Server DevOps Audit Settings - Get

Gets a server's DevOps audit settings.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/devOpsAuditingSettings/{devOpsAuditingSettingsName}?api-version=2021-11-01

URI Parameters

Name In Required Type Description
devOpsAuditingSettingsName
path True

string

The name of the devops audit settings. This should always be 'default'.

resourceGroupName
path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True

string

The name of the server.

subscriptionId
path True

string

The subscription ID that identifies an Azure subscription.

api-version
query True

string

The API version to use for the request.

Responses

Name Type Description
200 OK

ServerDevOpsAuditingSettings

Successfully retrieved the server DevOps audit settings.

Other Status Codes

*** Error Responses: ***

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.

Examples

Get a server's DevOps audit settings

Sample request

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/devAuditTestRG/providers/Microsoft.Sql/servers/devOpsAuditTestSvr/devOpsAuditingSettings/default?api-version=2021-11-01

Sample response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/devAuditTestRG/providers/Microsoft.Sql/servers/devOpsAuditTestSvr/devOpsAuditingSettings/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/devOpsAuditingSettings",
  "properties": {
    "state": "Disabled",
    "storageEndpoint": "",
    "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000",
    "isAzureMonitorTargetEnabled": false
  }
}

Definitions

Name Description
BlobAuditingPolicyState

Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

createdByType

The type of identity that created the resource.

ServerDevOpsAuditingSettings

A server DevOps auditing settings.

systemData

Metadata pertaining to creation and last modification of the resource.

BlobAuditingPolicyState

Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

Name Type Description
Disabled

string

Enabled

string

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ServerDevOpsAuditingSettings

A server DevOps auditing settings.

Name Type Description
id

string

Resource ID.

name

string

Resource name.

properties.isAzureMonitorTargetEnabled

boolean

Specifies whether DevOps audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.

When using REST API to configure DevOps audit, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should be also created.

Diagnostic Settings URI format: PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview

For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

properties.state

BlobAuditingPolicyState

Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

properties.storageAccountAccessKey

string

Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication:

  1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).
  2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication
properties.storageAccountSubscriptionId

string

Specifies the blob storage subscription Id.

properties.storageEndpoint

string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

systemData

systemData

SystemData of ServerDevOpsAuditSettingsResource.

type

string

Resource type.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.