DataWorks is integrated with ActionTrail. This allows you to query ActionTrail for DataWorks behavior events of your Alibaba Cloud account over the last 90 days. You can use ActrionTrail to deliver the events to a Logstore in Log Service or a specific Object Storage Service (OSS) bucket for monitoring and alerting. This meets the requirements for timely auditing, problem backtracking, and problem analysis. This topic describes how to query DataWorks behavior events in ActionTrail.

Background information

Alibaba Cloud ActionTrail is a service that monitors and records the actions of your Alibaba Cloud account. The actions include the access to and use of cloud products and services through the Alibaba Cloud Management Console, API operations, and SDKs. ActionTrail records these actions as events. You can download these events from the ActionTrail console or configure ActionTrail to deliver these events to Log Service Logstores or OSS buckets. Then, you can perform behavior analysis, security analysis, resource change tracking, and compliance auditing based on the events. For more information, see What is ActionTrail?

Precautions

  • After you perform an operation in DataWorks, ActionTrail records the operation in 5 minutes to 10 minutes.
  • You can configure tracking alerts for important events to detect and handle anomalous activities in a timely manner.

Query DataWorks behavior events

  1. Log on to the ActionTrail console.
  2. In the left-side navigation pane, click Event Detail Query. Then, select a region in the top navigation bar.
  3. On the Event Detail Query page, select Service Name from the drop-down list and enter DataWorks in the search box to query DataWorks events that are recorded.Select DataWorks for Service Name
    The query results contain the following information: Event Time, Username, Event Name, Resource Type, and Resource Name.
    You can use Event Name to determine whether an event is recorded for an API call and query the event meaning.
    Note An API operation can be called by using a codeless user interface (UI) or code editor.
    • The event is recorded for an API call.

      The event name is consistent with the API operation name. You can use the event name to query the event meaning from the DataWorks API operation list.

    • The event is not recorded for an API call.
      You can query the event meaning from the following table.
      Event name Description Service module
      DownloadExecutionResultDataStudio Downloads query results. DataStudio
      CreateBusiness Creates a workflow.
      DestroyRelationTableFromBusiness Deletes all tables from a workflow.
      DeleteBusiness Deletes a workflow.
      ExecuteFile Runs a file as a temporary task.
      LockFile Locks a file.
      UnlockFile Steals the lock of a file.
      RecoverFile Recovers files in the recycle bin.
      CloneFile Clones a file.
      DeleteFolder Deletes a folder.
      DeleteDeployment Deletes a deployment task.
      ListCodingProjects Queries code-based projects. AppStudio
    Note If the meaning of an event cannot be obtained by using one of the preceding methods, submit a ticket to query the details of the event.
  4. Expand an event and click Event Detail to view the details of the event.Event details
    The following table describes the event details.
    No. Description
    1 The details of the event.

    Move the pointer over the username and click detail to go to the RAM console. Then, you can view the details of the user.

    2 The resource type, resource name, and operation involved in the event.
    3 You can click Event Detail to view the code record of the event.
    The following figure shows the code record of the listProjectResourceGroups event.Event code recordIn the Event Detail dialog box, click the Copy icon in the upper-right corner to copy the code record.

What to do next

You can use the queried event details to perform behavior analysis, security analysis, resource change tracking, and compliance auditing.