Compartilhar via


ExtendedSqlPoolBlobAuditingPolicy Construtores

Definição

Sobrecargas

ExtendedSqlPoolBlobAuditingPolicy()

Inicializa uma nova instância da classe ExtendedSqlPoolBlobAuditingPolicy.

ExtendedSqlPoolBlobAuditingPolicy(BlobAuditingPolicyState, String, String, String, String, String, String, Nullable<Int32>, IList<String>, Nullable<Guid>, Nullable<Boolean>, Nullable<Boolean>, Nullable<Int32>)

Inicializa uma nova instância da classe ExtendedSqlPoolBlobAuditingPolicy.

ExtendedSqlPoolBlobAuditingPolicy()

Inicializa uma nova instância da classe ExtendedSqlPoolBlobAuditingPolicy.

public ExtendedSqlPoolBlobAuditingPolicy ();
Public Sub New ()

Aplica-se a

ExtendedSqlPoolBlobAuditingPolicy(BlobAuditingPolicyState, String, String, String, String, String, String, Nullable<Int32>, IList<String>, Nullable<Guid>, Nullable<Boolean>, Nullable<Boolean>, Nullable<Int32>)

Inicializa uma nova instância da classe ExtendedSqlPoolBlobAuditingPolicy.

public ExtendedSqlPoolBlobAuditingPolicy (Microsoft.Azure.Management.Synapse.Models.BlobAuditingPolicyState state, string id = default, string name = default, string type = default, string predicateExpression = default, string storageEndpoint = default, string storageAccountAccessKey = default, int? retentionDays = default, System.Collections.Generic.IList<string> auditActionsAndGroups = default, Guid? storageAccountSubscriptionId = default, bool? isStorageSecondaryKeyInUse = default, bool? isAzureMonitorTargetEnabled = default, int? queueDelayMs = default);
new Microsoft.Azure.Management.Synapse.Models.ExtendedSqlPoolBlobAuditingPolicy : Microsoft.Azure.Management.Synapse.Models.BlobAuditingPolicyState * string * string * string * string * string * string * Nullable<int> * System.Collections.Generic.IList<string> * Nullable<Guid> * Nullable<bool> * Nullable<bool> * Nullable<int> -> Microsoft.Azure.Management.Synapse.Models.ExtendedSqlPoolBlobAuditingPolicy
Public Sub New (state As BlobAuditingPolicyState, Optional id As String = Nothing, Optional name As String = Nothing, Optional type As String = Nothing, Optional predicateExpression As String = Nothing, Optional storageEndpoint As String = Nothing, Optional storageAccountAccessKey As String = Nothing, Optional retentionDays As Nullable(Of Integer) = Nothing, Optional auditActionsAndGroups As IList(Of String) = Nothing, Optional storageAccountSubscriptionId As Nullable(Of Guid) = Nothing, Optional isStorageSecondaryKeyInUse As Nullable(Of Boolean) = Nothing, Optional isAzureMonitorTargetEnabled As Nullable(Of Boolean) = Nothing, Optional queueDelayMs As Nullable(Of Integer) = Nothing)

Parâmetros

state
BlobAuditingPolicyState

Especifica o estado da política. Se o estado estiver Habilitado, storageEndpoint ou isAzureMonitorTargetEnabled serão necessários. Os valores possíveis incluem: 'Enabled', 'Disabled'

id
String

ID de recurso totalmente qualificada para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name
String

O nome do recurso

type
String

Tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"

predicateExpression
String

Especifica a condição da cláusula where ao criar uma auditoria.

storageEndpoint
String

Especifica o ponto de extremidade de armazenamento de blobs (por exemplo, https://MyAccount.blob.core.windows.net). Se o estado estiver Habilitado, storageEndpoint ou isAzureMonitorTargetEnabled será necessário.

storageAccountAccessKey
String

Especifica a chave de identificador da conta de armazenamento de auditoria. Se state for Enabled e storageEndpoint for especificado, não especificar storageAccountAccessKey usará a identidade gerenciada atribuída pelo sistema do SQL Server para acessar o armazenamento. Pré-requisitos para usar a autenticação de identidade gerenciada: 1. Atribuir SQL Server uma identidade gerenciada atribuída pelo sistema no AAD (Azure Active Directory). 2. Conceda a SQL Server acesso de identidade à conta de armazenamento adicionando a função RBAC 'Colaborador de Dados de Blob de Armazenamento' à identidade do servidor. Para obter mais informações, consulte Auditoria no armazenamento usando a autenticação de Identidade Gerenciada

retentionDays
Nullable<Int32>

Especifica o número de dias a serem mantidos nos logs de auditoria na conta de armazenamento.

auditActionsAndGroups
IList<String>

Especifica o Actions-Groups e Ações a serem auditádas.

         The recommended set of action groups to use is the following
         combination - this will audit all the queries and stored procedures
         executed against the database, as well as successful and failed
         logins:

         BATCH_COMPLETED_GROUP,
         SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
         FAILED_DATABASE_AUTHENTICATION_GROUP.

         This above combination is also the set that is configured by
         default when enabling auditing from the Azure portal.

         The supported action groups to audit are (note: choose only
         specific groups that cover your auditing needs. Using unnecessary
         groups could lead to very large quantities of audit records):

         APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
         BACKUP_RESTORE_GROUP
         DATABASE_LOGOUT_GROUP
         DATABASE_OBJECT_CHANGE_GROUP
         DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
         DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
         DATABASE_OPERATION_GROUP
         DATABASE_PERMISSION_CHANGE_GROUP
         DATABASE_PRINCIPAL_CHANGE_GROUP
         DATABASE_PRINCIPAL_IMPERSONATION_GROUP
         DATABASE_ROLE_MEMBER_CHANGE_GROUP
         FAILED_DATABASE_AUTHENTICATION_GROUP
         SCHEMA_OBJECT_ACCESS_GROUP
         SCHEMA_OBJECT_CHANGE_GROUP
         SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
         SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
         SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
         USER_CHANGE_PASSWORD_GROUP
         BATCH_STARTED_GROUP
         BATCH_COMPLETED_GROUP

         These are groups that cover all sql statements and stored
         procedures executed against the database, and should not be used in
         combination with other groups as this will result in duplicate
         audit logs.

         For more information, see [Database-Level Audit Action
         Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).

         For Database auditing policy, specific Actions can also be
         specified (note that Actions cannot be specified for Server
         auditing policy). The supported actions to audit are:
         SELECT
         UPDATE
         INSERT
         DELETE
         EXECUTE
         RECEIVE
         REFERENCES

         The general form for defining an action to be audited is:
         {action} ON {object} BY {principal}

         Note that &lt;object&gt; in the above format can refer to an object
         like a table, view, or stored procedure, or an entire database or
         schema. For the latter cases, the forms DATABASE::{db_name} and
         SCHEMA::{schema_name} are used, respectively.

         For example:
         SELECT on dbo.myTable by public
         SELECT on DATABASE::myDatabase by public
         SELECT on SCHEMA::mySchema by public

         For more information, see [Database-Level Audit
         Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
storageAccountSubscriptionId
Nullable<Guid>

Especifica a ID da assinatura do armazenamento de blobs.

isStorageSecondaryKeyInUse
Nullable<Boolean>

Especifica se o valor storageAccountAccessKey é a chave secundária do armazenamento.

isAzureMonitorTargetEnabled
Nullable<Boolean>

Especifica se os eventos de auditoria são enviados ao Azure Monitor. Para enviar os eventos para o Azure Monitor, especifique 'state' como 'Enabled' e 'isAzureMonitorTargetEnabled' como true.

         When using REST API to configure auditing, Diagnostic Settings with
         'SQLSecurityAuditEvents' diagnostic logs category on the database
         should be also created.
         Note that for server level audit you should use the 'master'
         database as {databaseName}.

         Diagnostic Settings URI format:
         PUT
         https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview

         For more information, see [Diagnostic Settings REST
         API](https://go.microsoft.com/fwlink/?linkid=2033207)
         or [Diagnostic Settings
         PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)
queueDelayMs
Nullable<Int32>

Especifica o período máximo, em milissegundos, que pode decorrer antes de as ações de auditorias serem forçadas a serem processadas. O valor padrão mínimo é 1000 (1 segundo). O máximo é 2.147.483.647.

Aplica-se a