diff --git a/docs/generated/logging.md b/docs/generated/logging.md index 8b56eb6b2008..8b628dc2dd96 100644 --- a/docs/generated/logging.md +++ b/docs/generated/logging.md @@ -129,6 +129,8 @@ data access to sensitive data: - Data access audit events (when table audit is enabled via [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) + - Data access audit events (when role-based audit is enabled via + [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) - SQL statements executed by users with the admin role - Operations that write to system tables diff --git a/pkg/util/log/channel/channel_generated.go b/pkg/util/log/channel/channel_generated.go index 48224ee7ee15..e72adc05e8f8 100644 --- a/pkg/util/log/channel/channel_generated.go +++ b/pkg/util/log/channel/channel_generated.go @@ -98,6 +98,8 @@ const PRIVILEGES = logpb.Channel_PRIVILEGES // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // diff --git a/pkg/util/log/log_channels_generated.go b/pkg/util/log/log_channels_generated.go index 9c18b5725aa9..e0c6e8632030 100644 --- a/pkg/util/log/log_channels_generated.go +++ b/pkg/util/log/log_channels_generated.go @@ -4192,6 +4192,8 @@ type loggerSensitiveAccess struct{} // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4215,6 +4217,8 @@ var _ ChannelLogger = SensitiveAccess // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4238,6 +4242,8 @@ func (loggerSensitiveAccess) Infof(ctx context.Context, format string, args ...i // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4261,6 +4267,8 @@ func (loggerSensitiveAccess) VInfof(ctx context.Context, level Level, format str // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4283,6 +4291,8 @@ func (loggerSensitiveAccess) Info(ctx context.Context, msg string) { // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4304,6 +4314,8 @@ func (loggerSensitiveAccess) InfofDepth(ctx context.Context, depth int, format s // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4327,6 +4339,8 @@ func (loggerSensitiveAccess) Warningf(ctx context.Context, format string, args . // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4350,6 +4364,8 @@ func (loggerSensitiveAccess) VWarningf(ctx context.Context, level Level, format // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4372,6 +4388,8 @@ func (loggerSensitiveAccess) Warning(ctx context.Context, msg string) { // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4393,6 +4411,8 @@ func (loggerSensitiveAccess) WarningfDepth(ctx context.Context, depth int, forma // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4417,6 +4437,8 @@ func (loggerSensitiveAccess) Errorf(ctx context.Context, format string, args ... // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4441,6 +4463,8 @@ func (loggerSensitiveAccess) VErrorf(ctx context.Context, level Level, format st // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4464,6 +4488,8 @@ func (loggerSensitiveAccess) Error(ctx context.Context, msg string) { // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4486,6 +4512,8 @@ func (loggerSensitiveAccess) ErrorfDepth(ctx context.Context, depth int, format // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4510,6 +4538,8 @@ func (loggerSensitiveAccess) Fatalf(ctx context.Context, format string, args ... // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4534,6 +4564,8 @@ func (loggerSensitiveAccess) VFatalf(ctx context.Context, level Level, format st // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4557,6 +4589,8 @@ func (loggerSensitiveAccess) Fatal(ctx context.Context, msg string) { // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4578,6 +4612,8 @@ func (loggerSensitiveAccess) FatalfDepth(ctx context.Context, depth int, format // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4596,6 +4632,8 @@ func (loggerSensitiveAccess) Shout(ctx context.Context, sev Severity, msg string // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4613,6 +4651,8 @@ func (loggerSensitiveAccess) Shoutf(ctx context.Context, sev Severity, format st // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4630,6 +4670,8 @@ func (loggerSensitiveAccess) VEvent(ctx context.Context, level Level, msg string // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // @@ -4646,6 +4688,8 @@ func (loggerSensitiveAccess) VEventf(ctx context.Context, level Level, format st // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) +// - Data access audit events (when role-based audit is enabled via +// [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables // diff --git a/pkg/util/log/logpb/log.proto b/pkg/util/log/logpb/log.proto index 0aa5268c21b3..eb24341d7804 100644 --- a/pkg/util/log/logpb/log.proto +++ b/pkg/util/log/logpb/log.proto @@ -148,6 +148,8 @@ enum Channel { // // - Data access audit events (when table audit is enabled via // [ALTER TABLE ... EXPERIMENTAL_AUDIT](alter-table.html#experimental_audit)) + // - Data access audit events (when role-based audit is enabled via + // [`sql.log.user_audit` cluster setting](role-based-audit-logging.html#syntax-of-audit-settings)) // - SQL statements executed by users with the admin role // - Operations that write to system tables //