Share via

ServerDevOpsAuditingSettings interface

  • Reference
Package:
@azure/arm-sql

A server DevOps auditing settings.

Extends
ProxyResource

Properties

isAzureMonitorTargetEnabled

Specifies whether DevOps audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.

When using REST API to configure DevOps audit, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should be also created.

Diagnostic Settings URI format: PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview

For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell
isManagedIdentityInUse

Specifies whether Managed Identity is used to access blob storage
state

Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.
storageAccountAccessKey

Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication:

  1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).
  2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication
storageAccountSubscriptionId

Specifies the blob storage subscription Id.
storageEndpoint

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.
systemData

SystemData of ServerDevOpsAuditSettingsResource. NOTE: This property will not be serialized. It can only be populated by the server.

Inherited Properties

id

Resource ID. NOTE: This property will not be serialized. It can only be populated by the server.
name

Resource name. NOTE: This property will not be serialized. It can only be populated by the server.
type

Resource type. NOTE: This property will not be serialized. It can only be populated by the server.

Property Details

isAzureMonitorTargetEnabled

Specifies whether DevOps audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.

When using REST API to configure DevOps audit, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should be also created.

Diagnostic Settings URI format: PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview

For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

isAzureMonitorTargetEnabled?: boolean

Property Value

boolean

isManagedIdentityInUse

Specifies whether Managed Identity is used to access blob storage

isManagedIdentityInUse?: boolean

Property Value

boolean

state

Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

state?: BlobAuditingPolicyState

Property Value

BlobAuditingPolicyState

storageAccountAccessKey

Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication:

  1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).
  2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication
storageAccountAccessKey?: string

Property Value

string

storageAccountSubscriptionId

Specifies the blob storage subscription Id.

storageAccountSubscriptionId?: string

Property Value

string

storageEndpoint

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

storageEndpoint?: string

Property Value

string

systemData

SystemData of ServerDevOpsAuditSettingsResource. NOTE: This property will not be serialized. It can only be populated by the server.

systemData?: SystemData

Property Value

SystemData

Inherited Property Details

id

Resource ID. NOTE: This property will not be serialized. It can only be populated by the server.

id?: string

Property Value

string

Inherited From ProxyResource.id

name

Resource name. NOTE: This property will not be serialized. It can only be populated by the server.

name?: string

Property Value

string

Inherited From ProxyResource.name

type

Resource type. NOTE: This property will not be serialized. It can only be populated by the server.

type?: string

Property Value

string

Inherited From ProxyResource.type