az synapse sql pool audit-policy
Manage a SQL pool's auditing policy.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az synapse sql pool audit-policy show |
Get a SQL pool's auditing policy. |
Core | GA |
| az synapse sql pool audit-policy update |
Update a SQL pool's auditing policy. |
Core | GA |
az synapse sql pool audit-policy show
Get a SQL pool's auditing policy.
az synapse sql pool audit-policy show [--ids]
[--name]
[--resource-group]
[--subscription]
[--workspace-name]Examples
Get a SQL pool's auditing policy.
az synapse sql pool audit-policy show --name sqlpool --workspace-name testsynapseworkspace --resource-group rgOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The SQL pool name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The workspace name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az synapse sql pool audit-policy update
Update a SQL pool's auditing policy.
If the policy is being enabled, --storage-account or both --storage-endpoint and --storage-key must be specified.
az synapse sql pool audit-policy update [--actions]
[--add]
[--blob-storage-target-state --bsts {Disabled, Enabled}]
[--eh --event-hub]
[--ehari --event-hub-authorization-rule-id]
[--ehts --event-hub-target-state {Disabled, Enabled}]
[--enable-azure-monitor {false, true}]
[--force-string]
[--ids]
[--lats --log-analytics-target-state {Disabled, Enabled}]
[--lawri --log-analytics-workspace-resource-id]
[--name]
[--remove]
[--resource-group]
[--retention-days]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--storage-subscription]
[--subscription]
[--use-secondary-key {false, true}]
[--workspace-name]Examples
Enable by storage account name.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state Enabled --blob-storage-target-state Enabled --storage-account mystorageEnable by storage endpoint and key.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state Enabled --blob-storage-target-state Enabled \
--storage-endpoint https://mystorage.blob.core.windows.net --storage-key MYKEY==Set the list of audit actions.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --actions SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP 'UPDATE on database::mydb by public'Disable an auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state DisabledDisable a blob storage auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --blob-storage-target-state DisabledEnable a log analytics auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state Enabled --log-analytics-target-state Enabled \
--log-analytics-workspace-resource-id myworkspaceresourceidDisable a log analytics auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --log-analytics-target-state DisabledEnable an event hub auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state Enabled --event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid --event-hub eventhubnameEnable an event hub auditing policy for default event hub.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --state Enabled --event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleidDisable an event hub auditing policy.
az synapse sql pool audit-policy update --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --event-hub-target-state DisabledOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
List of actions and action groups to audit.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Indicate whether blob storage is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
| Accepted values: | Disabled, Enabled |
The name of the event hub. If none is specified when providing event_hub_authorization_rule_id, the default event hub will be selected.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
The resource Id for the event hub authorization rule.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
Indicate whether event hub is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
| Accepted values: | Disabled, Enabled |
Whether enabling azure monitor target or not.
| Property | Value |
|---|---|
| Accepted values: | false, true |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Indicate whether log analytics is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Log Analytics Arguments |
| Accepted values: | Disabled, Enabled |
The workspace ID (resource ID of a Log Analytics workspace) for a Log Analytics workspace to which you would like to send Audit Logs.
| Property | Value |
|---|---|
| Parameter group: | Log Analytics Arguments |
The SQL pool name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The number of days to retain audit logs.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Auditing policy state.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
| Accepted values: | Disabled, Enabled |
Name of the storage account.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
The storage account endpoint.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Access key for the storage account.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
The subscription id of storage account.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Indicates whether using the secondary storeage key or not.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
| Accepted values: | false, true |
The workspace name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
