ListSensitiveDataAuditLog - Data Management - Alibaba Cloud Documentation Center

Queries the audit logs for sensitive information.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
dms:ListSensitiveDataAuditLog	list	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
StartTime	string	Yes	The beginning of the time range for which you want to query the audit logs for sensitive information. Specify the time in the yyyy-MM-DD HH:mm:ss format.	2022-11-18 10:00:00
EndTime	string	Yes	The end of the time range for which you want to query the audit logs for sensitive information. Specify the time in the yyyy-MM-DD HH:mm:ss format.	2022-11-18 11:00:00
ModuleName	string	No	The function module whose audit logs you want to query for sensitive data. If you do not specify this parameter, all audit logs are queried. Valid values: SQL_CONSOLE: data query SQL_CONSOLE_EXPORT: query result export DATA_CHANGE: data change DATA_EXPORT: data export	SQL_CONSOLE
OpUserName	string	No	The username of the requester.	ExampleOpUserName
DbName	string	No	The name of the database that stores the sensitive data.	ExampleDbName
TableName	string	No	The name of the table that stores the sensitive data.	ExampleTableName
ColumnName	string	No	The name of the column that contains sensitive data.	ExampleColumnName
PageSize	integer	Yes	The number of entries to return on each page. Example: 100	100
PageNumber	integer	Yes	The number of the page to return.	1
Tid	long	No	The ID of the tenant.	3***

Response parameters

Parameter	Type	Description	Example
	object	Schema of Response
RequestId	string	The ID of the request.	E0D21075-CD3E-4D98-8264-FD8AD04A63B6
TotalCount	long	The total number of entries returned.	100
ErrorCode	string	The error code returned if the request failed.	403
ErrorMessage	string	The error message returned if the request failed.	UnknownError
Success	boolean	Indicates whether the request was successful. Valid values: true: The request was successful. false: The request failed.	true
SensitiveDataAuditLogList	array<object>	The audit logs for sensitive data.
SensitiveDataAuditLogList	object
UserName	string	The username of the requester.	ExampleUserName
UserId	long	The user ID of the requester.	1**
ModuleName	string	The name of the function module whose audit logs were queried.	SQL_CONSOLE
DbDisplayName	string	The name of the database that stores the sensitive data.	ExampleDbName@xxx.xxx.xxx.xxx:3306
OpTime	string	The time when the operation was performed. The time is in the yyyy-MM-DD HH:mm:ss format.	2022-11-18 10:01:00
InstanceId	long	The ID of the instance.	12****
TargetName	string	The details of the object on which the operation was performed. The value of this parameter is in one of the following formats: Object name - object ID Object name (object ID)	Ticket - 1\\\\
SensitiveDataLog	array<object>	The logs for sensitive data.
SensitiveDataLog	object
TableName	string	The name of the table that stores the sensitive data.	ExampleTableName
ColumnName	string	The name of the column that contains sensitive data.	ExampleColumnName
SecurityLevel	string	The sensitivity level of the data. Valid values: Low Medium High	Low
ColumnPermissionType	string	The permission that the user has on the column. Valid values: No permission Partial redaction Plaintext Change Enable data masking Disable data masking	Change
DesensitizationRule	string	The algorithm used for data masking.	Default - Full redaction

Examples

Sample success responses

JSONformat

{
  "RequestId": "E0D21075-CD3E-4D98-8264-FD8AD04A63B6",
  "TotalCount": 100,
  "ErrorCode": "403",
  "ErrorMessage": "UnknownError",
  "Success": true,
  "SensitiveDataAuditLogList": [
    {
      "UserName": "ExampleUserName",
      "UserId": 0,
      "ModuleName": "SQL_CONSOLE",
      "DbDisplayName": "ExampleDbName@xxx.xxx.xxx.xxx:3306",
      "OpTime": "2022-11-18 10:01:00",
      "InstanceId": 0,
      "TargetName": "Ticket - 1\\*\\*\\*\\*\n",
      "SensitiveDataLog": [
        {
          "TableName": "ExampleTableName",
          "ColumnName": "ExampleColumnName",
          "SecurityLevel": "Low\n",
          "ColumnPermissionType": "Change\n",
          "DesensitizationRule": "Default - Full redaction\n"
        }
      ]
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history