각 IAM 권한에는 type 속성이 포함되며 그 값은 네 가지 값(ADMIN_READ, ADMIN_WRITE, DATA_READ, DATA_WRITE) 중 하나일 수 있는 열거형입니다. 메서드를 호출하면 Access Approval이 메서드 수행에 필요한 권한의 type 속성에 따라 카테고리가 달라지는 감사 로그를 생성합니다.
DATA_READ, DATA_WRITE, ADMIN_READ의 type 속성 값을 가진 IAM 권한이 필요한 메서드는 데이터 액세스 감사 로그를 생성합니다.
type 속성 값이 ADMIN_WRITE인 IAM 권한이 필요한 메서드는 관리자 활동 감사 로그를 생성합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2024-12-21(UTC)"],[[["\u003cp\u003eAccess Approval audit logs track administrative and access activities within Google Cloud resources, using the service name \u003ccode\u003eaccessapproval.googleapis.com\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eAudit logs generated by Access Approval are categorized as either Data Access or Admin Activity logs, depending on the IAM permission type required for the method.\u003c/p\u003e\n"],["\u003cp\u003eMethods requiring \u003ccode\u003eADMIN_WRITE\u003c/code\u003e permissions generate Admin Activity audit logs, while methods with \u003ccode\u003eDATA_READ\u003c/code\u003e, \u003ccode\u003eDATA_WRITE\u003c/code\u003e, or \u003ccode\u003eADMIN_READ\u003c/code\u003e permissions result in Data Access audit logs.\u003c/p\u003e\n"],["\u003cp\u003eSpecific methods, such as \u003ccode\u003eApproveApprovalRequest\u003c/code\u003e, \u003ccode\u003eDeleteAccessApprovalSettings\u003c/code\u003e, \u003ccode\u003eDismissApprovalRequest\u003c/code\u003e, \u003ccode\u003eInvalidateApprovalRequest\u003c/code\u003e, and \u003ccode\u003eUpdateAccessApprovalSettings\u003c/code\u003e, each generate Admin Activity audit logs and have corresponding filter expressions for querying.\u003c/p\u003e\n"],["\u003cp\u003eSome methods like \u003ccode\u003eGetAccessApprovalServiceAccount\u003c/code\u003e, \u003ccode\u003eGetAccessApprovalSettings\u003c/code\u003e, \u003ccode\u003eGetApprovalRequest\u003c/code\u003e, and \u003ccode\u003eListApprovalRequests\u003c/code\u003e do not produce audit logs due to factors like high volume, low auditing value, or existing coverage in other logs.\u003c/p\u003e\n"]]],[],null,["# Access Approval audit logging information\n=========================================\n\nThis document describes audit logging for Access Approval. Google Cloud services\ngenerate audit logs that record administrative and access activities within your Google Cloud resources.\nFor more information about Cloud Audit Logs, see the following:\n\n- [Types of audit logs](/logging/docs/audit#types)\n- [Audit log entry structure](/logging/docs/audit#audit_log_entry_structure)\n- [Storing and routing audit logs](/logging/docs/audit#storing_and_routing_audit_logs)\n- [Cloud Logging pricing summary](/stackdriver/pricing#logs-pricing-summary)\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n\n\u003cbr /\u003e\n\nService name\n------------\n\nAccess Approval audit logs use the service name `accessapproval.googleapis.com`.\nFilter for this service: \n\n```gdscript\n protoPayload.serviceName=\"accessapproval.googleapis.com\"\n \n```\n\n\u003cbr /\u003e\n\nMethods by permission type\n--------------------------\n\nEach IAM permission has a `type` property, whose value is an enum\nthat can be one of four values: `ADMIN_READ`, `ADMIN_WRITE`,\n`DATA_READ`, or `DATA_WRITE`. When you call a method,\nAccess Approval generates an audit log whose category is dependent on the\n`type` property of the permission required to perform the method.\n\nMethods that require an IAM permission with the `type` property value\nof `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ` generate\n[Data Access](/logging/docs/audit#data-access) audit logs.\n\nMethods that require an IAM permission with the `type` property value\nof `ADMIN_WRITE` generate\n[Admin Activity](/logging/docs/audit#admin-activity) audit logs.\n\nAPI interface audit logs\n------------------------\n\nFor information about how and which permissions are evaluated for each method,\nsee the Identity and Access Management documentation for Access Approval.\n\n### `google.cloud.accessapproval.v1.AccessApproval`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.accessapproval.v1.AccessApproval`.\n\n#### `ApproveApprovalRequest`\n\n- **Method** : `google.cloud.accessapproval.v1.AccessApproval.ApproveApprovalRequest` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `accessapproval.requests.approve - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.accessapproval.v1.AccessApproval.ApproveApprovalRequest\"\n ` \n\n#### `DeleteAccessApprovalSettings`\n\n- **Method** : `google.cloud.accessapproval.v1.AccessApproval.DeleteAccessApprovalSettings` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `accessapproval.settings.delete - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.accessapproval.v1.AccessApproval.DeleteAccessApprovalSettings\"\n ` \n\n#### `DismissApprovalRequest`\n\n- **Method** : `google.cloud.accessapproval.v1.AccessApproval.DismissApprovalRequest` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `accessapproval.requests.dismiss - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.accessapproval.v1.AccessApproval.DismissApprovalRequest\"\n ` \n\n#### `InvalidateApprovalRequest`\n\n- **Method** : `google.cloud.accessapproval.v1.AccessApproval.InvalidateApprovalRequest` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `accessapproval.requests.invalidate - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.accessapproval.v1.AccessApproval.InvalidateApprovalRequest\"\n ` \n\n#### `UpdateAccessApprovalSettings`\n\n- **Method** : `google.cloud.accessapproval.v1.AccessApproval.UpdateAccessApprovalSettings` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `accessapproval.settings.update - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.accessapproval.v1.AccessApproval.UpdateAccessApprovalSettings\"\n `"]]
