Data access work #7
Conversation
… into data_access_work
| WHEN service = 'bigquery' THEN | ||
| CASE | ||
| WHEN action IN ('bigquery.tables.delete', | ||
| 'bigquery.datasets.delete', |
There was a problem hiding this comment.
Align values with previous value. Same for the following WHEN statements.
| -- Parts of the resource accessed | ||
| SPLIT(i.resource, '/') AS parts | ||
| FROM | ||
| `${PROJECT_ID}.data_access.cloudaudit_googleapis_com_data_access_*` d |
| `${PROJECT_ID}.data_access.cloudaudit_googleapis_com_data_access_*` d | ||
| CROSS JOIN d.protopayload_auditlog.authorizationInfo i | ||
| WHERE | ||
| i.resource IS NOT NULL AND |
There was a problem hiding this comment.
Move AND to the next line.
WHERE
filter 1
AND filter 2
| SPLIT(i.resource, '/') AS parts | ||
| FROM | ||
| `${PROJECT_ID}.data_access.cloudaudit_googleapis_com_data_access_*` d | ||
| CROSS JOIN d.protopayload_auditlog.authorizationInfo i |
There was a problem hiding this comment.
Align CROSS JOIN with FROM.
| CASE | ||
| WHEN service = 'storage' THEN | ||
| CASE | ||
| -- See granular permissions here: https://cloud.google.com/storage/docs/access-control/iam-permissions |
There was a problem hiding this comment.
Please intend CASE statements. Use 2 spaces for all indentation through out the script.
| -- See granular permissions here: https://cloud.google.com/bigquery/docs/access-control#bq-permissions | ||
| WHEN service = 'bigquery' THEN | ||
| CASE | ||
| WHEN action IN ('bigquery.tables.delete', |
There was a problem hiding this comment.
Please indent WHEN statements.
| granted, | ||
| -- Project is of the resource or, if not there, | ||
| -- then for the method accessing it (eg for buckets) | ||
| CASE |
There was a problem hiding this comment.
Do you need a ELSE to set a default value here? Otherwise, it will create NULLs.
| actor, | ||
| -- Translate the action into an operation (READ/WRITE/ADMIN) | ||
| CASE | ||
| WHEN service = 'storage' THEN |
There was a problem hiding this comment.
Do you think by checking the action value, you can determine the action type? So, maybe simplify the code a little with one level of CASE statement?
Same for service='bigquery' code below.
| @@ -0,0 +1,8 @@ | |||
| { | |||
There was a problem hiding this comment.
Please add a description, what this file is for?
|
Hi mescanne, Please take a look of the comments when you have time. Thanks! |
Sample SQL script for analysing data access logs produced by GCS and BigQuery datasets.
I've adjusted README.md to add it in and provided instructions for setting up the sink, data access controls, as well as running the SQL.