发送反馈
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Dataproc Resource Manager 审核日志记录
本文档介绍了 Dataproc Resource Manager 的审核日志记录。 Google Cloud 服务会生成审核日志,以记录 Google Cloud 资源中的管理和访问活动。如需详细了解 Cloud Audit Logs,请参阅以下内容:
服务名称
Dataproc Resource Manager 审核日志使用服务名称 dataprocrm.googleapis.com。
针对此服务的过滤条件:
protoPayload . serviceName = "dataprocrm.googleapis.com"
方法(按权限类型)
每个 IAM 权限都有一个 type 属性,该属性的值是一个枚举,可以是以下四个值之一:ADMIN_READ、ADMIN_WRITE、DATA_READ 或 DATA_WRITE。在您调用某个方法时,Dataproc Resource Manager 会生成一个审核日志,其类别取决于执行该方法所需权限的 type 属性。需要 IAM 权限且 type 属性值为 DATA_READ、DATA_WRITE 或 ADMIN_READ 的方法会生成数据访问 审核日志。需要 IAM 权限且 type 属性值为 ADMIN_WRITE 的方法会生成管理员活动 审核日志。
权限类型
方法
ADMIN_READgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodegoogle.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodePoolgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.GetWorkloadgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodePoolsgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodesgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.ListWorkloads
ADMIN_WRITEgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.CancelWorkloadgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.CreateNodePoolgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.CreateWorkloadgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodePoolgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodesgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteWorkloadgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.HeartbeatNodegoogle.cloud.dataproc.rm.v1.DataprocResourceManager.ResizeNodePool
DATA_READgoogle.cloud.dataproc.rm.v1.DataprocResourceManager.MintOAuthToken
API 接口审核日志
如需了解如何针对每种方法评估权限以及评估哪些权限,请参阅 Dataproc Resource Manager 的 Identity and Access Management 文档。
google.cloud.dataproc.rm.v1.DataprocResourceManager以下审核日志与属于 google.cloud.dataproc.rm.v1.DataprocResourceManager 的方法相关联。
CancelWorkload
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.CancelWorkload审核日志类型 :管理员活动 权限 :dataprocrm.workloads.cancel - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.CancelWorkload"
CreateNodePool
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateNodePool审核日志类型 :管理员活动 权限 :dataprocrm.nodePools.create - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateNodePool"
CreateWorkload
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateWorkload审核日志类型 :管理员活动 权限 :dataprocrm.workloads.create - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateWorkload"
DeleteNodePool
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodePool审核日志类型 :管理员活动 权限 :dataprocrm.nodePools.delete - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodePool"
DeleteNodes
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodes审核日志类型 :管理员活动 权限 :dataprocrm.nodePools.deleteNodes - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodes"
DeleteWorkload
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteWorkload审核日志类型 :管理员活动 权限 :dataprocrm.workloads.delete - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteWorkload"
GetNode
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNode审核日志类型 :数据访问 权限 :dataprocrm.nodes.get - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNode"
GetNodePool
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodePool审核日志类型 :数据访问 权限 :dataprocrm.nodePools.get - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodePool"
GetWorkload
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.GetWorkload审核日志类型 :数据访问 权限 :dataprocrm.workloads.get - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.GetWorkload"
HeartbeatNode
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.HeartbeatNode审核日志类型 :管理员活动 权限 :dataprocrm.nodes.heartbeat - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.HeartbeatNode"
ListNodePools
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodePools审核日志类型 :数据访问 权限 :dataprocrm.nodePools.list - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodePools"
ListNodes
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodes审核日志类型 :数据访问 权限 :dataprocrm.nodes.list - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodes"
ListWorkloads
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.ListWorkloads审核日志类型 :数据访问 权限 :dataprocrm.workloads.list - ADMIN_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.ListWorkloads"
MintOAuthToken
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.MintOAuthToken审核日志类型 :数据访问 权限 :dataprocrm.nodes.mintOAuthToken - DATA_READ方法是长时间运行的操作或流式传输操作 :否。此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.MintOAuthToken"
ResizeNodePool
方法 :google.cloud.dataproc.rm.v1.DataprocResourceManager.ResizeNodePool审核日志类型 :管理员活动 权限 :dataprocrm.nodePools.resize - ADMIN_WRITE方法是长时间运行的操作或流式传输操作 :长时间运行的操作 此方法的过滤条件 :
protoPayload.methodName="google.cloud.dataproc.rm.v1.DataprocResourceManager.ResizeNodePool"
发送反馈
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可 获得了许可,并且代码示例已根据 Apache 2.0 许可 获得了许可。有关详情,请参阅 Google 开发者网站政策 。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-09-04。
需要向我们提供更多信息?
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["Dataproc Resource Manager audit logging\n=======================================\n\nThis document describes audit logging for Dataproc Resource Manager. Google Cloud services\ngenerate audit logs that record administrative and access activities within your Google Cloud resources.\nFor more information about Cloud Audit Logs, see the following:\n\n- [Types of audit logs](/logging/docs/audit#types)\n- [Audit log entry structure](/logging/docs/audit#audit_log_entry_structure)\n- [Storing and routing audit logs](/logging/docs/audit#storing_and_routing_audit_logs)\n- [Cloud Logging pricing summary](/stackdriver/pricing#logs-pricing-summary)\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n\n\u003cbr /\u003e\n\nService name\n------------\n\nDataproc Resource Manager audit logs use the service name `dataprocrm.googleapis.com`.\nFilter for this service: \n\n```gdscript\n protoPayload.serviceName=\"dataprocrm.googleapis.com\"\n \n```\n\n\u003cbr /\u003e\n\nMethods by permission type\n--------------------------\n\nEach IAM permission has a `type` property, whose value is an enum\nthat can be one of four values: `ADMIN_READ`, `ADMIN_WRITE`,\n`DATA_READ`, or `DATA_WRITE`. When you call a method,\nDataproc Resource Manager generates an audit log whose category is dependent on the\n`type` property of the permission required to perform the method.\n\nMethods that require an IAM permission with the `type` property value\nof `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ` generate\n[Data Access](/logging/docs/audit#data-access) audit logs.\n\nMethods that require an IAM permission with the `type` property value\nof `ADMIN_WRITE` generate\n[Admin Activity](/logging/docs/audit#admin-activity) audit logs.\n\nAPI interface audit logs\n------------------------\n\nFor information about how and which permissions are evaluated for each method,\nsee the Identity and Access Management documentation for Dataproc Resource Manager.\n\n### `google.cloud.dataproc.rm.v1.DataprocResourceManager`\n\nThe following audit logs are associated with methods belonging to\n`google.cloud.dataproc.rm.v1.DataprocResourceManager`.\n\n#### `CancelWorkload`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.CancelWorkload` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.workloads.cancel - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.CancelWorkload\"\n ` \n\n#### `CreateNodePool`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateNodePool` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.nodePools.create - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateNodePool\"\n ` \n\n#### `CreateWorkload`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateWorkload` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.workloads.create - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.CreateWorkload\"\n ` \n\n#### `DeleteNodePool`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodePool` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.nodePools.delete - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodePool\"\n ` \n\n#### `DeleteNodes`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodes` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.nodePools.deleteNodes - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteNodes\"\n ` \n\n#### `DeleteWorkload`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteWorkload` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.workloads.delete - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.DeleteWorkload\"\n ` \n\n#### `GetNode`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNode` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.nodes.get - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNode\"\n ` \n\n#### `GetNodePool`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodePool` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.nodePools.get - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.GetNodePool\"\n ` \n\n#### `GetWorkload`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.GetWorkload` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.workloads.get - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.GetWorkload\"\n ` \n\n#### `HeartbeatNode`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.HeartbeatNode` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.nodes.heartbeat - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.HeartbeatNode\"\n ` \n\n#### `ListNodePools`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodePools` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.nodePools.list - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodePools\"\n ` \n\n#### `ListNodes`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodes` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.nodes.list - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.ListNodes\"\n ` \n\n#### `ListWorkloads`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.ListWorkloads` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.workloads.list - ADMIN_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.ListWorkloads\"\n ` \n\n#### `MintOAuthToken`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.MintOAuthToken` \n- **Audit log type** : [Data access](/logging/docs/audit#data-access) \n- **Permissions** :\n - `dataprocrm.nodes.mintOAuthToken - DATA_READ`\n- **Method is a long-running or streaming operation** : No. \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.MintOAuthToken\"\n ` \n\n#### `ResizeNodePool`\n\n- **Method** : `google.cloud.dataproc.rm.v1.DataprocResourceManager.ResizeNodePool` \n- **Audit log type** : [Admin activity](/logging/docs/audit#admin-activity) \n- **Permissions** :\n - `dataprocrm.nodePools.resize - ADMIN_WRITE`\n- **Method is a long-running or streaming operation** : [**Long-running operation**](/logging/docs/audit/understanding-audit-logs#lro) \n- **Filter for this method** : `\n protoPayload.methodName=\"google.cloud.dataproc.rm.v1.DataprocResourceManager.ResizeNodePool\"\n `"]]
