- JSON representation
- BigQueryAuditMetadata.JobInsertion
- BigQueryAuditMetadata.Job
- BigQueryAuditMetadata.JobConfig
- BigQueryAuditMetadata.JobConfig.Query
- BigQueryAuditMetadata.TableDefinition
- BigQueryAuditMetadata.EncryptionInfo
- BigQueryAuditMetadata.JobConfig.Load
- BigQueryAuditMetadata.JobConfig.Extract
- BigQueryAuditMetadata.JobConfig.TableCopy
- BigQueryAuditMetadata.JobStatus
- BigQueryAuditMetadata.JobStats
- BigQueryAuditMetadata.JobStats.Query
- BigQueryAuditMetadata.JobStats.Load
- BigQueryAuditMetadata.JobStats.Extract
- BigQueryAuditMetadata.JobStats.ReservationResourceUsage
- BigQueryAuditMetadata.JobChange
- BigQueryAuditMetadata.DatasetCreation
- BigQueryAuditMetadata.Dataset
- BigQueryAuditMetadata.EntityInfo
- BigQueryAuditMetadata.BigQueryAcl
- BigQueryAuditMetadata.DatasetChange
- BigQueryAuditMetadata.DatasetDeletion
- BigQueryAuditMetadata.TableCreation
- BigQueryAuditMetadata.Table
- BigQueryAuditMetadata.TableViewDefinition
- BigQueryAuditMetadata.TableChange
- BigQueryAuditMetadata.TableDeletion
- BigQueryAuditMetadata.TableDataRead
- BigQueryAuditMetadata.TableDataChange
- BigQueryAuditMetadata.ModelDeletion
- BigQueryAuditMetadata.ModelCreation
- BigQueryAuditMetadata.Model
- BigQueryAuditMetadata.ModelMetadataChange
- BigQueryAuditMetadata.ModelDataChange
- BigQueryAuditMetadata.ModelDataRead
- BigQueryAuditMetadata.RoutineCreation
- BigQueryAuditMetadata.Routine
- BigQueryAuditMetadata.RoutineChange
- BigQueryAuditMetadata.RoutineDeletion
- BigQueryAuditMetadata.RowAccessPolicyCreation
- BigQueryAuditMetadata.RowAccessPolicy
BigQueryAuditMetaData is exposed as part of the new AuditData.metadata messages.
| JSON representation | |
|---|---|
{ // Union field |
|
| Fields | ||
|---|---|---|
Union field event. Request data for each BigQuery event. event can be only one of the following: |
||
jobInsertion |
Job insertion event. |
|
jobChange |
Job state change event. |
|
datasetCreation |
Dataset creation event. |
|
datasetChange |
Dataset change event. |
|
datasetDeletion |
Dataset deletion event. |
|
tableCreation |
Table creation event. |
|
tableChange |
Table metadata change event. |
|
tableDeletion |
Table deletion event. |
|
tableDataRead |
Table data read event. |
|
tableDataChange |
Table data change event. |
|
modelDeletion |
Model deletion event. |
|
modelCreation |
Model creation event. |
|
modelMetadataChange |
Model metadata change event. |
|
modelDataChange |
Model data change event. |
|
modelDataRead |
Model data read event. |
|
routineCreation |
Routine creation event. |
|
routineChange |
Routine change event. |
|
routineDeletion |
Routine deletion event. |
|
rowAccessPolicyCreation |
Row access policy create event. |
|
BigQueryAuditMetadata.JobInsertion
Job insertion event. Only logged in the project that runs the job. Other projects will get appropriate logs for table operations
| JSON representation | |
|---|---|
{ "job": { object ( |
|
| Fields | |
|---|---|
job |
Job description. |
reason |
Describes a way the job was inserted. |
BigQueryAuditMetadata.Job
Job represents a BigQuery job.
| JSON representation | |
|---|---|
{ "jobName": string, "jobConfig": { object ( |
|
| Fields | |
|---|---|
jobName |
Job uri. |
jobConfig |
Job configuration. |
jobStatus |
Job state. |
jobStats |
Job statistics. |
BigQueryAuditMetadata.JobConfig
Job configuration information. See the Jobs API resource for more details on individual fields.
| JSON representation | |
|---|---|
{ "type": enum ( |
|
| Fields | ||
|---|---|---|
type |
Job type. |
|
labels |
Labels provided for the job. An object containing a list of |
|
Union field config. Job configuration information. config can be only one of the following: |
||
queryConfig |
Query job information. |
|
loadConfig |
Load job information. |
|
extractConfig |
Extract job information. |
|
tableCopyConfig |
TableCopy job information. |
|
BigQueryAuditMetadata.JobConfig.Query
Describes a query job.
| JSON representation | |
|---|---|
{ "query": string, "queryTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
|
| Fields | |
|---|---|
query |
The SQL query to run. Truncated if exceeds 50K. |
queryTruncated |
True if the query field was truncated. |
destinationTable |
The table where results are written. |
createDisposition |
Destination table create disposition. |
writeDisposition |
Destination table write disposition. |
defaultDataset |
Default dataset for the query. |
tableDefinitions[] |
Describes data sources outside BigQuery, if needed. |
priority |
Priority given to the query. |
destinationTableEncryption |
Result table encryption information. Set when non-default encryption is used. |
statementType |
Type of the query. |
BigQueryAuditMetadata.TableDefinition
Describes an external data source used in a query.
| JSON representation | |
|---|---|
{ "name": string, "sourceUris": [ string ] } |
|
| Fields | |
|---|---|
name |
Name of the table, used in queries. |
sourceUris[] |
URIs for the data to be imported. |
BigQueryAuditMetadata.EncryptionInfo
Describes encryption properties for a table or a job
| JSON representation | |
|---|---|
{ "kmsKeyName": string } |
|
| Fields | |
|---|---|
kmsKeyName |
unique identifier for cloud kms key |
BigQueryAuditMetadata.JobConfig.Load
Describes a load job.
| JSON representation | |
|---|---|
{ "sourceUris": [ string ], "sourceUrisTruncated": boolean, "schemaJson": string, "schemaJsonTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
|
| Fields | |
|---|---|
sourceUris[] |
URIs for the data to be imported. Entire list is truncated if exceeds 40K. |
sourceUrisTruncated |
True if the sourceUris field was truncated. |
schemaJson |
The table schema in JSON format. Entire field is truncated if exceeds 40K. |
schemaJsonTruncated |
True if the schemaJson field was truncated. |
destinationTable |
The table where the imported data is written. |
createDisposition |
Destination table create disposition. |
writeDisposition |
Destination table write disposition. |
destinationTableEncryption |
Result table encryption information. Set when non-default encryption is used. |
BigQueryAuditMetadata.JobConfig.Extract
Describes an extract job.
| JSON representation | |
|---|---|
{ "destinationUris": [ string ], "destinationUrisTruncated": boolean, // Union field |
|
| Fields | ||
|---|---|---|
destinationUris[] |
URIs where extracted data should be written. Entire list is truncated if exceeds 50K. |
|
destinationUrisTruncated |
True if the destinationUris field was truncated. |
|
Union field
|
||
sourceTable |
The source table. |
|
sourceModel |
The source model. |
|
BigQueryAuditMetadata.JobConfig.TableCopy
Describes a copy job, which copies an existing table to another table.
| JSON representation | |
|---|---|
{ "sourceTables": [ string ], "sourceTablesTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
|
| Fields | |
|---|---|
sourceTables[] |
Source tables. Entire list is truncated if exceeds 50K. |
sourceTablesTruncated |
True if the sourceTables field was truncated. |
destinationTable |
Destination table. |
createDisposition |
Destination table create disposition. |
writeDisposition |
Destination table write disposition. |
destinationTableEncryption |
Result table encryption information. Set when non-default encryption is used. |
operationType |
Supported operation types in table copy job. |
destinationExpirationTime |
The time when the destination table expires. Expired tables will be deleted and their storage reclaimed. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
BigQueryAuditMetadata.JobStatus
Running state of a job.
| JSON representation | |
|---|---|
{ "jobState": enum ( |
|
| Fields | |
|---|---|
jobState |
State of the job. |
errorResult |
Job error, if job failed. |
errors[] |
Errors encountered during the running of the job. Do not necessarily mean that the job has completed or was unsuccessful. |
BigQueryAuditMetadata.JobStats
Job statistics that may change after job starts.
| JSON representation | |
|---|---|
{ "createTime": string, "startTime": string, "endTime": string, "totalSlotMs": string, "reservationUsage": [ { object ( |
|
| Fields | ||
|---|---|---|
createTime |
Time when the job was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
|
startTime |
Time when the job started. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
|
endTime |
Time when the job ended. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
|
totalSlotMs |
The total number of slot-ms consumed by the query job. |
|
reservationUsage[] |
Reservation usage attributed from each tier of a reservation hierarchy. |
|
parentJobName |
Parent job name. Only present for child jobs. |
|
Union field extended. Statistics specific to the job type. extended can be only one of the following: |
||
queryStats |
Query job statistics. |
|
loadStats |
Load job statistics. |
|
extractStats |
Extract job statistics. |
|
BigQueryAuditMetadata.JobStats.Query
Query job statistics.
| JSON representation | |
|---|---|
{ "totalProcessedBytes": string, "totalBilledBytes": string, "billingTier": integer, "referencedTables": [ string ], "referencedViews": [ string ], "referencedRoutines": [ string ], "outputRowCount": string, "cacheHit": boolean } |
|
| Fields | |
|---|---|
totalProcessedBytes |
Total bytes processed for a job. |
totalBilledBytes |
Processed bytes, adjusted by the job's CPU usage. |
billingTier |
The tier assigned by CPU-based billing. |
referencedTables[] |
Tables accessed by the query job. |
referencedViews[] |
Views accessed by the query job. |
referencedRoutines[] |
Routines accessed by the query job. |
outputRowCount |
Number of output rows produced by the query job. |
cacheHit |
True if the query cache was used for the results. |
BigQueryAuditMetadata.JobStats.Load
Load job statistics.
| JSON representation | |
|---|---|
{ "totalOutputBytes": string } |
|
| Fields | |
|---|---|
totalOutputBytes |
Total bytes loaded for an import job. |
BigQueryAuditMetadata.JobStats.Extract
Extract job statistics.
| JSON representation | |
|---|---|
{ "totalInputBytes": string } |
|
| Fields | |
|---|---|
totalInputBytes |
Total bytes exported for an extract job. |
BigQueryAuditMetadata.JobStats.ReservationResourceUsage
Job resource usage breakdown by reservation.
| JSON representation | |
|---|---|
{ "name": string, "slotMs": string } |
|
| Fields | |
|---|---|
name |
Reservation name or "unreserved" for on-demand resources usage. |
slotMs |
Total slot milliseconds used by the reservation for a particular job. |
BigQueryAuditMetadata.JobChange
Job state change event. Only logged in the project that runs the job.
| JSON representation | |
|---|---|
{ "before": enum ( |
|
| Fields | |
|---|---|
before |
Job state before the job state change. |
after |
Job state after the job state change. |
job |
Job description. |
BigQueryAuditMetadata.DatasetCreation
Dataset creation event.
| JSON representation | |
|---|---|
{
"dataset": {
object ( |
|
| Fields | |
|---|---|
dataset |
Dataset description. |
BigQueryAuditMetadata.Dataset
Dataset represents a BigQuery dataset.
| JSON representation | |
|---|---|
{ "datasetName": string, "datasetInfo": { object ( |
|
| Fields | |
|---|---|
datasetName |
Dataset uri. |
datasetInfo |
User-provided metadata for the dataset. |
createTime |
The time the dataset was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
The time the dataset was last modified. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
acl |
The access control list for the dataset. |
defaultTableExpireDuration |
Default expiration time for tables in the dataset. A duration in seconds with up to nine fractional digits, terminated by ' |
defaultEncryption |
Default encryption for tables in the dataset. |
BigQueryAuditMetadata.EntityInfo
User-provided metadata for an entity within a dataset, for e.g. table, model.
| JSON representation | |
|---|---|
{ "friendlyName": string, "description": string, "labels": { string: string, ... } } |
|
| Fields | |
|---|---|
friendlyName |
A short name for the entity. |
description |
A long description for the entity. |
labels |
Labels provided for the entity. An object containing a list of |
BigQueryAuditMetadata.BigQueryAcl
An access control list.
| JSON representation | |
|---|---|
{
"policy": {
object ( |
|
| Fields | |
|---|---|
policy |
IAM policy for the resource. |
authorizedViews[] |
List of authorized views for a dataset. |
BigQueryAuditMetadata.DatasetChange
Dataset change event.
| JSON representation | |
|---|---|
{
"dataset": {
object ( |
|
| Fields | |
|---|---|
dataset |
Dataset description after the change. |
BigQueryAuditMetadata.DatasetDeletion
Dataset deletion event.
BigQueryAuditMetadata.TableCreation
Table creation event.
| JSON representation | |
|---|---|
{ "table": { object ( |
|
| Fields | |
|---|---|
table |
Table description. |
reason |
Describes how table was created. |
jobName |
The uri of the job that created a table. Present if the reason is JOB or QUERY. |
BigQueryAuditMetadata.Table
Table represents a BigQuery table.
| JSON representation | |
|---|---|
{ "tableName": string, "tableInfo": { object ( |
|
| Fields | |
|---|---|
tableName |
Table uri. |
tableInfo |
User-provided metadata for the table. |
schemaJson |
A JSON representation of the table's schema. Entire field is truncated if exceeds 40K. |
schemaJsonTruncated |
True if the schemaJson field was truncated. |
view |
View description. Only present for views. |
expireTime |
The expiration date for the table. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
createTime |
The time the table was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
The time the table was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
truncateTime |
The time the table was last truncated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
encryption |
Result table encryption information. Set when non-default encryption is used. |
BigQueryAuditMetadata.TableViewDefinition
Describes a view.
| JSON representation | |
|---|---|
{ "query": string, "queryTruncated": boolean } |
|
| Fields | |
|---|---|
query |
SQL query defining the view. Truncated if exceeds 40K. |
queryTruncated |
True if the schemaJson field was truncated. |
BigQueryAuditMetadata.TableChange
Table metadata change event.
| JSON representation | |
|---|---|
{ "table": { object ( |
|
| Fields | |
|---|---|
table |
Table description. |
truncated |
True if the table was truncated, false otherwise. |
reason |
Describes why the changes occurred. |
jobName |
The uri of the job that changed a table. Present if the reason is JOB or QUERY. |
BigQueryAuditMetadata.TableDeletion
Table deletion event.
| JSON representation | |
|---|---|
{
"reason": enum ( |
|
| Fields | |
|---|---|
reason |
Describes how table was deleted. |
jobName |
The uri of the job that deleted a table. Present if the reason is QUERY. |
BigQueryAuditMetadata.TableDataRead
Table data read event.
| JSON representation | |
|---|---|
{
"fields": [
string
],
"fieldsTruncated": boolean,
"policyTags": [
string
],
"policyTagsTruncated": boolean,
"reason": enum ( |
|
| Fields | |
|---|---|
fields[] |
List of the accessed fields. Entire list is truncated if the record size exceeds 100K. |
fieldsTruncated |
True if the fields list is truncated. |
policyTags[] |
List of the referenced policy tags. That is, policy tags attached to the accessed fields or their ancestors. Policy tag resource name is a string of the format: "projects/ |
policyTagsTruncated |
True if the policy tag list is truncated. At most 100 policy tags will be saved. |
reason |
Describes why table data was read. |
jobName |
The uri of the job that read a table. Present if the reason is JOB but can be reducted for privacy reasons. |
sessionName |
The uri of the read session that read a table. Present if the reason is CREATE_READ_SESSION. |
BigQueryAuditMetadata.TableDataChange
Table data change event.
| JSON representation | |
|---|---|
{
"deletedRowsCount": string,
"insertedRowsCount": string,
"truncated": boolean,
"reason": enum ( |
|
| Fields | |
|---|---|
deletedRowsCount |
Number of deleted rows. |
insertedRowsCount |
Number of inserted rows. |
truncated |
True if the table was truncated, false otherwise. |
reason |
Describes why the changes occurred. |
jobName |
The uri of the job that changed a table. |
streamName |
If written from WRITE_API, the name of the stream. |
BigQueryAuditMetadata.ModelDeletion
Model deletion event.
| JSON representation | |
|---|---|
{
"reason": enum ( |
|
| Fields | |
|---|---|
reason |
The reason why the model was deleted. |
jobName |
The URI of the job that deleted a model. Present if and only if the reason is QUERY. |
BigQueryAuditMetadata.ModelCreation
Model creation event.
| JSON representation | |
|---|---|
{ "model": { object ( |
|
| Fields | |
|---|---|
model |
Model description. |
reason |
Describes how the model was created. |
jobName |
The URI of the job that created the model. |
BigQueryAuditMetadata.Model
Model corresponds to a trained BigQuery ML model.
| JSON representation | |
|---|---|
{ "modelName": string, "modelInfo": { object ( |
|
| Fields | |
|---|---|
modelName |
Model uri. |
modelInfo |
Entity info for the model. |
expireTime |
The expiration date for the model. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
createTime |
The time the model was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
The time the model was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
encryption |
Encryption information. Set when non-default encryption is used. |
BigQueryAuditMetadata.ModelMetadataChange
Model metadata change event.
| JSON representation | |
|---|---|
{ "model": { object ( |
|
| Fields | |
|---|---|
model |
Updated model. |
reason |
Describes how the model metadata was changed. |
jobName |
The URI of the job that changed the model metadata. Present if and only if the reason is QUERY. |
BigQueryAuditMetadata.ModelDataChange
Model data change event.
| JSON representation | |
|---|---|
{
"reason": enum ( |
|
| Fields | |
|---|---|
reason |
Describes how the model data was changed. |
jobName |
The URI of the job that changed the model data. |
BigQueryAuditMetadata.ModelDataRead
Model data read event.
| JSON representation | |
|---|---|
{
"reason": enum ( |
|
| Fields | |
|---|---|
reason |
Describes how the model data was read. |
jobName |
The URI of the job that read the model data. |
BigQueryAuditMetadata.RoutineCreation
Routine creation event.
| JSON representation | |
|---|---|
{ "routine": { object ( |
|
| Fields | |
|---|---|
routine |
Created routine. |
reason |
Describes how the routine was created. |
jobName |
The URI of the job that created the routine. |
BigQueryAuditMetadata.Routine
Routine corresponds to a resource such as a User Defined Function (UDF) or Stored Procedure.
| JSON representation | |
|---|---|
{ "routineName": string, "createTime": string, "updateTime": string } |
|
| Fields | |
|---|---|
routineName |
Routine uri. |
createTime |
The time the routine was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
The time the routine was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
BigQueryAuditMetadata.RoutineChange
Routine change event.
| JSON representation | |
|---|---|
{ "routine": { object ( |
|
| Fields | |
|---|---|
routine |
Updated routine. |
reason |
Describes how the routine was updated. |
jobName |
The URI of the job that updated the routine. |
BigQueryAuditMetadata.RoutineDeletion
Routine deletion event.
| JSON representation | |
|---|---|
{ "routine": { object ( |
|
| Fields | |
|---|---|
routine |
Deleted routine. |
reason |
Describes how the routine was deleted. |
jobName |
The URI of the job that deleted the routine. |
BigQueryAuditMetadata.RowAccessPolicyCreation
Row access policy creation event.
| JSON representation | |
|---|---|
{
"rowAccessPolicy": {
object ( |
|
| Fields | |
|---|---|
rowAccessPolicy |
The row access policy created by this event. |
jobName |
The URI of the job that created this row access policy. |
BigQueryAuditMetadata.RowAccessPolicy
Represents a BigQuery row access policy.
| JSON representation | |
|---|---|
{ "rowAccessPolicyName": string } |
|
| Fields | |
|---|---|
rowAccessPolicyName |
Row access policy uri. e.g. projects/p1/datasets/d1/tables/t1/rowAccessPolicies/rap1 |