0

What will show in audit logs when someone impersonates a Service Accounts? That is answered in the docs. However I'm not clear what is tracked by CloudSQL when data is accessed or changed by an impersonated SA what shows in CloudSQL Audit Logs. Thoughts?

slightly related SO question: Is there a way to impersonate a service account with the cloudsql_proxy executable?

codeangler
  • 779
  • 8
  • 16
  • In one of the documents you shared, there is a list of the APIs that are audited by the SQLAudit Logs. Meaning that the system will audit the activity in those APIs to create the activity log. Do you want to know what each API does? – Andres Fiesco Casasola May 19 '22 at 16:07
  • Thanks. As I read that, that is suggesting that the API events are logged, but does it show the SA as making the change or does it show the person who has impersonated the SA? Given an SA is used in automation and for some reason a person needs to impersonate it. While the person is making changes and simultaneously an automation runs, would the audit log just show two events from the SA or one with SA and one with the person? – codeangler May 19 '22 at 20:58
  • AFAIK, the impersonation event is logged. But do the subsequent audit events get logged as that person or SA impersonating that person? – codeangler May 19 '22 at 21:00

0 Answers0