Google Cloud Logging API currently provides audit logs for App Engine, BigQuery, and Cloud Dataflow. According to Google docs, authentication information field of an Audit Log entry contains email address of the user that performed the actual operation. But this field is empty for certain log entries of type app engine and bigquery. Is there a documentation that gives the list of activities which doesn't provide the authentcationInfo in the API response.
Asked
Active
Viewed 457 times
1 Answers
0
For App Engine, identity information is not captured for logs coming from the legacy App Engine API.
For BigQuery, identity information is currently redacted from the logs unless:
- the user is a service account
- the user is a member of the authorized domain associated with the project
- the user has permission to run queries in the project and the action is either administrative or job.insert
The docs have been updated to reflect this.
Joe Corkery
- 2,564
- 3
- 18
- 26