ACICollaborationAudit 表的查询
每个管道运行向资源授予了多少次授权?
返回管道运行期间为资源授予访问权限的次数。 按授予类型分组:按生产模式) 参与者 (的权利、由测试模式下的参与者引用 () 或资源) 所有者 (。
//=================================================================================================================================================================
// summarize by CorrelationId groups audits by pipeline run. For more details about summarize see: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/summarizeoperator
ACICollaborationAudit
| summarize PipelineExecutedOn=max(TimeGenerated), ResourceAccessGrantCount=count(), EntitlementResult=array_strcat(make_set(EntitlementResult), ',') by CorrelationId, GrantType, TargetResourceId
| project-away CorrelationId
| order by PipelineExecutedOn desc, TargetResourceId asc
| top 100 by PipelineExecutedOn;
向我的资源授予了哪些权利?
查找授予 CI 资源的权利。 可用于查询特定资源。
//==============================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let partialResourceId = "<Full or Partial resource name (DataAsset, DataSet or Script) to look for (e.g. "dataassets/e2etest2020qqigqeqp">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where TargetResourceId has partialResourceId
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType), ParticipantName=any(ParticipantName),
OperationName=any(ShortOperationName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;
授权授予了访问哪些资源?
查找有权访问的 CI 资源。 可用于查询特定权利。
//============================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let entitlementOrContract = "<Full or Partial entitlement (or contract) name to look for (e.g. "proposals/e2etest2020qytcbkar","entitlements/e2etest2020nzutiqca">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where GrantSource has entitlementOrContract
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType),
ParticipantName=any(ParticipantName), GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
OperationName=any(ShortOperationName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;
哪些参与者有权访问我的资源?
查找已被授予 CI 资源访问权限的参与者。 可用于查询特定资源。
//=====================================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let partialParticipantName = "<Full or Partial participant (or tenant) name to look for (e.g. "propmtion.dept@contoso">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where ParticipantName contains partialParticipantName
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType),
GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
OperationName=any(ShortOperationName), ParticipantName=any(ParticipantName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈