All Products
Search
Document Center

MaxCompute:Audit logs

Last Updated:Jan 25, 2024

MaxCompute records all user actions and pushes operational logs to Alibaba Cloud ActionTrail in real time. You can create a single-account trail of ActionTrail to deliver the logs to your Simple Log Service project or a specific Object Storage Service (OSS) bucket. This way, you can perform real-time log auditing and problem backtracking. This topic describes the scenarios and scope of audit logs.

Flowchart

The following figure shows how to deliver the logs to Simple Log Service and OSS.

**

Scenarios

MaxCompute delivers operational logs to ActionTrail in real time. You can perform the following operations in the ActionTrail console:

  • Query historical events and their detailed information

    On the Event Query page in the ActionTrail console, query historical events of various services, such as MaxCompute. For more information, see Query events in the ActionTrail console.

  • Analyze events in real time

    On the Trails page in the ActionTrail console, deliver events to an OSS bucket for archiving and analysis. You can also use a trail to deliver events to your Simple Log Service project for real-time log analysis, such as log analysis triggered by alerts that are generated in the case of unauthorized access to sensitive data. For more information, see Create a single-account trail.

Scope

ActionTrail audits events that are related to instances, tables, users, roles, and permissions. For more information about events, see Audit events of MaxCompute. The following table describes the events that are audited by ActionTrail.

Event type

Event name

Event description

JobEvent

InsertJob

A MaxCompute job is submitted.

JobChange

The status of a MaxCompute job is changed. For example, a job succeeds or is terminated.

TunnelEvent

DownloadTable

Data is downloaded from a table by using Tunnel commands.

UploadTable

Data is uploaded to a table by using Tunnel commands.

InstanceTunnel

The execution result of an instance is downloaded. For example, this event is triggered when you execute a SELECT statement.

RoleEvent

CreateRole

A role is created.

DropRole

A role is dropped.

UserEvent

AddUser

A user is added.

RemoveUser

A user is removed.

TableEvent

CreateTable

A table is created.

ChangeTable

The schema of a table is modified. For example, this event is triggered when you execute the ALTER TABLE statement to modify the schema of a table.

DropTable

A table is dropped.

DescribeTable

The schema of a table is queried by using the DESC TABLE statement.

ReadTableData

Table data is read.

ChangeTableData

Table data is modified. For example, this event is triggered when you execute a statement such as INSERT INTO, INSERT OVERWRITE, or TRUNCATE, or when you import table data by using Tunnel commands.

PrivilegeEvent

GrantRole

Role-based permissions are granted.

RevokeRole

Role-based permissions are revoked.

GrantACL

ACL-based permissions are granted.

RevokeACL

ACL-based permissions are revoked.

GrantLabel

Label-based permissions are granted.

RevokeLabel

Label-based permissions are revoked.

PutRolePolicy

A policy that is attached to a MaxCompute role is added.

SetProjectPolicy

A policy is configured for a project.

SetTableLabel

A label is configured for a column in a table.

SetUserLabel

A label is configured for a user.

AdminEvent

CreateProject

A MaxCompute project is created.

UpdateProject

A MaxCompute project is updated.

DeleteProject

A MaxCompute project is deleted.

Event fields

Fields are provided to record specific actions for different types of events. You can view and analyze the fields for event auditing. The following table describes the common fields that are included in events.

Field

Description

Example

eventId

The globally unique identifier (GUID) that ActionTrail generates for each event.

918510a4-7b63-47d2-b053-8f9db82c431a

acsRegion

The ID of the region where the event log was recorded.

cn-hangzhou

eventName

The name of the event.

InsertJob

eventTime

The time when the event occurred, in UTC.

2020-01-09T12:12:14Z

eventType

The type of the event.

JobEvent

errorCode

The error code reported when an error occurs.

ODPS-10000

errorMessage

The error description.

ODPS-0130161:[1,18] Parse exception - invalid token 'bigstring'

requestId

The ID of the API request.

6df41e8c-cfd0-4beb-8dd0-13b8490fdf5b

serviceName

The name of the Alibaba Cloud service to which the event belongs.

MaxCompute

sourceIpAddress

The source IP address of the API request.

47.100.XX.XX

userAgent

The user agent that sends the API request.

JavaSDK Revision:992f8d1 Version:0.35.9 JavaVersion:1.8.0_242 CLT(0.35.3 : a2af3f4); Mac OS X(ip/ali-4c32758ab657)

userIdentity

The identity information about the requester. The information includes the accountId, principalId, type, and userName parameters.

"userIdentity": { // The identity information of the requester"accountId": "196550154****", // The ID of the Alibaba Cloud account "principalId": "10095174****", // The type of the current requester "type": "root-account", // The ID of the Alibaba Cloud account "userName": "root" }

referencedResources

The resources that are involved in an event, such as InstanceId in JobEvent and TableName in TableEvent. This field is unique for each event.

"referencedResources": { // The resources affected by the event. "Instance": ["2020102713575683gc2j****"] }

additionalEventData

The additional information that is specific to the event, such as the job status and query statements. This field is unique for each event.

"additionalEventData": { "Status": "Failed", "ProjectName": "test_audit", "TaskName": "console_query_task_1603807075919", "InstanceId": "2020102713575683gc2j****", "TaskType": "SQL", "OperationText": "create table a(a bigstring);" }

JobEvent

  • InsertJob

    Field

    Description

    Example

    referencedResources

    The ID of the job that is involved in an InsertJob event.

    "referencedResources": { // The resources affected by the event.
        "Instance": ["2020102713575683gc2j****" ]
     }

    additionalEventData

    The additional information about an InsertJob event. The additional information includes the following parameters:

    • ProjectName: the name of the project to which the job belongs.

    • TaskName: the name of the task to which the job belongs.

    • InstanceId: the ID of the job.

    • TaskType: the type of the job. Valid values: SQL, LOT, and CUPID.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "ProjectName": "meta",
       "TaskName": "console_query_task_1603807075919",
       "InstanceId": "2020102713575683gc2j****",
       "TaskType": "SQL",
       "OperationText": "create table a(a string);"
     }
  • JobChange

    Field

    Description

    Example

    referencedResources

    The ID of the job that is involved in a JobChange event.

    "referencedResources": { // The resources affected by the event.
        "Instance": ["2020102713575683gc2j****" ]
     }

    additionalEventData

    The additional information about a JobChange event. The additional information includes the following parameters:

    • Status: the status of the job.

    • ProjectName: the name of the project to which the job belongs.

    • TaskName: the name of the task to which the job belongs.

    • InstanceId: the ID of the job.

    • TaskType: the type of the job. Valid values: SQL, LOT, and CUPID.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "Status": "Failed",
       "ProjectName": "meta",
       "TaskName": "console_query_task_1603807075919",
       "InstanceId": "2020102713575683gc2j****",
       "TaskType": "SQL",
       "OperationText": "create table a(a string);"
     }

TunnelEvent

  • DownloadTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a DownloadTable event.

    "referencedResources": { // The resources affected by the event.
        "Table": [
         "source_xml_instid_flt_2"
       ]
     }

    additionalEventData

    The additional information about a DownloadTable event. The additional information includes the following parameters:

    • TableName: the name of the table.

    • Partition: the partition information.

    • CurrentProject: the name of the project in which the download operation is initiated.

    • ProjectName: the name of the project to which the downloaded table belongs.

    • SesssionId: the ID of the tunnel session.

    "additionalEventData": {
       "TableName": "source_xml_instid_flt_2",
       "Partition": "projectname=inst_200233,ds=20201027",
       "CurrentProject": "project1",
       "ProjectName": "project2",
       "SesssionId": "20201027200931a3baca0b037518a7"
     }
  • UploadTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in an UploadTable event.

    "referencedResources": { // The resources affected by the event.
        "Table": [
         "source_xml_instid_flt_2"
       ]
     }

    additionalEventData

    The additional information about an UploadTable event. The additional information includes the following parameters:

    • TableName: the name of the table.

    • Partition: the partition information.

    • ProjectName: the name of the project to which the uploaded table belongs.

    • SesssionId: the ID of the tunnel session.

    "additionalEventData": {
       "TableName": "m_rt_privilege_event",
       "Partition": "ds=20201027,hh=22,mm=00",
       "ProjectName": "meta2",
       "SesssionId": "202010272209332231f60b08182dfb"
     }
  • InstanceTunnel

    Field

    Description

    Example

    referencedResources

    The ID of the job that is involved in an InstanceTunnel event.

    "referencedResources": { // The resources affected by the event.
        "Instance": [
     "20201027080131990gf23****"]
     }

    additionalEventData

    The additional information about an InstanceTunnel event. The additional information includes the following parameters:

    • CurrentProject: the name of the project in which the instance download operation is initiated.

    • ProjectName: the name of the project to which the downloaded instance belongs.

    • InstanceId: the ID of the instance.

    • SesssionId: the ID of the tunnel session.

    "additionalEventData": {
       "CurrentProject": "meta",
       "ProjectName": "meta",
       "InstanceId": "20201027080131990gf23****",
       "SesssionId": "2020102716014017c4ca0b036850f6"
     }

RoleEvent

  • CreateRole

    Field

    Description

    Example

    referencedResources

    The name of the role that is involved in a CreateRole event.

    "referencedResources": { // The resources affected by the event.
        "Role": [
        "test1"
       ]
     }

    additionalEventData

    The additional information about a CreateRole event. The additional information includes the following parameters:

    • RoleName: the name of the role that you created.

    • CurrentProject: the name of the project in which the role creation operation is initiated.

    • ProjectName: the name of the project to which the role belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "RoleName": "test1",
       "CurrentProject": "meta_dev",
       "ProjectName": "dev1",
       "OperationText": "create role test1;"
     }
  • DropRole

    Field

    Description

    Example

    referencedResources

    The name of the role that is involved in a DropRole event.

    "referencedResources": { // The resources affected by the event.
        "Role": [
        "test1"
       ]
     }

    additionalEventData

    The additional information about a DropRole event. The additional information includes the following parameters:

    • RoleName: the name of the role that you dropped.

    • CurrentProject: the name of the project in which the role drop operation is initiated.

    • ProjectName: the name of the project to which the role belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "RoleName": "test1",
       "CurrentProject": "meta_dev",
       "ProjectName": "dev1",
       "OperationText": "drop role test1;"
     }

UserEvent

  • AddUser

    Field

    Description

    Example

    referencedResources

    The name of the user that is involved in an AddUser event.

    "referencedResources": { // The resources affected by the event.
        "User": [
        "ram$xxxx@aliyun.com:sub"
       ]
     }

    additionalEventData

    The additional information about an AddUser event. The additional information includes the following parameters:

    • UserName: the name of the user that you added.

    • ProjectName: the name of the project to which the user belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "UserName": "ram$xxxx@aliyun.com:sub",
       "ProjectName": "project1",
       "OperationText": "add user RAM$xxxx@aliyun.com:sub;"
     }
  • RemoveUser

    Field

    Description

    Example

    referencedResources

    The name of the user that is involved in a RemoveUser event.

    "referencedResources": { // The resources affected by the event.
        "User": [
        "ram$xxxx@aliyun.com:sub"
       ]
     }

    additionalEventData

    The additional information about a RemoveUser event. The additional information includes the following parameters:

    • UserName: the name of the user that you removed.

    • ProjectName: the name of the project to which the user belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "UserName": "ram$xxxx@aliyun.com:sub",
       "ProjectName": "project1",
       "OperationText": "remove user RAM$xxxx@aliyun.com:sub;"
     }

TableEvent

  • CreateTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a CreateTable event.

    "referencedResources": { // The resources affected by the event.
       "Table": [
       "ttt"
       ]
     }

    additionalEventData

    The additional information about a CreateTable event. The additional information includes the following parameters:

    • TableName: the name of the table that you created.

    • ProjectName: the name of the project to which the table belongs.

    • CorrelationId: used with Source. If the value of Source is INSTANCE, the job ID is used for this parameter. If the value of Source is TUNNEL, the tunnel ID is used for this parameter.

    • Source: the source. Valid values: INSTANCE and TUNNEL.

    • OperationText: The value of this parameter is CREATE_TABLE.

    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "CREATE_TABLE"
     }
  • DropTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a DropTable event.

    "referencedResources": { // The resources affected by the event.
       "Table": [
       "ttt"
       ]
     }

    additionalEventData

    The additional information about a DropTable event. The additional information includes the following parameters:

    • TableName: the name of the table that you dropped.

    • ProjectName: the name of the project to which the table belongs.

    • CorrelationId: used with Source. If the value of Source is INSTANCE, the job ID is used for this parameter. If the value of Source is TUNNEL, the tunnel ID is used for this parameter.

    • Source: the source. Valid values: INSTANCE and TUNNEL.

    • OperationText: The value of this parameter can be DROP_TABLE or RECYCLE_TABLE. If the value of this parameter is DROP_TABLE, the table is dropped by a user. If the value of this parameter is RECYCLE_TABLE, the table is reclaimed by the system when the lifecycle of the table ends.

    "additionalEventData": {
       "TableName": "hot_user_hs_top30",
       "ProjectName": "prj1",
       "CorrelationId": "20201023024002372giqvmv21",
       "Source": "INSTANCE",
       "OperationText": "DROP_TABLE"
     }
  • ChangeTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a ChangeTable event.

    "referencedResources": { // The resources affected by the event.
       "Table": [
       "ttt"
       ]
     }

    additionalEventData

    The additional information about a ChangeTable event. The additional information includes the following parameters:

    • TableName: the name of the table whose data you changed.

    • ProjectName: the name of the project to which the table belongs.

    • CorrelationId: used with Source. If the value of Source is INSTANCE, the job ID is used for this parameter. If the value of Source is TUNNEL, the tunnel ID is used for this parameter.

    • Source: the source. Valid values: INSTANCE and TUNNEL.

    • OperationText: The value of this parameter can be ALTER_TABLE_RENAME, ADD_PARTITION, ALTER_TABLE_ADD_COLUMNS, ALTER_TABLE_CHANGE_LIFECYCLE, ALTER_TABLE_DROP_PARTITION, or ALTER_PARTITION.

    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "proj1",
       "CorrelationId": "20201028161651750g05e0tsa",
       "Source": "INSTANCE",
       "OperationText": "ADD_PARTITION"
     }
  • DescribeTable

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a DescribeTable event.

    "referencedResources": { // The resources affected by the event.
       "Table": [
       "ttt"
       ]
     }

    additionalEventData

    The additional information about a DescribeTable event. The additional information includes the following parameters:

    • TableName: the name of the table that you viewed.

    • ProjectName: the name of the project to which the table belongs.

    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "prj1",
     }
  • ChangeTableData

    Field

    Description

    Example

    referencedResources

    The name of the table that is involved in a ChangeTableData event.

    "referencedResources": { // The resources affected by the event.
       "Table": [
       "ttt"
       ]
     }

    additionalEventData

    The additional information about a ChangeTableData event. The additional information includes the following parameters:

    • TableName: the name of the table whose data you changed.

    • ProjectName: the name of the project to which the table belongs.

    • CorrelationId: used with Source. If the value of Source is INSTANCE, the job ID is used for this parameter. If the value of Source is TUNNEL, the tunnel ID is used for this parameter.

    • Source: the source. Valid values: INSTANCE and TUNNEL.

    • OperationText: The value of this parameter can be TRUNCATE_TABLE, INSERT_OVERWRITE_TABLE, INSERT_OVERWRITE_PARTITION, INSERT_PARTITION, or INSERT_TABLE.

    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "DATA_INGESTION"
    }
  • ReadTableData

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about a ReadTableData event. The additional information includes the following parameters:

    • TableName: the name of the table from which data is read.

    • ProjectName: the name of the project to which the table belongs.

    • CorrelationId: used with Source. If the value of Source is INSTANCE, the job ID is used for this parameter. If the value of Source is TUNNEL, the tunnel ID is used for this parameter.

    • Source: the source. Valid values: INSTANCE and TUNNEL.

    • OperationText: The value of this parameter is READ_TABLE.

    "additionalEventData": {
       "TableName": "ttt",
       "ProjectName": "meta_dev",
       "CorrelationId": "20201027083345196gsjgpv21",
       "Source": "INSTANCE",
       "OperationText": "READ_TABLE"
     }

PrivilegeEvent

  • GrantRole

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a GrantRole event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a GrantRole event. The additional information includes the following parameters:

    • UserName: the name of the Alibaba Cloud account to which role-based permissions are granted.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "grant test_role to  ALIYUN$xxx@aliyun.com"
     }
  • RevokeRole

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a RevokeRole event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a RevokeRole event. The additional information includes the following parameters:

    • UserName: the name of the Alibaba Cloud account from which role-based permissions are revoked.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "revoke test_role from ALIYUN$xxx@aliyun.com"
     }
  • GrantACL

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a GrantACL event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a GrantACL event. The additional information includes the following parameters:

    • ObjectType: the type of the object on which ACL-based permissions are granted. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.

    • CurrentProject: the name of the project in which the ACL-based authorization is initiated.

    • UserName: the name of the Alibaba Cloud account to which role-based permissions are granted.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    • ObjectName: the name of the object on which label-based permissions are granted.

    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "grant createtable on project meta to  ALIYUN$xxx@aliyun.com;",
       "ObjectName": "meta"
    }
  • RevokeACL

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a RevokeACL event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a RevokeACL event. The additional information includes the following parameters:

    • ObjectType: the type of the object on which ACL-based permissions are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.

    • CurrentProject: the name of the project in which revocation of ACL-based permissions is initiated.

    • UserName: the name of the Alibaba Cloud account from which ACL-based permissions are revoked.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    • ObjectName: the name of the object on which label-based permissions are revoked.

    "additionalEventData": {
       "ObjectType": "PROJECT",
       "CurrentProject": "meta",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "project1",
       "OperationText": "revoke createtable on project project1 from  ALIYUN$xxx@aliyun.com;",
       "ObjectName": "project1"
    }
  • GrantLabel

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a GrantLabel event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a GrantLabel event. The additional information includes the following parameters:

    • ObjectType: the type of the object on which label-based permissions are granted. The value of this parameter is TABLE.

    • UserName: the name of the Alibaba Cloud account to which role-based permissions are granted.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    • ObjectName: the name of the object on which label-based permissions are granted.

    "additionalEventData": {
       "ObjectType": "TABLE",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "GRANT LABEL 4 ON TABLE t1 TO USER ALIYUN$xxx@aliyun.com;",
       "ObjectName": "meta"
    }
  • RevokeLabel

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a RevokeLabel event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a RevokeLabel event. The additional information includes the following parameters:

    • ObjectType: the type of the object on which label-based permissions are revoked. Valid values: PROJECT, RESOURCE, TABLE, and FUNCTION.

    • UserName: the name of the Alibaba Cloud account from which role-based permissions are revoked.

    • ProjectName: the name of the project to which the Alibaba Cloud account belongs.

    • OperationText: the statement that is executed.

    • ObjectName: the name of the object on which label-based permissions are revoked.

    "additionalEventData": {
       "ObjectType": "TABLE",
       "UserName": "aliyun$xxx@aliyun.com",
       "ProjectName": "meta",
       "OperationText": "Revoke LABEL 4 ON TABLE t1 from USER ALIYUN$xxx@aliyun.com;",
       "ObjectName": "t1"
     }
  • PutRolePolicy

    Field

    Description

    Example

    referencedResources

    The name of the role that is involved in a PutRolePolicy event.

    "referencedResources": { // The resources affected by the event.
       "Role": [
     "test1_role"
       ]
     }

    additionalEventData

    The additional information about a PutRolePolicy event. The additional information includes the following parameters:

    • RoleName: the name of the role.

    • CurrentProject: the name of the project in which the role-level policy-based authorization is initiated.

    • ProjectName: the name of the project to which the role belongs.

    • OperationText: the document of the policy.

    "additionalEventData": {
       "RoleName": "test1_role",
       "CurrentProject": "meta_dev",
       "ProjectName": "meta_dev",
       "OperationText": "{\n    \"Statement\": [{\n            \"Action\": [\"odps:Read\",\n                \"odps:List\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1\"]},\n        {\n            \"Action\": [\"odps:Describe\",\n                \"odps:Select\"],\n            \"Effect\": \"Allow\",\n            \"Resource\": [\"acs:odps:*:projects/p1/tables/m_*\"]}],\n    \"Version\": \"1\"}"
     }
  • SetProjectPolicy

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about a SetProjectPolicy event. CurrentProject: the name of the project in which the project-level policy-based authorization is initiated.

    "additionalEventData": {
    "CurrentProject": "test_prj"}"
     }
  • SetTableLabel

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about a SetTableLabel event. The additional information includes the following parameters:

    • ObjectType: the type of the object. The value of this parameter is TABLE.

    • OperationText: the statement that is executed.

    • ObjectName: the name of the object.

    "additionalEventData": {
       "ObjectType": "TABLE",
       "OperationText": "SET LABEL 3 TO TABLE t1test(col1);",
       "ObjectName": "t1test"
     }
  • SetUserLabel

    Field

    Description

    Example

    referencedResources

    The name of the Alibaba Cloud account that is involved in a SetUserLabel event.

    "referencedResources": { // The resources affected by the event.
       "User": [
     "aliyun$xxxx@aliyun.com"
       ]
     }

    additionalEventData

    The additional information about a SetUserLabel event. UserName: the name of the Alibaba Cloud account that configures label-based permissions for the user.

    "additionalEventData": {
       "UserName": "aliyun$xxxx@aliyun.com"
     }

AdminEvent

  • CreateProject

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about a CreateProject event. ProjectName: the name of the MaxCompute project that you created.

    "additionalEventData": { "ProjectName": "xxxx" }
  • UpdateProject

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about an UpdateProject event. The additional information includes the following parameters:

    • ProjectName: the name of the MaxCompute project that you updated.

    • Properties: the flag that you updated.

    • State: optional. The project status. Valid values: FROZEN and AVAILABLE.

    "additionalEventData": {
       "ProjectName": "xxx",
       "Properties": "{\"odps.sql.decimal.odps2\":\"true\",\"odps.sql.hive.compatible\":\"false\",\"odps.sql.type.system.odps2\":\"true\"}"
     }
  • DeleteProject

    Field

    Description

    Example

    referencedResources

    None.

    None.

    additionalEventData

    The additional information about a DeleteProject event. ProjectName: the name of the MaxCompute project that you deleted.

    "additionalEventData": { "ProjectName": "xxxx" }