Audit API
The Audit module is an optional ONE component that provides APIs for audit logs collected from Metadata Management Module (MMM), Data Processing Module (DPM), and ONE Data (Data Management Module, or DMM). Audit logs are stored in a separate PostgreSQL database and can be queried through GraphQL.
The following information is tracked:
-
Operations: This includes all user-triggered actions, such as listing, updating, and deleting assets.
-
Assets: It is possible to log listed entities, that is, the data that users requested.
As MMM typically generates a large amount of data, the Audit module can be disabled if necessary. Alternatively, you can also set up filters that reduce how much information is retained.
Before you start
By default, the following MMD entities are audited: source
, location
, connection
, credential
, catalogItem
, attribute
, dmmCatalogItem
, record
.
To enable auditing on a specific entity, add the following MMD trait to the entity configuration: audit:auditEnabled
.
For more information, see Traits.
When it comes to entity operations, the Audit module tracks all CRUD (create, read, update, and delete) operations as well as a number of custom operations for each entity.
To retrieve a list of custom operations, query the ONE API using the following request.
Replace the entity name as needed, for example, entityName: "credential"
.
List custom entity operations for catalog items
query listCustomNodeOperations {
_modelMetadata {
entities(entityName: "catalogItem", depth: 1) {
operations(ownOperationsOnly: true, excludeNamespaces: "core") {
name
}
}
}
}
The following list contains all custom entity operations that are available by default for each entity.
Default custom entity operations
{
"catalogItem": [
{
"name": "catalog:partitionsInfo"
},
{
"name": "transactionData:runTransactionDataAnalysis"
},
{
"name": "dqeval:runCatalogItemDqEval"
},
{
"name": "profiling:bulkProfile"
},
{
"name": "dqEvalCheck:checkCatalogItemDqEval"
},
{
"name": "anomalyDetection:attributeAnomalies"
},
{
"name": "transactionData:runTransactionDataAnalysisWithConfig"
},
{
"name": "catalog:preview"
},
{
"name": "anomalyDetection:anomalies"
},
{
"name": "profiling:profile"
}
],
"credentials": [
{
"name": "datasource:testConnection"
}
],
"location": [],
"attribute": [
{
"name": "dqeval:runAttributeDqEval"
},
{
"name": "anomalyDetection:anomalies"
},
{
"name": "dqEvalCheck:checkAttributeDqEval"
}
],
"source": [
{
"name": "datasource:documentationFlow"
}
],
"connection": [
{
"name": "datasource:documentationFlow"
},
{
"name": "datasource:browse"
},
{
"name": "datasource:preview"
},
{
"name": "datasource:bulkTestConnection"
},
{
"name": "datasource:testConnection"
},
{
"name": "datasource:import"
}
]
}
If you are using the default configuration for on-premise deployment, the API can be reached at http://localhost:8071/graphql
.
The port number is specified through the server.port
property in the module configuration.
For more information about how to configure the Audit module, see [configuring-the-audit-module].
The purpose of the guide is to explain how you can query audit records through GraphQL and provide you with a number of basic usage examples. For a brief overview of some key concepts in GraphQL, see ONE API. For a complete guide on working with GraphQL, refer to the official GraphQL tutorials: Introduction to GraphQL. |
Overview of the schema
This section describes only the fields relevant to operations
and assets
object types.
Other object types in the Audit GraphQL schema are consistent with GraphQL recommendations and can be obtained by inspecting the GraphQL schema.
The Operation
type has the following fields defined:
Field name | Data type | Description | ||
---|---|---|---|---|
|
String |
The module that logged the audit record, for example, |
||
|
String |
The type of action performed, for example,
|
||
|
Array of strings |
Shows any unauthorized attempts to access data in MMM. In that case, MMM does not return any data to the user and an audit log is created instead. For example, this covers the cases in which access permissions are not granted to the user or the requested asset does not exist.
|
||
|
String |
The identifier that links the asset to all the operations related to that asset. |
||
|
Long |
The date and time of the action. Expressed in milliseconds starting from 01/01/1970. |
||
|
String |
The name of the asset. |
||
|
String |
The unique identifier of the asset. |
||
|
String |
The type of asset, for example:
|
||
|
String |
The name of the user. |
||
|
String |
The unique identifier of the user. |
||
|
String |
Identifies the module or the user responsible for the action. The identity is provided in the following format along with the information about the module and user roles:
|
||
|
String |
The type of operation, for example,
|
The following fields are available for the Asset
type:
Field name | Data type | Description | ||
---|---|---|---|---|
|
Array of strings |
Shows any unauthorized attempts to access data in MMM. In that case, MMM does not return any data to the user and an audit log is created instead. For example, this covers the cases in which access permissions are not granted to the user or the requested asset does not exist.
|
||
|
String |
The type of action that the user performed, for example,
|
||
|
String |
The identifier that links the asset to all the operations related to that asset. |
||
|
Long |
The date and time of the action. Expressed in milliseconds starting from 01/01/1970. |
||
|
String |
The name of the asset. |
||
|
String |
The unique identifier of the asset. |
||
|
Enum |
The type of the asset. Allowed values:
|
||
|
String |
If the asset is of type If the asset is of type See |
GraphQL operations
List assets
To retrieve a list of all accessed assets and their details, use the following listAssets
query.
This lets you obtain the following information for each asset: the type, name, and identifier of the entity, the actions performed and the time when they occurred, any violations concerning the data, and the correlation identifier.
-
Listing assets
-
Response body
query listAssets {
assets {
edges {
node {
correlationId
assetId
violation
action
assetName
time
type
assetType
}
}
}
}
The query is expected to return the following structure:
{
"data": {
"assets": {
"edges": [
{
"node": {
"correlationId": "5fe609",
"assetId": "f0a239e4-ddeb-411c-9740-ab07c328272d",
"violation": null,
"action": "READ",
"assetName": "employee",
"time": 1640265566769,
"type": "ENTITY",
"assetType": "catalogItem"
}
},
{
"node": {
"correlationId": "553aef",
"assetId": "c69be342-b2f4-4d8f-bbd7-ec9bff3e08b8",
"violation": null,
"action": "READ",
"assetName": "sales",
"time": 1638878203949,
"type": "ENTITY",
"assetType": "location"
}
},
{
"node": {
"correlationId": "b95f46",
"assetId": "3bc4a6c0-cd9f-4e6f-a1c4-d0d5de161eee",
"violation": null,
"action": "READ",
"assetName": "AWS MySQL source",
"time": 1640265561490,
"type": "ENTITY",
"assetType": "source"
}
},
{
"node": {
"correlationId": "b95f46",
"assetId": "10dca55a-2be8-459b-a4e6-44dd0f018cfb",
"violation": null,
"action": "READ",
"assetName": "mysql aws",
"time": 1640265561437,
"type": "ENTITY",
"assetType": "connection"
}
},
...
]
}
}
}
If you want to filter assets by a particular field, possible options are shown in the following example:
query filterAssets {
assets(
actions: ["DELETE"]
violation: [""]
#correlationId: "79b3ec"
type: ENTITY
asset: {
assetName: "source"
#assetId: "e8357b1c-ef36-4627-97fd-cb69aa2b85e1"
}
time: {
oldest: 1600000000000
newest: 1800000000000
}
)
{
edges {
node {
correlationId
assetId
...
}
}
}
}
To paginate results, follow this example. For more information about pagination in GraphQL, see Pagination. Pagination - example queryGraphQL query for listing assets - pagination
Pagination - example responseListing assets query response body - pagination
|
List operations
You can list all operations logged using the following query:
-
Listing operations
-
Response body
query listOperations{
operations {
edges {
node {
assetId
module
action
assetName
correlationId
time
userName
userId
user
operation
assetType
violation
}
}
}
}
The query response contains an overview of all operations, including the operation, action, and asset type, correlation identifier, the module and the user responsible for the action, as well as the timestamp when the action was performed (in milliseconds).
{
"data": {
"operations": {
"edges": [
{
"node": {
"operation": "anomalies",
"action": "FINISH_SUCCESS",
"violation": false,
"time": 1640265566789,
"correlationId": "5fe609",
"user": "SimpleUserIdentity(id=70f8e8e2-115c-4506-aba9-527c3c60437e), roles=[MMM_application-admin, MDM_admin, TEAM_GLOSSARY_ADMINS, DQIT_admin, admin, MMM_user, MDM_user, DQIT_user, AUDIT_admin, ONE_ADMIN, MMM_admin, RDM_user, MDA_superuser, default, DPP_admin, CS_admin, RDM_admin, MMM_export, RDM, ONE_PLATFORM_MONITORING, DQIT_supervisor, AUDITOR])",
"userId": "70f8e8e2-115c-4506-aba9-527c3c60437e",
"userName": "admin",
"assetType": "catalogItem",
"assetId": null,
"assetName": null,
"module": "MMM"
}
},
{
"node": {
"operation": "checkCatalogItemDqEval",
"action": "FINISH_SUCCESS",
"violation": false,
"time": 1639432416621,
"correlationId": "9983f0",
"user": "SimpleUserIdentity(id=70f8e8e2-115c-4506-aba9-527c3c60437e), roles=[MMM_application-admin, MDM_admin, TEAM_GLOSSARY_ADMINS, DQIT_admin, admin, MMM_user, MDM_user, DQIT_user, AUDIT_admin, ONE_ADMIN, MMM_admin, RDM_user, MDA_superuser, default, DPP_admin, CS_admin, RDM_admin, MMM_export, RDM, ONE_PLATFORM_MONITORING, DQIT_supervisor, AUDITOR])",
"userId": "70f8e8e2-115c-4506-aba9-527c3c60437e",
"userName": "admin",
"assetType": "catalogItem",
"assetId": null,
"assetName": null,
"module": "MMM"
}
},
{
"node": {
"operation": "DETAIL",
"action": "FINISH_SUCCESS",
"violation": false,
"time": 1639432416556,
"correlationId": "4e359c",
"user": "SimpleUserIdentity(id=70f8e8e2-115c-4506-aba9-527c3c60437e), roles=[MMM_application-admin, MDM_admin, TEAM_GLOSSARY_ADMINS, DQIT_admin, admin, MMM_user, MDM_user, DQIT_user, AUDIT_admin, ONE_ADMIN, MMM_admin, RDM_user, MDA_superuser, default, DPP_admin, CS_admin, RDM_admin, MMM_export, RDM, ONE_PLATFORM_MONITORING, DQIT_supervisor, AUDITOR])",
"userId": "70f8e8e2-115c-4506-aba9-527c3c60437e",
"userName": "admin",
"assetType": "catalogItem",
"assetId": "e662f5a9-3dcf-4705-93b7-155afeebade0",
"assetName": "vsalespersonsalesbyfiscalyearsdata",
"module": "MMM"
}
},
{
"node": {
"operation": "LIST",
"action": "READ",
"violation": false,
"time": 1638878203763,
"correlationId": "c19a9c",
"user": "SimpleUserIdentity(id=70f8e8e2-115c-4506-aba9-527c3c60437e), roles=[MMM_application-admin, MDM_admin, TEAM_GLOSSARY_ADMINS, DQIT_admin, admin, MMM_user, MDM_user, DQIT_user, AUDIT_admin, ONE_ADMIN, MMM_admin, RDM_user, MDA_superuser, default, DPP_admin, CS_admin, RDM_admin, MMM_export, RDM, ONE_PLATFORM_MONITORING, DQIT_supervisor, AUDITOR])",
"userId": "70f8e8e2-115c-4506-aba9-527c3c60437e",
"userName": "admin",
"assetType": "catalogItem",
"assetId": "0726c74e-fc9e-40ad-a29d-23ec1dac8769",
"assetName": "catalogItem",
"module": "MMM"
}
},
...
]
}
}
}
Operations can be filtered using one or more of the following options:
query filterOperations {
operations(
#correlationId: "bee2e2"
operations: ["catalogItem"]
actions: ["READ"]
userIds: ["716b5f1e-d566-4ec8-bcd8-27a7ff1f53e5"]
modules: ["MMM"]
asset: {
assetName: "catalogItem"
#assetId: "7c4993f7-bb8c-4885-a4e5-d3930d043f8e"
}
time: {
oldest: 1600000000000
newest: 1800000000000
}
) {
edges {
node {
operation
action
...
}
}
}
}
Was this page useful?