Google Data Studio - tracking viewer credentials in GCP audit logging

Question

Does anyone know if its possible to track viewer credentials of users accessing a dashboard on google data studio via GCP audit logging?

Currently, I am able to track the viewer email that is accessing via the bigquery.bi.engine resource below. But I am interested to know which table/dataset the viewer is accessing via the dashboard.

resource.type="audited_resource" resource.labels.service="bigquerybiengine.googleapis.com"

Appreciate if anyone knows how to do this.

Answer 1

This is a core part of the audit log message format. Assuming you've defined a standard sink from cloud logging into BigQuery, this should manifest as a column like protopayload_auditlog.authenticationInfo.principalEmail in your audit log tables.

More information can be found in the cloud logging docs as well, see https://cloud.google.com/logging/docs/audit/understanding-audit-logs#sample for details.