ACICollaborationAudit 數據表的查詢
如需在 Azure 入口網站 使用這些查詢的詳細資訊,請參閱Log Analytics教學課程。 如需 REST API,請參閱 查詢。
每個管線執行授與資源多少次?
傳回管線執行期間授與資源的存取次數。 依授與類型分組:權利(由生產模式參與者)、參考(由測試模式的參與者)或擁有者(由資源的擁有者)。
//=================================================================================================================================================================
// summarize by CorrelationId groups audits by pipeline run. For more details about summarize see: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/summarizeoperator
ACICollaborationAudit
| summarize PipelineExecutedOn=max(TimeGenerated), ResourceAccessGrantCount=count(), EntitlementResult=array_strcat(make_set(EntitlementResult), ',') by CorrelationId, GrantType, TargetResourceId
| project-away CorrelationId
| order by PipelineExecutedOn desc, TargetResourceId asc
| top 100 by PipelineExecutedOn;
哪些權利已授與我的資源?
尋找授與 CI 資源的權利。 可用來查詢特定資源。
//==============================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let partialResourceId = "<Full or Partial resource name (DataAsset, DataSet or Script) to look for (e.g. "dataassets/e2etest2020qqigqeqp">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where TargetResourceId has partialResourceId
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType), ParticipantName=any(ParticipantName),
OperationName=any(ShortOperationName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;
權利會授與哪些資源?
尋找有權存取的 CI 資源。 可用來查詢特定權利。
//============================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let entitlementOrContract = "<Full or Partial entitlement (or contract) name to look for (e.g. "proposals/e2etest2020qytcbkar","entitlements/e2etest2020nzutiqca">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where GrantSource has entitlementOrContract
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType),
ParticipantName=any(ParticipantName), GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
OperationName=any(ShortOperationName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;
哪些參與者被授與存取我的資源?
尋找已授與 CI 資源的存取權的參與者。 可用來查詢特定資源。
//=====================================================================================================
// For specific results, insert values in the let statements and uncomment the where filters within the query
// let partialParticipantName = "<Full or Partial participant (or tenant) name to look for (e.g. "propmtion.dept@contoso">");
ACICollaborationAudit
| where GrantType == 'Entitlement'
//| where ParticipantName contains partialParticipantName
| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0])
| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','),
TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType),
GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType),
OperationName=any(ShortOperationName), ParticipantName=any(ParticipantName)
by GrantCorrelationId
| project-away GrantCorrelationId
| order by TimeGenerated desc
| limit 100;