This topic describes the overview, scenarios, scope, and event fields of audit logs.

Overview

MaxCompute records all user behavior, and pushes user behavior logs to ActionTrail in real time by using the Alibaba Cloud ActionTrail service.

In the ActionTrail console, you can view and retrieve user behavior logs, and deliver logs to your Log Service project or a specified Object Storage Service (OSS) bucket. This way, you can perform real-time log audit and problem backtracking.**

Scenarios

MaxCompute delivers operations logs to ActionTrail in real time. You can perform the following operations in the ActionTrail console:
  • Query historical events and their detailed information

    On the History Search page in the ActionTrail console, query historical events of various services, such as MaxCompute. For more information, see Procedure.

  • Analyze events in real time

    On the Trails page in the ActionTrail console, deliver events to an OSS bucket for archiving and analysis. You can also deliver events to your Alibaba Cloud Log Service project for real-time log analysis based on events, for example, log analysis triggered by alerts that are generated in the case of unauthorized access to sensitive data. For more information, see Create a single-account trail.

Scope

ActionTrail audits operations logs on the events that are related to instances, tables, users, roles, and privileges, as described in the following table.
Event type Event name Event description
JobEvent InsertJob A MaxCompute job is submitted.
JobChange The status of a MaxCompute job is changed, for example, a job succeeds or is terminated.
TunnelEvent DownloadTable Data is downloaded from a table by using Tunnel commands.
UploadTable Data is uploaded to a table by using Tunnel commands.
InstanceTunnel The execution result of an instance is downloaded. For example, this event is triggered when you execute a SELECT statement for data queries.
RoleEvent CreateRole A role is created.
DropRole A role is deleted.
UserEvent AddUser A user is added.
RemoveUser A user is removed.
TableEvent CreateTable A table is created.
ChangeTable The schema of a table is modified. For example, this event is triggered when you run the ALTER TABLE command to modify the schema of a table.
DropTable A table is deleted.
DescribeTable The schema of a table is queried by executing the DESC TABLE statement.
ReadTableData Data is read from a table.
ChangeTableData Table data is modified. For example, this event is triggered when you execute statements, including INSERT INTO, INSERT OVERWRITE, and TRUNCATE, or when you import table data by using Tunnel commands.
PrivilegeEvent GrantRole Role-based privileges are granted.
RevokeRole Role-based privileges are revoked.
GrantACL ACL-based privileges are granted.
RevokeACL ACL-based privileges are revoked.
GrantLabel Label-based privileges are granted.
RevokeLabel Label-based privileges are revoked.
PutRolePolicy A policy that is embedded in a MaxCompute role is added.
SetProjectPolicy A policy is configured for a project.
SetTableLabel A label is configured for a column in a table.
SetUserLabel A label is configured for a user.
AdminEvent CreateProject A MaxCompute project is created.
UpdateProject A MaxCompute project is updated.
DeleteProject A MaxCompute project is deleted.

Event fields

Fields are provided to record specific actions for different types of events. You can view and analyze the fields for log audit. The following table describes the common fields included in events.
Field Description Example
eventId The globally unique identifier (GUID) that ActionTrail generates for each event. 918510a4-7b63-47d2-b053-8f9db82c431a
acsRegion The ID of the region where the event log was recorded. cn-hangzhou
eventName The name of the event. InsertJob
eventTime The time when the event occurred, in UTC. 2020-01-09T12:12:14Z
eventType The type of the event. JobEvent
errorCode The error code reported when an error occurs. ODPS-10000
errorMessage The error description. ODPS-0130161:[1,18] Parse exception - invalid token 'bigstring'
requestId The ID of the API request. 6df41e8c-cfd0-4beb-8dd0-13b8490fdf5b
serviceName The name of the Alibaba Cloud service to which the event log belongs. MaxCompute
sourceIpAddress The source IP address of the API request. 192.0.2.1
userAgent The user agent that sends the API request. JavaSDK Revision:992f8d1 Version:0.35.9 JavaVersion:1.8.0_242 CLT(0.35.3 : a2af3f4); Mac OS X(127.0.0.1/ali-4c32758ab657)
userIdentity The identity information about the requester. The information includes the accountId, principalId, type, and userName parameters. "userIdentity": { // The identity information of the requester"accountId": "1965501548481", // The ID of the Alibaba Cloud account"principalId": "100951746285", // The type of the current requester"type": "root-account", // The ID of the Alibaba Cloud account"userName": "root" }
referencedResources The resources involved in an event, such as InstanceId in JobEvent and TableName in TableEvent. The field is unique for each event. "referencedResources": { // The resources affected by the event"Instance": ["2020102713575683gc2je4pr"] }
additionalEventData The additional information that is specific to events, such as the job status and query statements. The field is unique for each event. "additionalEventData": { "Status": "Failed", "ProjectName": "test_audit", "TaskName": "console_query_task_1603807075919", "InstanceId": "2020102713575683gc2je4pr2", "TaskType": "SQL", "OperationText": "create table a(a bigstring);" }

JobEvent

  • InsertJob
    Field Description Example
    referencedResources The ID of the job involved in an InsertJob event.
    "referencedResources": { // The resources affected by the event
        "Instance": ["2020102713575683gc2je4pr2" ]
     }
    additionalEventData The additional information about an InsertJob event. The additional information includes the following parameters:
    • ProjectName: the name of the project to which the job belongs.
    • TaskName: the name of the task to which the job belongs.
    • InstanceId: the ID of the job.
    • TaskType: the type of the job. Valid values: SQL, LOT, and CUPID.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "ProjectName": "meta",
       "TaskName": "console_query_task_1603807075919",
       "InstanceId": "2020102713575683gc2je4pr2",
       "TaskType": "SQL",
       "OperationText": "create table a(a string);"
     }
  • JobChange
    Field Description Example
    referencedResources The ID of the job involved in a JobChange event.
    "referencedResources": { // The resources affected by the event
        "Instance": ["2020102713575683gc2je4pr2" ]
     }
    additionalEventData The additional information about a JobChange event. The additional information includes the following parameters:
    • Status: the status of the job.
    • ProjectName: the name of the project to which the job belongs.
    • TaskName: the name of the task to which the job belongs.
    • InstanceId: the ID of the job.
    • TaskType: the type of the job. Valid values: SQL, LOT, and CUPID.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "Status": "Failed",
       "ProjectName": "meta",
       "TaskName": "console_query_task_1603807075919",
       "InstanceId": "2020102713575683gc2je4pr2",
       "TaskType": "SQL",
       "OperationText": "create table a(a string);"
     }

TunnelEvent

  • DownloadTable
    Field Description Example
    referencedResources The name of the table involved in a DownloadTable event.
    "referencedResources": { // The resources affected by the event
        "Table": [
         "source_xml_instid_flt_2"
       ]
     }
    additionalEventData The additional information about a DownloadTable event. The additional information includes the following parameters:
    • TableName: the name of the table.
    • Partition: the partition information.
    • CurrentProject: the name of the project in which the download operation is initiated.
    • ProjectName: the name of the project to which the downloaded table belongs.
    • SesssionId: the ID of the tunnel session.
    "additionalEventData": {
       "TableName": "source_xml_instid_flt_2",
       "Partition": "projectname=inst_200233,ds=20201027",
       "CurrentProject": "project1",
       "ProjectName": "project2",
       "SesssionId": "20201027200931a3baca0b037518a7"
     }
  • UploadTable
    Field Description Example
    referencedResources The name of the table involved in an UploadTable event.
    "referencedResources": { // The resources affected by the event
        "Table": [
         "source_xml_instid_flt_2"
       ]
     }
    additionalEventData The additional information about an UploadTable event. The additional information includes the following parameters:
    • TableName: the name of the table.
    • Partition: the partition information.
    • ProjectName: the name of the project to which the uploaded table belongs.
    • SesssionId: the ID of the tunnel session.
    "additionalEventData": {
       "TableName": "m_rt_privilege_event",
       "Partition": "ds=20201027,hh=22,mm=00",
       "ProjectName": "meta2",
       "SesssionId": "202010272209332231f60b08182dfb"
     }
  • InstanceTunnel
    Field Description Example
    referencedResources The ID of the job involved in an InstanceTunnel event.
    "referencedResources": { // The resources affected by the event
        "Instance": [
     "20201027080131990gf238rsa"]
     }
    additionalEventData The additional information about an InstanceTunnel event. The additional information includes the following parameters:
    • CurrentProject: the name of the project in which the instance download operation is initiated.
    • ProjectName: the name of the project to which the downloaded instance belongs.
    • InstanceId: the ID of the instance.
    • SesssionId: the ID of the tunnel session.
    "additionalEventData": {
       "CurrentProject": "meta",
       "ProjectName": "meta",
       "InstanceId": "20201027080131990gf238rsa",
       "SesssionId": "2020102716014017c4ca0b036850f6"
     }

RoleEvent

  • CreateRole
    Field Description Example
    referencedResources The name of the role involved in a CreateRole event.
    "referencedResources": { // The resources affected by the event
        "Role": [
        "test1"
       ]
     }
    additionalEventData The additional information about a CreateRole event. The additional information includes the following parameters:
    • RoleName: the name of the role that you created.
    • CurrentProject: the name of the project in which the role creation operation is initiated.
    • ProjectName: the name of the project to which the role belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "RoleName": "test1",
       "CurrentProject": "meta_dev",
       "ProjectName": "dev1",
       "OperationText": "create role test1;"
     }
  • DropRole
    Field Description Example
    referencedResources The name of the role involved in a DropRole event.
    "referencedResources": { // The resources affected by the event
        "Role": [
        "test1"
       ]
     }
    additionalEventData The additional information about a DropRole event. The additional information includes the following parameters:
    • RoleName: the name of the role that you deleted.
    • CurrentProject: the name of the project in which the role deletion operation is initiated.
    • ProjectName: the name of the project to which the role belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "RoleName": "test1",
       "CurrentProject": "meta_dev",
       "ProjectName": "dev1",
       "OperationText": "drop role test1;"
     }

UserEvent

  • AddUser
    Field Description Example
    referencedResources The name of the user involved in an AddUser event.
    "referencedResources": { // The resources affected by the event
        "User": [
        "ram$xxxx@aliyun.com:sub"
       ]
     }
    additionalEventData The additional information about an AddUser event. The additional information includes the following parameters:
    • UserName: the name of the user that you added.
    • ProjectName: the name of the project to which the user belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "UserName": "ram$xxxx@aliyun.com:sub",
       "ProjectName": "project1",
       "OperationText": "add user RAM$xxxx@aliyun.com:sub;"
     }
  • RemoveUser
    Field Description Example
    referencedResources The name of the user involved in a RemoveUser event.
    "referencedResources": { // The resources affected by the event
        "User": [
        "ram$xxxx@aliyun.com:sub"
       ]
     }
    additionalEventData The additional information about a RemoveUser event. The additional information includes the following parameters:
    • UserName: the name of the user that you removed.
    • ProjectName: the name of the project to which the user belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "UserName": "ram$xxxx@aliyun.com:sub",
       "ProjectName": "project1",
       "OperationText": "remove user RAM$xxxx@aliyun.com:sub;"
     }

TableEvent

  • CreateTable
    Field Description Example
    referencedResources The name of the table involved in a CreateTable event.
    "referencedResources": { // The resources affected by the event
       "Table": [
       "ttt"
       ]
     }
    additionalEventData The additional information about a CreateTable event. The additional information includes the following parameters:
    • TableName: the name of the table that you created.
    • ProjectName: the name of the project to which the table belongs.
    • CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID.
    • Source: the source. Valid values: INSTANCE and TUNNEL.
    • OperationText: CREATE_TABLE.
    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "CREATE_TABLE"
     }
  • DropTable
    Field Description Example
    referencedResources The name of the table involved in a DropTable event.
    "referencedResources": { // The resources affected by the event
       "Table": [
       "ttt"
       ]
     }
    additionalEventData The additional information about a DropTable event. The additional information includes the following parameters:
    • TableName: the name of the table that you deleted.
    • ProjectName: the name of the project to which the table belongs.
    • CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID.
    • Source: the source. Valid values: INSTANCE and TUNNEL.
    • OperationText: This parameter can be set to DROP_TABLE or RECYCLE_TABLE. DROP_TABLE indicates that a user proactively deletes a table. RECYCLE_TABLE indicates that the system reclaims a table whose lifecycle ends.
    "additionalEventData": {
       "TableName": "hot_user_hs_top30",
       "ProjectName": "prj1",
       "CorrelationId": "20201023024002372giqvmv21",
       "Source": "INSTANCE",
       "OperationText": "DROP_TABLE"
     }
  • ChangeTable
    Field Description Example
    referencedResources The name of the table involved in a ChangeTable event.
    "referencedResources": { // The resources affected by the event
       "Table": [
       "ttt"
       ]
     }
    additionalEventData The additional information about a ChangeTable event. The additional information includes the following parameters:
    • TableName: the name of the table whose data you want to change.
    • ProjectName: the name of the project to which the table belongs.
    • CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID.
    • Source: the source. Valid values: INSTANCE and TUNNEL.
    • OperationText: ALTER_TABLE_RENAME, ADD_PARTITION, ALTER_TABLE_ADD_COLUMNS, ALTER_TABLE_CHANGE_LIFECYCLE, ALTER_TABLE_DROP_PARTITION, and ALTER_PARTITION.
    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "proj1",
       "CorrelationId": "20201028161651750g05e0tsa",
       "Source": "INSTANCE",
       "OperationText": "ADD_PARTITION"
     }
  • DescribeTable
    Field Description Example
    referencedResources The name of the table involved in a DescribeTable event.
    "referencedResources": { // The resources affected by the event
       "Table": [
       "ttt"
       ]
     }
    additionalEventData The additional information about a DescribeTable event. The additional information includes the following parameters:
    • TableName: the name of the table that you viewed.
    • ProjectName: the name of the project to which the table belongs.
    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "prj1",
     }
  • ChangeTableData
    Field Description Example
    referencedResources The name of the table involved in a ChangeTableData event.
    "referencedResources": { // The resources affected by the event
       "Table": [
       "ttt"
       ]
     }
    additionalEventData The additional information about a ChangeTableData event. The additional information includes the following parameters:
    • TableName: the name of the table whose data you want to change.
    • ProjectName: the name of the project to which the table belongs.
    • CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID.
    • Source: the source. Valid values: INSTANCE and TUNNEL.
    • OperationText: TRUNCATE_TABLE, INSERT_OVERWRITE_TABLE, INSERT_OVERWRITE_PARTITION, INSERT_PARTITION, or INSERT_TABLE.
    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "DATA_INGESTION"
    }
  • ReadTableData
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about a ReadTableData event. The additional information includes the following parameters:
    • TableName: the name of the table from which data is read.
    • ProjectName: the name of the project to which the table belongs.
    • CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID.
    • Source: the source. Valid values: INSTANCE and TUNNEL.
    • OperationText: READ_TABLE.
    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "READ_TABLE"
     }

PrivilegeEvent

  • GrantRole
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a GrantRole event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a GrantRole event. The additional information includes the following parameters:
    • UserName: the name of the Alibaba Cloud account to which role-based privileges are granted.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "grant test_role to  ALIYUN$xxx@aliyun.com"
     }
  • RevokeRole
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a RevokeRole event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a RevokeRole event. The additional information includes the following parameters:
    • UserName: the name of the Alibaba Cloud account from which role-based privileges are revoked.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "revoke test_role from ALIYUN$xxx@aliyun.com"
     }
  • GrantACL
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a GrantACL event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a GrantACL event. The additional information includes the following parameters:
    • ObjectType: the type of the object to which ACL-based privileges are granted. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.
    • CurrentProject: the name of the project in which the ACL-based privilege assignment is initiated.
    • UserName: the name of the Alibaba Cloud account to which ACL-based privileges are granted.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    • ObjectName: the name of the object to which label-based privileges are granted.
    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "grant createtable on project meta to  ALIYUN$xxx@aliyun.com;",
       "ObjectName": "meta"
    }
  • RevokeACL
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a RevokeACL event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a RevokeACL event. The additional information includes the following parameters:
    • ObjectType: the type of the object from which ACL-based privileges are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.
    • CurrentProject: the name of the project in which ACL-based privilege revocation is initiated.
    • UserName: the name of the Alibaba Cloud account from which ACL-based privileges are revoked.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    • ObjectName: the name of the object from which label-based privileges are revoked.
    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "project1",
       "OperationText": "revoke createtable on project project1 from  ALIYUN$xxx@aliyun.com;",
       "ObjectName": "project1"
    }
  • GrantLabel
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a GrantLabel event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a GrantLabel event. The additional information includes the following parameters:
    • ObjectType: the type of the object to which label-based privileges are granted. The value is set to TABLE.
    • UserName: the name of the Alibaba Cloud account to which label-based privileges are granted.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    • ObjectName: the name of the object to which label-based privileges are granted.
    "additionalEventData": {
       "ObjectType": "TABLE",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "GRANT LABEL 4 ON TABLE t1 TO USER ALIYUN$xxx@aliyun.com;",
       "ObjectName": "meta"
    }
  • RevokeLabel
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a RevokeLabel event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a RevokeLabel event. The additional information includes the following parameters:
    • ObjectType: the type of the object from which label-based privileges are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.
    • UserName: the name of the Alibaba Cloud account from which label-based privileges are revoked.
    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.
    • OperationText: the statement to be executed.
    • ObjectName: the name of the object from which label-based privileges are revoked.
    "additionalEventData": {
       "ObjectType": "TABLE",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "Revoke LABEL 4 ON TABLE t1 from USER ALIYUN$xxx@aliyun.com;",
       "ObjectName": "t1"
     }
  • PutRolePolicy
    Field Description Example
    referencedResources The name of the role involved in a PutRolePolicy event.
    "referencedResources": { // The resources affected by the event
       "Role": [
     "test1_role"
       ]
     }
    additionalEventData The additional information about a PutRolePolicy event. The additional information includes the following parameters:
    • RoleName: the name of the role.
    • CurrentProject: the name of the project in which the role-level policy operation is initiated.
    • ProjectName: the name of the project to which the role belongs.
    • OperationText: the content of the policy.
    "additionalEventData": {
       "RoleName": "test1_role",
       "CurrentProject": "meta_dev",
       "ProjectName": "meta_dev",
       "OperationText": "{\n    \"Statement\": [{\n            \"Action\": [\"odps:Read\",\n                \"odps:List\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1\"]},\n        {\n            \"Action\": [\"odps:Describe\",\n                \"odps:Select\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1/tables/m_*\"]}],\n    \"Version\": \"1\"}"
     }
  • SetProjectPolicy
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about a SetProjectPolicy event.

    CurrentProject: the name of the project in which the project-level policy operation is initiated.

    "additionalEventData": {
    "CurrentProject": "test_prj"}"
     }
  • SetTableLabel
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about a SetTableLabel event. The additional information includes the following parameters:
    • ObjectType: the type of the object. The value is set to TABLE.
    • OperationText: the statement to be executed.
    • ObjectName: the name of the object.
    "additionalEventData": {
       "ObjectType": "TABLE",
       "OperationText": "SET LABEL 3 TO TABLE t1test(col1);",
       "ObjectName": "t1test"
     }
  • SetUserLabel
    Field Description Example
    referencedResources The name of the Alibaba Cloud account involved in a SetUserLabel event.
    "referencedResources": { // The resources affected by the event
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }
    additionalEventData The additional information about a SetUserLabel event.

    UserName: the name of the Alibaba Cloud account that configures label-based privileges for users.

    "additionalEventData": {
       "UserName": "aliyun$xxxx@aliyun.com"
     }

AdminEvent

  • CreateProject
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about a CreateProject event.

    ProjectName: the name of the MaxCompute project that you created.

    "additionalEventData": { "ProjectName": "xxxx" }
  • UpdateProject
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about an UpdateProject event. The additional information includes the following parameters:
    • ProjectName: the name of the MaxCompute project that you updated.
    • Properties: the flag that you updated.
    • State: optional. The project status. Valid values: FROZEN and AVAILABLE.
    "additionalEventData": {
       "ProjectName": "xxx",
       "Properties": "{\"odps.sql.decimal.odps2\":\"true\",\"odps.sql.hive.compatible\":\"false\",\"odps.sql.type.system.odps2\":\"true\"}"
     }
  • DeleteProject
    Field Description Example
    referencedResources None None
    additionalEventData The additional information about a DeleteProject event.

    ProjectName: the name of the MaxCompute project that you deleted.

    "additionalEventData": { "ProjectName": "xxxx" }