5.10 - Recent data read with granular access and permissions details

List data accesses including referenced project, dataset, table and specific columns read in the past month. Include what kind of permissions users had to perform that operation.

Category: Data Usage
Use Cases: Audit, Respond
Data Sources: Audit Logs - Data Access

Queries or Rules

BigQuery	Log Analytics	Google SecOps
SQL	SQL	Contribute rule

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

google.cloud.bigquery.v2.JobService.InsertJob-dataRead

[
  {
    "logName": "projects/1234/logs/cloudaudit.googleapis.com%2Fdata_access",
    "resource": {
      "type": "bigquery_dataset",
      "labels": {
        "method": null,
        "version": null,
        "location": null,
        "project_id": "1234",
        "service": null,
        "name": null,
        "dataset_id": "my_dataset"
      }
    },
    "protopayload_auditlog": {
      "serviceName": "bigquery.googleapis.com",
      "methodName": "google.cloud.bigquery.v2.JobService.InsertJob",
      "resourceName": "projects/1234/datasets/my_dataset/tables/my_table",
      "resourceLocation": null,
      "numResponseItems": null,
      "status": null,
      "authenticationInfo": {
        "principalEmail": "test-user@example.com",
        "authoritySelector": null,
        "serviceAccountKeyName": null,
        "serviceAccountDelegationInfo": [

        ],
        "principalSubject": null
      },
      "authorizationInfo": [
        {
          "resource": "projects/1234/datasets/my_dataset/tables/my_table",
          "permission": "bigquery.tables.getData",
          "granted": "true",
          "resourceAttributes": null
        }
      ],
      "requestMetadata": {
        "callerIp": "203.0.113.255",
        "callerSuppliedUserAgent": "<redacted>",
        "callerNetwork": null,
        "requestAttributes": null,
        "destinationAttributes": null
      },
      "requestJson": null,
      "servicedata_v1_bigquery": null,
      "metadataJson": "{\"@type\":\"type.googleapis.com/google.cloud.audit.BigQueryAuditMetadata\",\"tableDataRead\":{\"fields\":[\"_PARTITIONDATE\",\"columnA\",\"structA\",\"structA.foo\",\"structA.bar\"],\"jobName\":\"projects/1234/jobs/12345678\",\"reason\":\"JOB\"}}",
      "responseJson": null,
      "servicedata_v1_iam": null,
      "policyViolationInfo": null
    },
    "textPayload": null,
    "timestamp": "2022-08-22T02:12:57.630Z",
    "receiveTimestamp": "2022-08-22T02:12:58.346Z",
    "severity": "INFO",
    "insertId": "2ihezydi73o",
    "httpRequest": null,
    "operation": null,
    "trace": null,
    "spanId": null,
    "traceSampled": null,
    "sourceLocation": null,
    "split": null
  }
]

References

https://cloud.google.com/blog/products/data-analytics/bigquery-audit-logs-pipelines-analysis

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.10.md

5.10.md

5.10 - Recent data read with granular access and permissions details

Queries or Rules

Event Generation

Sample Event

google.cloud.bigquery.v2.JobService.InsertJob-dataRead

References

Files

5.10.md

Latest commit

History

5.10.md

File metadata and controls

5.10 - Recent data read with granular access and permissions details

Queries or Rules

Event Generation

Sample Event

google.cloud.bigquery.v2.JobService.InsertJob-dataRead

References