5889-a715-2f00ab63b160",
"receivedTimestamp": "2023-05-16T20:24:04.475Z",
"id": "24f5184c-ee43-40d4-8606-7dabcfb9ce23"
}{
"id": "b10a0dd9-1a09-4e93-a6cd-0cd232a275a0",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "e45f1d89-69cf-5ae6-b33a-fbc94b147d7a",
"action": "TAG_APPLY",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "27",
"name": "Public case",
"technology": "POSTGRESQL"
}
],
"relatedResources": [
{
"type": "TAG",
"name": "Discovered",
"id": "451",
"source": "curated",
"context": "manual"
}
],
"auditPayload": {
"type": "TagAppliedAuditPayload",
"version": 1,
"appliedTags": [
{
"targetName": "Public case",
"targetType": "DATASOURCE",
"tags": [
{
"type": "TAG",
"name": "Discovered",
"id": "451",
"source": "curated",
"context": "manual"
}
]
}
]
},
"eventTimestamp": "2024-02-22T14:39:01.342Z",
"receivedTimestamp": "2024-02-22T14:39:01.514Z"
}{
"id": "7605ac37-fa98-4cf8-a736-cbed84af2d6c",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "3a32672b-5b26-5e4b-914e-bb7217d02e43",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "TAG",
"targets": [
{
"type": "TAG",
"name": "First name",
"id": "452",
"source": "curated"
}
],
"relatedResources": [],
"auditPayload": {
"type": "TagCreatedAuditPayload",
"version": 1,
"tags": [
{
"id": "452",
"name": "First name",
"source": "curated",
"type": "TAG"
}
]
},
"eventTimestamp": "2024-02-22T14:39:50.845Z",
"receivedTimestamp": "2024-02-22T14:39:50.918Z"
}{
"id": "5e2e04df-0abb-4af9-bed6-a0b037777732",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "de982c4f-ec8c-56e6-9d20-34fdcc2114f4",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx,"
"tenantId": "your-immuta-tenant.com",
"targetType": "TAG",
"targets": [
{
"type": "TAG",
"name": "Last name",
"id": "452",
"source": "curated"
}
],
"relatedResources": [],
"auditPayload": {
"type": "TagDeletedAuditPayload",
"version": 1,
"name": "Last name",
"deleteHierarchy": false,
"tags": [
{
"id": "452",
"name": "Last name",
"source": "curated",
"type": "TAG"
}
]
},
"eventTimestamp": "2024-02-22T14:44:50.986Z",
"receivedTimestamp": "2024-02-22T14:44:51.067Z"
}{
"id": "5a090fe2-382e-4e80-8b95-a9ed243da8f4",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "509c475c-d00c-5895-af79-87563ed090ce",
"action": "TAG_REMOVE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
{
"type": "DATASOURCE",
"id": "27",
"name": "Public case",
"technology": "POSTGRESQL"
}
],
"relatedResources": [
{
"type": "TAG",
"name": "Discovered",
"id": "1",
"source": "curated"
}
],
"auditPayload": {
"type": "TagRemovedAuditPayload",
"version": 1,
"removedTags": [
{
"targetName": "Public case",
"targetType": "DATASOURCE",
"tags": [
{
"type": "TAG",
"name": "Discovered",
"id": "1",
"source": "curated"
}
]
}
]
},
"eventTimestamp": "2024-02-22T14:44:29.943Z",
"receivedTimestamp": "2024-02-22T14:44:30.077Z"
}{
"id": "cdc9d4f5-f960-487c-a5cf-22059492a806",
"sessionId": "0fcaaf9c074330b4b875746c2e52739c",
"requestId": "0a8e084f-354f-51b0-998d-e5aa0455b223",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "TAG",
"targets": [
{
"type": "TAG",
"name": "TestTagUpdate",
"id": "452",
"source": "curated"
}
],
"relatedResources": [],
"auditPayload": {
"type": "TagUpdatedAuditPayload",
"version": 1,
"rootTag": "First_name",
"deleteHierarchy": false,
"tags": [
{
"id": "452",
"name": "First name",
"source": "curated",
"type": "TAG"
}
]
},
"eventTimestamp": "2024-02-22T14:40:08.449Z",
"receivedTimestamp": "2024-02-22T14:40:08.563Z"
}{
"requestId": "0aaf4825-f245-582a-935d-312b15adbf3e",
"auditPayload": {
"type": "UserAuthenticatedAuditPayload",
"authenticationMethod": "apiKey"
},
"action": "AUTHENTICATE",
"actor": {
"id": "postgres_system",
"name": "Immuta System Account",
"type": "SYSTEM_ACCOUNT"
},
"targetType": "USER",
"relatedResources": [],
"eventTimestamp": "2023-03-03T01:47:36.225Z",
"actionStatus": "SUCCESS",
"receivedTimestamp": "2023-03-03T01:47:36.319Z",
"tenantId": "your-immuta-tenant.com",
"targets": [],
"actorIp": "xxx.xx.xx.xx",
"id": "5683bb3d-226a-4140-b3d9-2c3db22cf1fb",
"sessionId": "73396d16b9330d28a68dbf171948ace3"
}{
"id": "8f64a4e9-cfae-4166-94a0-3899d6d6fbf5",
"sessionId": "efb381c4e05844332a87ae265c3225dc",
"requestId": "243bf98c-bb2e-58b7-8842-1d997137cccb",
"action": "CLONE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Clone of [email protected] (awaiting first login)",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111236",
"type": "USER"
},
{
"name": "Clone of [email protected] (awaiting first login)",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111237",
"type": "USER"
}
],
"relatedResources": [
{
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111228",
"type": "USER"
}
],
"auditPayload": {
"type": "UserClonedAuditPayload",
"version": 1,
"failedUserIds": [],
"newUserIds": ["[email protected]", "[email protected]"],
"clonedUserId": "[email protected]",
"clonedUserIamProvider": "bim"
},
"eventTimestamp": "2024-01-05T19:07:29.141Z",
"receivedTimestamp": "2024-01-05T19:07:29.364Z"
}{
"id": "f6d2443e-1a08-4e38-8a4b-ec938334e217",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Immuta System Account",
"id": "immuta_system_account",
"type": "SYSTEM_ACCOUNT"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "okta",
"profileId": "999111251",
"type": "USER"
}
],
"relatedResources": [],
"auditPayload": {
"type": "UserCreatedAuditPayload",
"version": 1,
"name": "Deepu Murty",
"email": "[email protected]"
},
"eventTimestamp": "2024-02-01T13:16:26.541Z",
"receivedTimestamp": "2024-02-01T13:16:26.564Z"
}{
"id": "5e359dbf-414e-4bc2-90fe-66534d728a02",
"sessionId": "fc63e473565c823682f2b1a517c71355",
"requestId": "610ff95c-dfc1-5ac0-a1a7-07a065c13c48",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [],
"relatedResources": [],
"auditPayload": {
"type": "UserDeletedAuditPayload",
"version": 1,
"userId": "[email protected]",
"userIdProvider": "okta"
},
"eventTimestamp": "2024-01-31T15:41:25.000Z",
"receivedTimestamp": "2024-01-31T15:41:27.150Z"
}{
"sessionId": "0d8de090f542620a09cc0bf2cd103371",
"id": "bd7713b7-a40a-4905-a5cf-68df2ed10c58",
"actionStatusReason": null,
"actorIp": "xxx.xx.xx.xx",
"targets": [
{
"name": "Taylor Smith",
"id": "[email protected]",
"profileId": "1",
"type": "USER",
"identityProvider": "bim"
}
],
"tenantId": "your-immuta-tenant.com",
"receivedTimestamp": "2024-02-08T15:51:54.660Z",
"actionStatus": "SUCCESS",
"relatedResources": [],
"eventTimestamp": "2022-07-28T03:52:03.790Z",
"targetType": "USER",
"actor": {
"type": "USER_ACTOR",
"identityProvider": "bim",
"name": "Taylor Smith",
"id": "[email protected]",
"profileId": "1"
},
"action": "LOGOUT",
"auditPayload": {
"logoutReason": "EXPIRATION",
"authenticationMethod": "password",
"impersonatedId": "[email protected]",
"impersonatedIdProvider": "bim",
"type": "UserLogoutAuditPayload",
"version": 1
},
"requestId": "myRequestId"
}{
"id": "8ddf5e1e-637f-444b-9575-7ef0cd135136",
"sessionId": "aadf12cfbd5af292da1075f83b97716d",
"requestId": "76b6cc50-532f-5bfc-8d71-f19befd0e93e",
"action": "NEW_TOKEN",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "999111235",
"type": "USER"
}
],
"relatedResources": [],
"auditPayload": {
"type": "UserOneTimeTokenCreatedAuditPayload",
"version": 1
},
"eventTimestamp": "2024-01-22T19:57:56.319Z",
"receivedTimestamp": "2024-01-22T19:57:56.394Z"
}{
"actor": {
"type": "USER_ACTOR",
"id": "[email protected]",
"name": "Taylor Smith",
"identityProvider": "bim",
"profileId": "1"
},
"sessionId": "8aa5dfb94afa9bde135f6208f5290ca1",
"requestId": "77e80707-f5c8-5238-bf70-bd71c81200e8",
"actionStatus": "SUCCESS",
"actorIp": "xxx.xx.xx.xx",
"eventTimestamp": "2023-12-22T21:27:51.255Z",
"id": "bd6b42e9-61c1-4ea0-a19a-ec38163a85a2",
"tenantId": "your-immuta-tenant.com",
"targets": [
{
"type": "USER",
"id": "[email protected]",
"name": "Deepu Murty",
"identityProvider": "bim",
"profileId": "999111226"
}
],
"action": "PASSWORD_UPDATE",
"auditPayload": {
"type": "UserPasswordUpdatedAuditPayload",
"version": 1
},
"targetType": "USER",
"relatedResources": [],
"receivedTimestamp": "2023-12-22T21:27:51.394Z"
}{
"id": "94179969-7dae-4b1c-a14f-de80573f841a",
"sessionId": "b2b2ab5eabaac606e171fdcc3a042c32",
"requestId": "d3b7e572-8c5f-535d-be51-3715fa181160",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
"name": "Taylor Smith",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "1",
"type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "USER",
"targets": [
{
"name": "Deepu Murty",
"id": "[email protected]",
"identityProvider": "bim",
"profileId": "6",
"type": "USER"
}
],
"relatedResources": [],
"auditPayload": {
"type": "UserUpdatedAuditPayload",
"version": 1,
"userId": "[email protected]",
"userIdProvider": "bim",
"externalUserIds": [],
"disabled": false
},
"eventTimestamp": "2024-02-08T15:46:25.949Z",
"receivedTimestamp": "2024-02-08T15:46:26.167Z"
}{
"targets": [
{
"name": "ProjectCreateMonitorHook",
"type": "WEBHOOK",
"id": "12"
}
],
"actionStatus": "SUCCESS",
"receivedTimestamp": "2023-10-19T14:15:38.160Z",
"actorIp": "xxx.xx.xx.xx",
"id": "5faed0d0-ff64-4c86-87eb-193c04d6e5f2",
"auditPayload": {
"type": "WebhookCreatedAuditPayload",
"version": 1,
"webhooks": [
{
"id": "12",
"name": "ProjectCreateMonitorHook",
"actionType": "TRIGGERED",
"global": false,
"url": "https://hooks.slack.com/triggers/your-id",
"notificationType": [
"projectUpdated"
]
}
]
},
"requestId": "6cfccb1c-e828-5b4b-a971-e7a02bb0aea7",
"relatedResources": [],
"action": "CREATE",
"tenantId": "your-immuta-tenant.com",
"targetType": "WEBHOOK",
"actor": {
"identityProvider": "bim",
"name": "Taylor Smith",
"type": "USER_ACTOR",
"profileId": "1",
"id": "[email protected]"
},
"eventTimestamp": "2023-10-19T14:15:38.074Z",
"sessionId": "f29b217886b7c5fd0efee59d5f53b866"
}{
"id": "0f89c84c-ce64-49e7-a08e-8cac34b5b820",
"actorIp": "xxx.xx.xx.xx",
"auditPayload": {
"name": "ProjectCreateMonitorHook",
"webhookId": "12",
"type": "WebhookDeletedAuditPayload",
"version": 1
},
"targets": [
{
"id": "12",
"name": "ProjectCreateMonitorHook",
"type": "WEBHOOK"
}
],
"actionStatus": "SUCCESS",
"receivedTimestamp": "2023-10-19T14:20:50.152Z",
"tenantId": "your-immuta-tenant.com",
"targetType": "WEBHOOK",
"actor": {
"id": "[email protected]",
"profileId": "1",
"type": "USER_ACTOR",
"name": "Taylor Smith",
"identityProvider": "bim"
},
"sessionId": "302c4af6b147b6bfe8bed550030f6594",
"eventTimestamp": "2023-10-19T14:20:50.077Z",
"requestId": "ffe61b45-cb8b-5a96-83cb-5d366c735558",
"action": "DELETE",
"relatedResources": []
}USER_LOGOUT_TRIGGERED: The user manually logged out.GroupUpdated: A group's details (email, name, description, etc.) are updated.
ProjectPurposeDenied: A purpose is denied within a project.
ProjectPurposesAcknowledged: A user acknowledged a purpose within a project.
ProjectUpdated: A project is updated.
SubscriptionRequested: A user requests to subscribe to a data source or project.
SubscriptionUpdated: A user's subscription to a data source or project is updated.
TagUpdated: A tag is updated.
UserLogout: A user logs out of Immuta.
UserOneTimeTokenCreated: A sign-in token is created for a user.
UserPasswordUpdated: A user's password is updated.
UserUpdated: A user's details are updated.