Audit logs - Maintenance Management| Alibaba Cloud Documentation Center

Overview

MaxCompute records all user behavior, and pushes user behavior logs to ActionTrail in real time by using the Alibaba Cloud ActionTrail service.

In the ActionTrail console, you can view and retrieve user behavior logs, and deliver logs to your Log Service project or a specified Object Storage Service (OSS) bucket. This way, you can perform real-time log audit and problem backtracking.

Scenarios

MaxCompute delivers operations logs to ActionTrail in real time. You can perform the following operations in the ActionTrail console:

Query historical events and their detailed information
On the History Search page in the ActionTrail console, query historical events of various services, such as MaxCompute. For more information, see Procedure.
Analyze events in real time
On the Trails page in the ActionTrail console, deliver events to an OSS bucket for archiving and analysis. You can also deliver events to your Alibaba Cloud Log Service project for real-time log analysis based on events, for example, log analysis triggered by alerts that are generated in the case of unauthorized access to sensitive data. For more information, see Create a single-account trail.

Scope

ActionTrail audits operations logs on the events that are related to instances, tables, users, roles, and privileges, as described in the following table.


Event type	Event name	Event description
JobEvent	InsertJob	A MaxCompute job is submitted.
JobEvent	JobChange	The status of a MaxCompute job is changed, for example, a job succeeds or is terminated.
TunnelEvent	DownloadTable	Data is downloaded from a table by using Tunnel commands.
	UploadTable	Data is uploaded to a table by using Tunnel commands.
	InstanceTunnel	The execution result of an instance is downloaded. For example, this event is triggered when you execute a SELECT statement for data queries.
RoleEvent	CreateRole	A role is created.
RoleEvent	DropRole	A role is deleted.
UserEvent	AddUser	A user is added.
UserEvent	RemoveUser	A user is removed.
TableEvent	CreateTable	A table is created.
	ChangeTable	The schema of a table is modified. For example, this event is triggered when you run the ALTER TABLE command to modify the schema of a table.
	DropTable	A table is deleted.
	DescribeTable	The schema of a table is queried by executing the DESC TABLE statement.
	ReadTableData	Data is read from a table.
	ChangeTableData	Table data is modified. For example, this event is triggered when you execute statements, including INSERT INTO, INSERT OVERWRITE, and TRUNCATE, or when you import table data by using Tunnel commands.
PrivilegeEvent	GrantRole	Role-based privileges are granted.
	RevokeRole	Role-based privileges are revoked.
	GrantACL	ACL-based privileges are granted.
	RevokeACL	ACL-based privileges are revoked.
	GrantLabel	Label-based privileges are granted.
	RevokeLabel	Label-based privileges are revoked.
	PutRolePolicy	A policy that is embedded in a MaxCompute role is added.
	SetProjectPolicy	A policy is configured for a project.
	SetTableLabel	A label is configured for a column in a table.
	SetUserLabel	A label is configured for a user.
AdminEvent	CreateProject	A MaxCompute project is created.
	UpdateProject	A MaxCompute project is updated.
	DeleteProject	A MaxCompute project is deleted.

Event fields

Fields are provided to record specific actions for different types of events. You can view and analyze the fields for log audit. The following table describes the common fields included in events.


Field	Description	Example
eventId	The globally unique identifier (GUID) that ActionTrail generates for each event.	918510a4-7b63-47d2-b053-8f9db82c431a
acsRegion	The ID of the region where the event log was recorded.	cn-hangzhou
eventName	The name of the event.	InsertJob
eventTime	The time when the event occurred, in UTC.	2020-01-09T12:12:14Z
eventType	The type of the event.	JobEvent
errorCode	The error code reported when an error occurs.	ODPS-10000
errorMessage	The error description.	ODPS-0130161:[1,18] Parse exception - invalid token 'bigstring'
requestId	The ID of the API request.	6df41e8c-cfd0-4beb-8dd0-13b8490fdf5b
serviceName	The name of the Alibaba Cloud service to which the event log belongs.	MaxCompute
sourceIpAddress	The source IP address of the API request.	192.0.2.1
userAgent	The user agent that sends the API request.	`JavaSDK Revision:992f8d1 Version:0.35.9 JavaVersion:1.8.0_242 CLT(0.35.3 : a2af3f4); Mac OS X(127.0.0.1/ali-4c32758ab657)`
userIdentity	The identity information about the requester. The information includes the accountId, principalId, type, and userName parameters.	`"userIdentity": { // The identity information of the requester"accountId": "1965501548481", // The ID of the Alibaba Cloud account"principalId": "100951746285", // The type of the current requester"type": "root-account", // The ID of the Alibaba Cloud account"userName": "root" }`
referencedResources	The resources involved in an event, such as InstanceId in JobEvent and TableName in TableEvent. The field is unique for each event.	`"referencedResources": { // The resources affected by the event"Instance": ["2020102713575683gc2je4pr"] }`
additionalEventData	The additional information that is specific to events, such as the job status and query statements. The field is unique for each event.	`"additionalEventData": { "Status": "Failed", "ProjectName": "test_audit", "TaskName": "console_query_task_1603807075919", "InstanceId": "2020102713575683gc2je4pr2", "TaskType": "SQL", "OperationText": "create table a(a bigstring);" }`

JobEvent

InsertJob


Field	Description	Example
referencedResources	The ID of the job involved in an InsertJob event.	`"referencedResources": { // The resources affected by the event "Instance": ["2020102713575683gc2je4pr2" ] }`
additionalEventData	The additional information about an InsertJob event. The additional information includes the following parameters: ProjectName: the name of the project to which the job belongs. TaskName: the name of the task to which the job belongs. InstanceId: the ID of the job. TaskType: the type of the job. Valid values: SQL, LOT, and CUPID. OperationText: the statement to be executed.	`"additionalEventData": { "ProjectName": "meta", "TaskName": "console_query_task_1603807075919", "InstanceId": "2020102713575683gc2je4pr2", "TaskType": "SQL", "OperationText": "create table a(a string);" }`

JobChange


Field	Description	Example
referencedResources	The ID of the job involved in a JobChange event.	`"referencedResources": { // The resources affected by the event "Instance": ["2020102713575683gc2je4pr2" ] }`
additionalEventData	The additional information about a JobChange event. The additional information includes the following parameters: Status: the status of the job. ProjectName: the name of the project to which the job belongs. TaskName: the name of the task to which the job belongs. InstanceId: the ID of the job. TaskType: the type of the job. Valid values: SQL, LOT, and CUPID. OperationText: the statement to be executed.	`"additionalEventData": { "Status": "Failed", "ProjectName": "meta", "TaskName": "console_query_task_1603807075919", "InstanceId": "2020102713575683gc2je4pr2", "TaskType": "SQL", "OperationText": "create table a(a string);" }`

TunnelEvent

DownloadTable


Field	Description	Example
referencedResources	The name of the table involved in a DownloadTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "source_xml_instid_flt_2" ] }`
additionalEventData	The additional information about a DownloadTable event. The additional information includes the following parameters: TableName: the name of the table. Partition: the partition information. CurrentProject: the name of the project in which the download operation is initiated. ProjectName: the name of the project to which the downloaded table belongs. SesssionId: the ID of the tunnel session.	`"additionalEventData": { "TableName": "source_xml_instid_flt_2", "Partition": "projectname=inst_200233,ds=20201027", "CurrentProject": "project1", "ProjectName": "project2", "SesssionId": "20201027200931a3baca0b037518a7" }`

UploadTable


Field	Description	Example
referencedResources	The name of the table involved in an UploadTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "source_xml_instid_flt_2" ] }`
additionalEventData	The additional information about an UploadTable event. The additional information includes the following parameters: TableName: the name of the table. Partition: the partition information. ProjectName: the name of the project to which the uploaded table belongs. SesssionId: the ID of the tunnel session.	`"additionalEventData": { "TableName": "m_rt_privilege_event", "Partition": "ds=20201027,hh=22,mm=00", "ProjectName": "meta2", "SesssionId": "202010272209332231f60b08182dfb" }`

InstanceTunnel


Field	Description	Example
referencedResources	The ID of the job involved in an InstanceTunnel event.	`"referencedResources": { // The resources affected by the event "Instance": [ "20201027080131990gf238rsa"] }`
additionalEventData	The additional information about an InstanceTunnel event. The additional information includes the following parameters: CurrentProject: the name of the project in which the instance download operation is initiated. ProjectName: the name of the project to which the downloaded instance belongs. InstanceId: the ID of the instance. SesssionId: the ID of the tunnel session.	`"additionalEventData": { "CurrentProject": "meta", "ProjectName": "meta", "InstanceId": "20201027080131990gf238rsa", "SesssionId": "2020102716014017c4ca0b036850f6" }`

RoleEvent

CreateRole


Field	Description	Example
referencedResources	The name of the role involved in a CreateRole event.	`"referencedResources": { // The resources affected by the event "Role": [ "test1" ] }`
additionalEventData	The additional information about a CreateRole event. The additional information includes the following parameters: RoleName: the name of the role that you created. CurrentProject: the name of the project in which the role creation operation is initiated. ProjectName: the name of the project to which the role belongs. OperationText: the statement to be executed.	`"additionalEventData": { "RoleName": "test1", "CurrentProject": "meta_dev", "ProjectName": "dev1", "OperationText": "create role test1;" }`

DropRole


Field	Description	Example
referencedResources	The name of the role involved in a DropRole event.	`"referencedResources": { // The resources affected by the event "Role": [ "test1" ] }`
additionalEventData	The additional information about a DropRole event. The additional information includes the following parameters: RoleName: the name of the role that you deleted. CurrentProject: the name of the project in which the role deletion operation is initiated. ProjectName: the name of the project to which the role belongs. OperationText: the statement to be executed.	`"additionalEventData": { "RoleName": "test1", "CurrentProject": "meta_dev", "ProjectName": "dev1", "OperationText": "drop role test1;" }`

UserEvent

AddUser


Field	Description	Example
referencedResources	The name of the user involved in an AddUser event.	`"referencedResources": { // The resources affected by the event "User": [ "ram$xxxx@aliyun.com:sub" ] }`
additionalEventData	The additional information about an AddUser event. The additional information includes the following parameters: UserName: the name of the user that you added. ProjectName: the name of the project to which the user belongs. OperationText: the statement to be executed.	`"additionalEventData": { "UserName": "ram$xxxx@aliyun.com:sub", "ProjectName": "project1", "OperationText": "add user RAM$xxxx@aliyun.com:sub;" }`

RemoveUser


Field	Description	Example
referencedResources	The name of the user involved in a RemoveUser event.	`"referencedResources": { // The resources affected by the event "User": [ "ram$xxxx@aliyun.com:sub" ] }`
additionalEventData	The additional information about a RemoveUser event. The additional information includes the following parameters: UserName: the name of the user that you removed. ProjectName: the name of the project to which the user belongs. OperationText: the statement to be executed.	`"additionalEventData": { "UserName": "ram$xxxx@aliyun.com:sub", "ProjectName": "project1", "OperationText": "remove user RAM$xxxx@aliyun.com:sub;" }`

TableEvent

CreateTable


Field	Description	Example
referencedResources	The name of the table involved in a CreateTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "ttt" ] }`
additionalEventData	The additional information about a CreateTable event. The additional information includes the following parameters: TableName: the name of the table that you created. ProjectName: the name of the project to which the table belongs. CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID. Source: the source. Valid values: INSTANCE and TUNNEL. OperationText: CREATE_TABLE.	`"additionalEventData": { "TableName": "ttt", "ProjectName": "meta_dev", "CorrelationId": "20201027083345196gsjgpv21", "Source": "INSTANCE", "OperationText": "CREATE_TABLE" }`

DropTable


Field	Description	Example
referencedResources	The name of the table involved in a DropTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "ttt" ] }`
additionalEventData	The additional information about a DropTable event. The additional information includes the following parameters: TableName: the name of the table that you deleted. ProjectName: the name of the project to which the table belongs. CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID. Source: the source. Valid values: INSTANCE and TUNNEL. OperationText: This parameter can be set to DROP_TABLE or RECYCLE_TABLE. DROP_TABLE indicates that a user proactively deletes a table. RECYCLE_TABLE indicates that the system reclaims a table whose lifecycle ends.	`"additionalEventData": { "TableName": "hot_user_hs_top30", "ProjectName": "prj1", "CorrelationId": "20201023024002372giqvmv21", "Source": "INSTANCE", "OperationText": "DROP_TABLE" }`

ChangeTable


Field	Description	Example
referencedResources	The name of the table involved in a ChangeTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "ttt" ] }`
additionalEventData	The additional information about a ChangeTable event. The additional information includes the following parameters: TableName: the name of the table whose data you want to change. ProjectName: the name of the project to which the table belongs. CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID. Source: the source. Valid values: INSTANCE and TUNNEL. OperationText: ALTER_TABLE_RENAME, ADD_PARTITION, ALTER_TABLE_ADD_COLUMNS, ALTER_TABLE_CHANGE_LIFECYCLE, ALTER_TABLE_DROP_PARTITION, and ALTER_PARTITION.	`"additionalEventData": { "TableName": "ttt", "ProjectName": "proj1", "CorrelationId": "20201028161651750g05e0tsa", "Source": "INSTANCE", "OperationText": "ADD_PARTITION" }`

DescribeTable


Field	Description	Example
referencedResources	The name of the table involved in a DescribeTable event.	`"referencedResources": { // The resources affected by the event "Table": [ "ttt" ] }`
additionalEventData	The additional information about a DescribeTable event. The additional information includes the following parameters: TableName: the name of the table that you viewed. ProjectName: the name of the project to which the table belongs.	`"additionalEventData": { "TableName": "ttt", "ProjectName": "prj1", }`

ChangeTableData


Field	Description	Example
referencedResources	The name of the table involved in a ChangeTableData event.	`"referencedResources": { // The resources affected by the event "Table": [ "ttt" ] }`
additionalEventData	The additional information about a ChangeTableData event. The additional information includes the following parameters: TableName: the name of the table whose data you want to change. ProjectName: the name of the project to which the table belongs. CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID. Source: the source. Valid values: INSTANCE and TUNNEL. OperationText: TRUNCATE_TABLE, INSERT_OVERWRITE_TABLE, INSERT_OVERWRITE_PARTITION, INSERT_PARTITION, or INSERT_TABLE.	`"additionalEventData": { "TableName": "ttt", "ProjectName": "meta_dev", "CorrelationId": "20201027083345196gsjgpv21", "Source": "INSTANCE", "OperationText": "DATA_INGESTION" }`

ReadTableData


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about a ReadTableData event. The additional information includes the following parameters: TableName: the name of the table from which data is read. ProjectName: the name of the project to which the table belongs. CorrelationId: used with Source. If Source is set to INSTANCE, this parameter indicates the job ID. If Source is set to TUNNEL, this parameter indicates the tunnel ID. Source: the source. Valid values: INSTANCE and TUNNEL. OperationText: READ_TABLE.	`"additionalEventData": { "TableName": "ttt", "ProjectName": "meta_dev", "CorrelationId": "20201027083345196gsjgpv21", "Source": "INSTANCE", "OperationText": "READ_TABLE" }`

PrivilegeEvent

GrantRole


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a GrantRole event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a GrantRole event. The additional information includes the following parameters: UserName: the name of the Alibaba Cloud account to which role-based privileges are granted. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed.	`"additionalEventData": { "ObjectType": "PROJECT", "CurrentProject": "meta", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "meta", "OperationText": "grant test_role to ALIYUN$xxx@aliyun.com" }`

RevokeRole


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a RevokeRole event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a RevokeRole event. The additional information includes the following parameters: UserName: the name of the Alibaba Cloud account from which role-based privileges are revoked. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed.	`"additionalEventData": { "ObjectType": "PROJECT", "CurrentProject": "meta", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "meta", "OperationText": "revoke test_role from ALIYUN$xxx@aliyun.com" }`

GrantACL


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a GrantACL event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a GrantACL event. The additional information includes the following parameters: ObjectType: the type of the object to which ACL-based privileges are granted. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION. CurrentProject: the name of the project in which the ACL-based privilege assignment is initiated. UserName: the name of the Alibaba Cloud account to which ACL-based privileges are granted. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed. ObjectName: the name of the object to which label-based privileges are granted.	`"additionalEventData": { "ObjectType": "PROJECT", "CurrentProject": "meta", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "meta", "OperationText": "grant createtable on project meta to ALIYUN$xxx@aliyun.com;", "ObjectName": "meta" }`

RevokeACL


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a RevokeACL event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a RevokeACL event. The additional information includes the following parameters: ObjectType: the type of the object from which ACL-based privileges are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION. CurrentProject: the name of the project in which ACL-based privilege revocation is initiated. UserName: the name of the Alibaba Cloud account from which ACL-based privileges are revoked. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed. ObjectName: the name of the object from which label-based privileges are revoked.	`"additionalEventData": { "ObjectType": "PROJECT", "CurrentProject": "meta", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "project1", "OperationText": "revoke createtable on project project1 from ALIYUN$xxx@aliyun.com;", "ObjectName": "project1" }`

GrantLabel


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a GrantLabel event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a GrantLabel event. The additional information includes the following parameters: ObjectType: the type of the object to which label-based privileges are granted. The value is set to TABLE. UserName: the name of the Alibaba Cloud account to which label-based privileges are granted. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed. ObjectName: the name of the object to which label-based privileges are granted.	`"additionalEventData": { "ObjectType": "TABLE", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "meta", "OperationText": "GRANT LABEL 4 ON TABLE t1 TO USER ALIYUN$xxx@aliyun.com;", "ObjectName": "meta" }`

RevokeLabel


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a RevokeLabel event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a RevokeLabel event. The additional information includes the following parameters: ObjectType: the type of the object from which label-based privileges are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION. UserName: the name of the Alibaba Cloud account from which label-based privileges are revoked. ProjectName: the name of the project to which the Alibaba Cloud account belongs. OperationText: the statement to be executed. ObjectName: the name of the object from which label-based privileges are revoked.	`"additionalEventData": { "ObjectType": "TABLE", "UserName": "aliyun$xxx@aliyun.com", "ProjectName": "meta", "OperationText": "Revoke LABEL 4 ON TABLE t1 from USER ALIYUN$xxx@aliyun.com;", "ObjectName": "t1" }`

PutRolePolicy

Field Description Example

referencedResources

The name of the role involved in a PutRolePolicy event.

Field	Description	Example
referencedResources	The name of the role involved in a PutRolePolicy event.	`"referencedResources": { // The resources affected by the event "Role": [ "test1_role" ] }`
additionalEventData	The additional information about a PutRolePolicy event. The additional information includes the following parameters: RoleName: the name of the role. CurrentProject: the name of the project in which the role-level policy operation is initiated. ProjectName: the name of the project to which the role belongs. OperationText: the content of the policy.	`"additionalEventData": { "RoleName": "test1_role", "CurrentProject": "meta_dev", "ProjectName": "meta_dev", "OperationText": "{\n \"Statement\": [{\n \"Action\": [\"odps:Read\",\n \"odps:List\"],\n \"Effect\": \"Allow\",\n \"Resource\": [\"acs:odps::projects/p1\"]},\n {\n \"Action\": [\"odps:Describe\",\n \"odps:Select\"],\n \"Effect\": \"Allow\",\n \"Resource\": [\"acs:odps::projects/p1/tables/m_*\"]}],\n \"Version\": \"1\"}" }`

"referencedResources": { // The resources affected by the event
   "Role": [
 "test1_role"
   ]
 }

additionalEventData

The additional information about a PutRolePolicy event. The additional information includes the following parameters:

RoleName: the name of the role.
CurrentProject: the name of the project in which the role-level policy operation is initiated.
ProjectName: the name of the project to which the role belongs.
OperationText: the content of the policy.

"additionalEventData": {
   "RoleName": "test1_role",
   "CurrentProject": "meta_dev",
   "ProjectName": "meta_dev",
   "OperationText": "{\n    \"Statement\": [{\n            \"Action\": [\"odps:Read\",\n                \"odps:List\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1\"]},\n        {\n            \"Action\": [\"odps:Describe\",\n                \"odps:Select\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1/tables/m_*\"]}],\n    \"Version\": \"1\"}"
 }

SetProjectPolicy


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about a SetProjectPolicy event. CurrentProject: the name of the project in which the project-level policy operation is initiated.	`"additionalEventData": { "CurrentProject": "test_prj"}" }`

SetTableLabel


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about a SetTableLabel event. The additional information includes the following parameters: ObjectType: the type of the object. The value is set to TABLE. OperationText: the statement to be executed. ObjectName: the name of the object.	`"additionalEventData": { "ObjectType": "TABLE", "OperationText": "SET LABEL 3 TO TABLE t1test(col1);", "ObjectName": "t1test" }`

SetUserLabel


Field	Description	Example
referencedResources	The name of the Alibaba Cloud account involved in a SetUserLabel event.	`"referencedResources": { // The resources affected by the event "User": [ "aliyun$xxxx@aliyun.com" ] }`
additionalEventData	The additional information about a SetUserLabel event. UserName: the name of the Alibaba Cloud account that configures label-based privileges for users.	`"additionalEventData": { "UserName": "aliyun$xxxx@aliyun.com" }`

AdminEvent

CreateProject


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about a CreateProject event. ProjectName: the name of the MaxCompute project that you created.	`"additionalEventData": { "ProjectName": "xxxx" }`

UpdateProject


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about an UpdateProject event. The additional information includes the following parameters: ProjectName: the name of the MaxCompute project that you updated. Properties: the flag that you updated. State: optional. The project status. Valid values: FROZEN and AVAILABLE.	`"additionalEventData": { "ProjectName": "xxx", "Properties": "{\"odps.sql.decimal.odps2\":\"true\",\"odps.sql.hive.compatible\":\"false\",\"odps.sql.type.system.odps2\":\"true\"}" }`

DeleteProject


Field	Description	Example
referencedResources	None	None
additionalEventData	The additional information about a DeleteProject event. ProjectName: the name of the MaxCompute project that you deleted.	`"additionalEventData": { "ProjectName": "xxxx" }`