az synapse sql audit-policy
Manage SQL auditing policy.
Commands
Name | Description | Type | Status |
---|---|---|---|
az synapse sql audit-policy show |
Get a SQL's auditing policy. |
Core | GA |
az synapse sql audit-policy update |
Update a SQL's auditing policy. |
Core | GA |
az synapse sql audit-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az synapse sql audit-policy show
Get a SQL's auditing policy.
az synapse sql audit-policy show --resource-group
--workspace-name
Examples
Get a SQL's auditing policy.
az synapse sql audit-policy show --workspace-name testsynapseworkspace --resource-group rg
Required Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The workspace name.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az synapse sql audit-policy update
Update a SQL's auditing policy.
If the policy is being enabled, --storage-account
or both --storage-endpoint
and --storage-key
must be specified.
az synapse sql audit-policy update --resource-group
--workspace-name
[--actions]
[--add]
[--blob-auditing-policy-name]
[--blob-storage-target-state {Disabled, Enabled}]
[--eh]
[--ehari]
[--ehts {Disabled, Enabled}]
[--enable-azure-monitor {false, true}]
[--force-string]
[--lats {Disabled, Enabled}]
[--lawri]
[--no-wait]
[--queue-delay-milliseconds]
[--remove]
[--retention-days]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--storage-subscription]
[--use-secondary-key {false, true}]
Examples
Enable by storage account name.
az synapse sql audit-policy update --workspace-name testsynapseworkspace --resource-group rg --state Enabled \
--blob-storage-target-state Enabled --storage-account mystorage
Enable by storage endpoint and key.
az synapse sql audit-policy update --workspace-name testsynapseworkspace --resource-group rg --state Enabled \
--blob-storage-target-state Enabled --storage-endpoint https://mystorage.blob.core.windows.net \
--storage-key MYKEY==
Set the list of audit actions.
az synapse sql audit-policy update --workspace-name testsynapseworkspace --resource-group rg \
--actions SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP 'UPDATE on database::mydb by public'
Disable an auditing policy.
az synapse sql audit-policy update --workspace-name testsynapseworkspace --resource-group rg \
--state Disabled
Disable a blob storage auditing policy.
az synapse sql audit-policy update --workspace-name testsynapseworkspace --resource-group rg \
--blob-storage-target-state Disabled
Enable a log analytics auditing policy.
az synapse sql audit-policy update --resource-group mygroup --workspace-name myws --state Enabled \
--log-analytics-target-state Enabled --log-analytics-workspace-resource-id myworkspaceresourceid
Disable a log analytics auditing policy.
az synapse sql audit-policy update --resource-group mygroup --workspace-name myws --state Enabled
--log-analytics-target-state Disabled
Enable an event hub auditing policy.
az synapse sql audit-policy update --resource-group mygroup --workspace-name myws --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid \
--event-hub eventhubname
Enable an event hub auditing policy for default event hub.
az synapse sql audit-policy update --resource-group mygroup --workspace-name myws --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid
Disable an event hub auditing policy.
az synapse sql audit-policy update --resource-group mygroup --workspace-name myws
--state Enabled --event-hub-target-state Disabled
Required Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The workspace name.
Optional Parameters
List of actions and action groups to audit.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
Indicate whether blob storage is a destination for audit records.
The name of the event hub. If none is specified when providing event_hub_authorization_rule_id, the default event hub will be selected.
The resource Id for the event hub authorization rule.
Indicate whether event hub is a destination for audit records.
Whether enabling azure monitor target or not.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Indicate whether log analytics is a destination for audit records.
The workspace ID (resource ID of a Log Analytics workspace) for a Log Analytics workspace to which you would like to send Audit Logs.
Do not wait for the long-running operation to finish.
The amount of time in milliseconds that can elapse before audit actions are forced to be processed.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
The number of days to retain audit logs.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Auditing policy state.
Name of the storage account.
The storage account endpoint.
Access key for the storage account.
The subscription id of storage account.
Indicates whether using the secondary storeage key or not.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az synapse sql audit-policy wait
Place the CLI in a waiting state until a condition is met.
az synapse sql audit-policy wait --blob-auditing-policy-name
--resource-group
--workspace-name
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]
Required Parameters
The name of the blob auditing policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The workspace name.
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Polling interval in seconds.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.