Configuring SQL Audit
Description
This API is used to configure a policy for SQL audit logs.
Constraints
This operation cannot be performed on frozen or abnormal instances.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
dds:instance:setAuditLogPolicy
permission_management
instance
dds:instance:modifyAuditLogSwitch
-
URI
|
Name |
Mandatory |
Type |
IN |
Description |
|---|---|---|---|---|
|
project_id |
Yes |
string |
path |
Definition Project ID of a tenant in a region. To obtain the project ID, see Obtaining a Project ID. Constraints N/A Range N/A Default Value N/A |
|
instance_id |
Yes |
string |
path |
Definition Instance ID, which can be obtained by calling the API described in Querying Instances and Details. If you do not have an instance, call the API described in Creating a DB Instance to create one. Constraints N/A Range N/A Default Value N/A |
Request
|
Name |
Mandatory |
Type |
IN |
Description |
|---|---|---|---|---|
|
X-Auth-Token |
Yes |
string |
header |
Definition User token obtained from IAM. For details, see Authentication. Constraints N/A Range N/A Default Value N/A |
|
Name |
Type |
Mandatory |
Description |
|---|---|---|---|
|
keep_days |
Integer |
Yes |
The number of days for storing audit logs. The value can be 0 or ranges from 7 to 732.
|
|
reserve_auditlogs |
String |
No |
This parameter is valid only when SQL audit is disabled.
|
|
audit_scope |
String |
No |
This parameter is valid only when the audit log policy is enabled. If this parameter is left blank or set to all, all audit log policies are enabled by default. Audit scope: Enter the database or collection name. Use commas (,) to separate multiple databases or collections. If the name contains a comma (,), add a dollar sign ($) before the comma to distinguish it from the separators. Enter a maximum of 1024 characters. The value cannot contain spaces or the following special characters "[]{}():? The dollar sign ($) can be used only in escape mode. |
|
audit_types |
Array of strings |
No |
This parameter is valid only when the audit log policy is enabled. If this parameter is left blank, all audit log policies are enabled by default. Specifies the audit type. The value is auth, insert, delete, update, query, or command. |
Example Request
- Enabling or updating SQL Audit, setting the retention period to 7 days, and setting audit_scope to all
{ "keep_days": 7, "audit_scope": "all", "audit_types": [ "insert" ] } - Disabling SQL Audit and deleting existing historical audit logs
{ "keep_days": 0, "reserve_auditlogs": false }
Response
Example Response
{}
SDK
Click Document Database Service DDS SDK to download the SDK or view the SDK document. To learn how to install and authenticate an SDK, read the Usage section.
Status Code
For more information, see Status Code.
Error Code
For more information, see Error Code.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
