- JSON representation
- BigQueryAuditMetadata.JobInsertion
- BigQueryAuditMetadata.Job
- BigQueryAuditMetadata.JobConfig
- BigQueryAuditMetadata.JobConfig.Query
- BigQueryAuditMetadata.TableDefinition
- BigQueryAuditMetadata.EncryptionInfo
- BigQueryAuditMetadata.JobConfig.Load
- BigQueryAuditMetadata.JobConfig.Extract
- BigQueryAuditMetadata.JobConfig.TableCopy
- BigQueryAuditMetadata.JobStatus
- BigQueryAuditMetadata.JobStats
- BigQueryAuditMetadata.JobStats.Query
- BigQueryAuditMetadata.JobStats.Load
- BigQueryAuditMetadata.JobStats.Extract
- BigQueryAuditMetadata.JobStats.ReservationResourceUsage
- BigQueryAuditMetadata.JobChange
- BigQueryAuditMetadata.JobDeletion
- BigQueryAuditMetadata.DatasetCreation
- BigQueryAuditMetadata.Dataset
- BigQueryAuditMetadata.EntityInfo
- BigQueryAuditMetadata.BigQueryAcl
- BigQueryAuditMetadata.DatasetChange
- BindingDelta
- BigQueryAuditMetadata.AccessChange
- BigQueryAuditMetadata.DatasetDeletion
- BigQueryAuditMetadata.TableCreation
- BigQueryAuditMetadata.Table
- BigQueryAuditMetadata.TableViewDefinition
- PrivacyPolicy
- AggregationThresholdPolicy
- DifferentialPrivacyPolicy
- JoinRestrictionPolicy
- BigQueryAuditMetadata.TableConstraints
- BigQueryAuditMetadata.TableConstraints.PrimaryKey
- BigQueryAuditMetadata.TableConstraints.ForeignKey
- TimePartitioning
- RangePartitioning
- Clustering
- PartitioningDefinition
- PartitionedColumn
- BigQueryAuditMetadata.TableChange
- BigQueryAuditMetadata.TableChange.AlterTableStats
- BigQueryAuditMetadata.TableDeletion
- BigQueryAuditMetadata.TableDataRead
- BigQueryAuditMetadata.TableDataChange
- BigQueryAuditMetadata.ModelDeletion
- BigQueryAuditMetadata.ModelCreation
- BigQueryAuditMetadata.Model
- BigQueryAuditMetadata.ModelMetadataChange
- BigQueryAuditMetadata.ModelDataChange
- BigQueryAuditMetadata.ModelDataRead
- BigQueryAuditMetadata.RoutineCreation
- BigQueryAuditMetadata.Routine
- BigQueryAuditMetadata.RoutineChange
- BigQueryAuditMetadata.RoutineDeletion
- BigQueryAuditMetadata.RowAccessPolicyCreation
- BigQueryAuditMetadata.RowAccessPolicy
- BigQueryAuditMetadata.RowAccessPolicyChange
- BigQueryAuditMetadata.RowAccessPolicyDeletion
- BigQueryAuditMetadata.UnlinkDataset
- BigQueryAuditMetadata.SearchIndexCreation
- BigQueryAuditMetadata.SearchIndex
- BigQueryAuditMetadata.SearchIndexDeletion
- BigQueryAuditMetadata.VectorIndexCreation
- BigQueryAuditMetadata.VectorIndex
- BigQueryAuditMetadata.VectorIndexChange
- BigQueryAuditMetadata.VectorIndexDeletion
- BigQueryAuditMetadata.ConnectionChange
- BigQueryAuditMetadata.FirstPartyAppMetadata
- BigQueryAuditMetadata.SheetsMetadata
BigQueryAuditMetaData is exposed as part of the new AuditData.metadata messages.
JSON representation |
---|
{ "firstPartyAppMetadata": { object ( |
Fields | |
---|---|
first |
First party (Google) application specific metadata. |
Union field event . BigQuery event information. event can be only one of the following: |
|
job |
Job insertion event. |
job |
Job state change event. |
job |
Job deletion event. |
dataset |
Dataset creation event. |
dataset |
Dataset change event. |
dataset |
Dataset deletion event. |
table |
Table creation event. |
table |
Table metadata change event. |
table |
Table deletion event. |
table |
Table data read event. |
table |
Table data change event. |
model |
Model deletion event. |
model |
Model creation event. |
model |
Model metadata change event. |
model |
Model data change event. |
model |
Model data read event. |
routine |
Routine creation event. |
routine |
Routine change event. |
routine |
Routine deletion event. |
row |
Row access policy create event. |
row |
Row access policy change event. |
row |
Row access policy deletion event. |
unlink |
Unlink linked dataset from its source dataset event |
search |
Search index creation event. |
search |
Search index deletion event. |
vector |
Vector index creation event. |
vector |
Vector index change event. |
vector |
Vector index deletion event. |
connection |
Connection change event. |
BigQueryAuditMetadata.JobInsertion
Job insertion event.
JSON representation |
---|
{ "job": { object ( |
Fields | |
---|---|
job |
Job metadata. |
reason |
Describes how the job was inserted. |
BigQueryAuditMetadata.Job
BigQuery job.
JSON representation |
---|
{ "jobName": string, "jobConfig": { object ( |
Fields | |
---|---|
job |
Job URI. Format: |
job |
Job configuration. |
job |
Job status. |
job |
Job statistics. |
BigQueryAuditMetadata.JobConfig
Job configuration. See the Jobs API resource for more details on individual fields.
JSON representation |
---|
{ "type": enum ( |
Fields | |
---|---|
type |
Job type. |
labels |
Labels provided for the job. An object containing a list of |
reservation |
User specified reservation for the job. |
Union field config . Job configuration information. config can be only one of the following: |
|
query |
Query job information. |
load |
Load job information. |
extract |
Extract job information. |
table |
TableCopy job information. |
BigQueryAuditMetadata.JobConfig.Query
Query job configuration.
JSON representation |
---|
{ "query": string, "queryTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
Fields | |
---|---|
query |
The SQL query to run. Truncated if exceeds 50K. |
query |
True if the query field was truncated. |
destination |
The destination table for the query results. |
create |
Destination table create disposition. |
write |
Destination table write disposition. |
default |
Default dataset for the query. |
table |
External data sources used in the query. |
priority |
Priority given to the query. |
destination |
Result table encryption information. Set when non-default encryption is used. |
statement |
Type of the query. |
BigQueryAuditMetadata.TableDefinition
Definition of an external data source used in a query.
JSON representation |
---|
{ "name": string, "sourceUris": [ string ] } |
Fields | |
---|---|
name |
Name of the table, used in queries. |
source |
URIs for the data. |
BigQueryAuditMetadata.EncryptionInfo
Encryption properties for a table or a job
JSON representation |
---|
{ "kmsKeyName": string } |
Fields | |
---|---|
kms |
Cloud kms key identifier. Format: |
BigQueryAuditMetadata.JobConfig.Load
Load job configuration.
JSON representation |
---|
{ "sourceUris": [ string ], "sourceUrisTruncated": boolean, "schemaJson": string, "schemaJsonTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
Fields | |
---|---|
source |
URIs for the data to be imported. Entire list is truncated if exceeds 40K. |
source |
True if the source_URIs field was truncated. |
schema |
The table schema in JSON format. Entire field is truncated if exceeds 40K. |
schema |
True if the schemaJson field was truncated. |
destination |
The destination table for the import. |
create |
Destination table create disposition. |
write |
Destination table write disposition. |
destination |
Result table encryption information. Set when non-default encryption is used. |
BigQueryAuditMetadata.JobConfig.Extract
Extract job configuration.
JSON representation |
---|
{ "destinationUris": [ string ], "destinationUrisTruncated": boolean, // Union field |
Fields | |
---|---|
destination |
URIs where extracted data should be written. Entire list is truncated if exceeds 50K. |
destination |
True if the destination_URIs field was truncated. |
Union field
|
|
source |
The source table. |
source |
The source model. |
BigQueryAuditMetadata.JobConfig.TableCopy
Table copy job configuration.
JSON representation |
---|
{ "sourceTables": [ string ], "sourceTablesTruncated": boolean, "destinationTable": string, "createDisposition": enum ( |
Fields | |
---|---|
source |
Source tables. Entire list is truncated if exceeds 50K. |
source |
True if the sourceTables field was truncated. |
destination |
Destination table. |
create |
Destination table create disposition. |
write |
Destination table write disposition. |
destination |
Result table encryption information. Set when non-default encryption is used. |
operation |
Supported operation types in the table copy job. |
destination |
Expiration time set on the destination table. Expired tables will be deleted and their storage reclaimed. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
BigQueryAuditMetadata.JobStatus
Status of a job.
JSON representation |
---|
{ "jobState": enum ( |
Fields | |
---|---|
job |
State of the job. |
error |
Job error, if the job failed. |
errors[] |
Errors encountered during the running of the job. Does not necessarily mean that the job has completed or was unsuccessful. |
BigQueryAuditMetadata.JobStats
Job statistics.
JSON representation |
---|
{ "createTime": string, "startTime": string, "endTime": string, "totalSlotMs": string, "reservationUsage": [ { object ( |
Fields | |
---|---|
create |
Job creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
start |
Job execution start time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
end |
Job completion time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
total |
The total number of slot-ms consumed by the query job. |
reservationUsage[] |
Deprecated: Reservation usage attributed from each tier of a reservation hierarchy. This field is empty because the provided reservation usage statistics are not accurate. Use the INFORMATION_SCHEMA.JOBS view to find the average slot usage for a given period of time. |
reservation |
Reservation name or "unreserved" for on-demand resource usage. |
parent |
Parent job name. Only present for child jobs. |
Union field extended . Statistics specific to the job type. extended can be only one of the following: |
|
query |
Query job statistics. |
load |
Load job statistics. |
extract |
Extract job statistics. |
BigQueryAuditMetadata.JobStats.Query
Query job statistics.
JSON representation |
---|
{ "totalProcessedBytes": string, "totalBilledBytes": string, "billingTier": integer, "referencedTables": [ string ], "referencedViews": [ string ], "referencedRoutines": [ string ], "outputRowCount": string, "cacheHit": boolean } |
Fields | |
---|---|
total |
Total bytes processed by the query job. |
total |
Total bytes billed by the query job. |
billing |
The tier assigned by the CPU-based billing. |
referenced |
Tables accessed by the query job. |
referenced |
Views accessed by the query job. |
referenced |
Routines accessed by the query job. |
output |
Number of output rows produced by the query job. |
cache |
True if the query job results were read from the query cache. |
BigQueryAuditMetadata.JobStats.Load
Load job statistics.
JSON representation |
---|
{ "totalOutputBytes": string } |
Fields | |
---|---|
total |
Total bytes loaded by the import job. |
BigQueryAuditMetadata.JobStats.Extract
Extract job statistics.
JSON representation |
---|
{ "totalInputBytes": string, "totalBytesExtracted": string } |
Fields | |
---|---|
total |
Total bytes exported by the extract job.This is the byte count as computed by BigQuery for billing purposes and doesn't have any relationship with the number of actual result bytes extracted in the desired format. |
total |
Bytes extracted in output, that will always be populated for exports (even if the byte count for billing is 0) |
BigQueryAuditMetadata.JobStats.ReservationResourceUsage
Job resource usage breakdown by reservation.
JSON representation |
---|
{ "name": string, "slotMs": string } |
Fields | |
---|---|
name |
Reservation name or "unreserved" for on-demand resources usage. |
slot |
Total slot milliseconds used by the reservation for a particular job. |
BigQueryAuditMetadata.JobChange
Job state change event.
JSON representation |
---|
{ "before": enum ( |
Fields | |
---|---|
before |
Job state before the job state change. |
after |
Job state after the job state change. |
job |
Job metadata. |
BigQueryAuditMetadata.JobDeletion
Job deletion event.
JSON representation |
---|
{
"jobName": string,
"reason": enum ( |
Fields | |
---|---|
job |
Job URI. Format: |
reason |
Describes how the job was deleted. |
BigQueryAuditMetadata.DatasetCreation
Dataset creation event.
JSON representation |
---|
{ "dataset": { object ( |
Fields | |
---|---|
dataset |
Dataset metadata. |
reason |
Describes how the dataset was created. |
job |
The URI of the job that created the dataset. Present if the reason is QUERY. Format: |
BigQueryAuditMetadata.Dataset
BigQuery dataset.
JSON representation |
---|
{ "datasetName": string, "datasetInfo": { object ( |
Fields | |
---|---|
dataset |
Dataset URI. Format: |
dataset |
User-provided metadata for the dataset. |
create |
Dataset creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update |
Dataset metadata last update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
acl |
The access control list for the dataset. |
default |
Default expiration time for tables in the dataset. A duration in seconds with up to nine fractional digits, ending with ' |
default |
Default encryption for tables in the dataset. |
default |
Default collation for the dataset. |
tags |
IAM Tags attached to this entity. An object containing a list of |
BigQueryAuditMetadata.EntityInfo
User-provided metadata for an entity, e.g. dataset, table or model.
JSON representation |
---|
{ "friendlyName": string, "description": string, "labels": { string: string, ... } } |
Fields | |
---|---|
friendly |
A short name for the entity. |
description |
A long description for the entity. |
labels |
Labels provided for the entity. An object containing a list of |
BigQueryAuditMetadata.BigQueryAcl
An access control list.
JSON representation |
---|
{
"policy": {
object ( |
Fields | |
---|---|
policy |
IAM policy for the resource. |
authorized |
List of authorized views for a dataset. Format: |
BigQueryAuditMetadata.DatasetChange
Dataset change event.
JSON representation |
---|
{ "dataset": { object ( |
Fields | |
---|---|
dataset |
Dataset metadata after the change. |
reason |
Describes how the dataset was changed. |
job |
The URI of the job that updated the dataset. Present if the reason is QUERY. Format: |
binding |
List of IAM policy deltas. This field contains the difference between the original policy and the new policy when the IAM policy is updated via SetIamPolicy API. |
access |
List of access changes. This field contains the difference between the original ACLs and the new ACLs when the ACLs are updated via datasets.update API. |
BindingDelta
One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
JSON representation |
---|
{ "action": enum ( |
Fields | |
---|---|
action |
The action that was performed on a Binding. Required |
role |
Role that is assigned to |
member |
A single identity requesting access for a Google Cloud resource. Follows the same format of Binding.members. Required |
condition |
The condition that is associated with this binding. |
BigQueryAuditMetadata.AccessChange
One change entry for Access.
JSON representation |
---|
{ "action": enum ( |
Fields | |
---|---|
action |
The action that was performed on an access. |
access |
Access entry. |
access. |
An IAM role ID that should be granted to the user, group, or domain specified in this access entry. The following legacy mappings will be applied:
This field will accept any of the above formats, but will return only the legacy format. For example, if you set this field to "roles/bigquery.dataOwner", it will be returned back as "OWNER". |
access. |
[Pick one] An email address of a user to grant access to. For example: fred@example.com. Maps to IAM policy member "user:EMAIL" or "serviceAccount:EMAIL". |
access. |
[Pick one] An email address of a Google Group to grant access to. Maps to IAM policy member "group:GROUP". |
access. |
[Pick one] A domain to grant access to. Any users signed in with the domain specified will be granted the specified access. Example: "example.com". Maps to IAM policy member "domain:DOMAIN". |
access. |
[Pick one] A special group to grant access to. Possible values include:
Maps to similarly-named IAM members. |
access. |
[Pick one] Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. |
access. |
[Pick one] A view from a different dataset to grant access to. Queries executed against that view will have read access to views/tables/routines in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. |
access. |
[Pick one] A routine from a different dataset to grant access to. Queries executed against that routine will have read access to views/tables/routines in this dataset. Only UDF is supported for now. The role field is not required when this field is set. If that routine is updated by any user, access to the routine needs to be granted again via an update operation. |
access. |
[Pick one] A grant authorizing all resources of a particular type in a particular dataset access to this dataset. Only views are supported for now. The role field is not required when this field is set. If that dataset is deleted and re-created, its access needs to be granted again via an update operation. |
access. |
Optional. condition for the binding. If CEL expression in this field is true, this access binding will be considered |
BigQueryAuditMetadata.DatasetDeletion
Dataset deletion event.
JSON representation |
---|
{
"reason": enum ( |
Fields | |
---|---|
reason |
Describes how the dataset was deleted. |
job |
The URI of the job that deleted the dataset. Present if the reason is QUERY. Format: |
BigQueryAuditMetadata.TableCreation
Table creation event.
JSON representation |
---|
{ "table": { object ( |
Fields | |
---|---|
table |
Table metadata. |
reason |
Describes how the table was created. |
job |
The URI of the job that created a table. Present if the reason is JOB or QUERY. Format: |
BigQueryAuditMetadata.Table
BigQuery table.
JSON representation |
---|
{ "tableName": string, "tableInfo": { object ( |
Fields | |
---|---|
table |
Table URI. Format: |
table |
User-provided metadata for the table. |
schema |
A JSON representation of the table's schema. Entire field is truncated if exceeds 40K. |
schema |
True if the schemaJson field was truncated. |
view |
View metadata. Only present for views. |
expire |
Table expiration time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
create |
The table creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update |
The last time metadata update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
truncate |
The last table truncation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
encryption |
Table encryption information. Set when non-default encryption is used. |
default |
The default collation of the table. |
table |
The table constraints. |
tags |
IAM Tags attached to this entity. An object containing a list of |
time |
Time-based partitioning specifications for this table if specified. |
range |
Range partitioning specification for this table if specified. |
clustering |
Clustering specification for the table. |
require |
If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. |
partition |
The partitioning information, which includes managed table, external table and metastore partitioned table partition information. |
BigQueryAuditMetadata.TableViewDefinition
View definition.
JSON representation |
---|
{
"query": string,
"queryTruncated": boolean,
"privacyPolicy": {
object ( |
Fields | |
---|---|
query |
SQL query defining the view. Truncated if exceeds 40K. |
query |
True if the schemaJson field was truncated. |
privacy |
Privacy Policy for view. |
PrivacyPolicy
Represents privacy policy that contains the privacy requirements specified by the data owner. Currently, this is only supported on views.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field privacy_policy . Privacy policy associated with this requirement specification. Only one of the privacy methods is allowed per data source object. privacy_policy can be only one of the following: |
|
aggregation |
Optional. Policy used for aggregation thresholds. |
differential |
Optional. Policy used for differential privacy. |
join |
Optional. Join restriction policy is outside of the one of policies, since this policy can be set along with other policies. This policy gives data providers the ability to enforce joins on the 'joinAllowedColumns' when data is queried from a privacy protected view. |
AggregationThresholdPolicy
Represents privacy policy associated with "aggregation threshold" method.
JSON representation |
---|
{ "privacyUnitColumns": [ string ], "threshold": string } |
Fields | |
---|---|
privacy |
Optional. The privacy unit column(s) associated with this policy. For now, only one column per data source object (table, view) is allowed as a privacy unit column. Representing as a repeated field in metadata for extensibility to multiple columns in future. Duplicates and Repeated struct fields are not allowed. For nested fields, use dot notation ("outer.inner") |
threshold |
Optional. The threshold for the "aggregation threshold" policy. |
DifferentialPrivacyPolicy
Represents privacy policy associated with "differential privacy" method.
JSON representation |
---|
{ "maxEpsilonPerQuery": number, "deltaPerQuery": number, "maxGroupsContributed": string, "privacyUnitColumn": string, "epsilonBudget": number, "deltaBudget": number, "epsilonBudgetRemaining": number, "deltaBudgetRemaining": number } |
Fields | |
---|---|
max |
Optional. The maximum epsilon value that a query can consume. If the subscriber specifies epsilon as a parameter in a SELECT query, it must be less than or equal to this value. The epsilon parameter controls the amount of noise that is added to the groups — a higher epsilon means less noise. |
delta |
Optional. The delta value that is used per query. Delta represents the probability that any row will fail to be epsilon differentially private. Indicates the risk associated with exposing aggregate rows in the result of a query. |
max |
Optional. The maximum groups contributed value that is used per query. Represents the maximum number of groups to which each protected entity can contribute. Changing this value does not improve or worsen privacy. The best value for accuracy and utility depends on the query and data. |
privacy |
Optional. The privacy unit column associated with this policy. Differential privacy policies can only have one privacy unit column per data source object (table, view). |
epsilon |
Optional. The total epsilon budget for all queries against the privacy-protected view. Each subscriber query against this view charges the amount of epsilon they request in their query. If there is sufficient budget, then the subscriber query attempts to complete. It might still fail due to other reasons, in which case the charge is refunded. If there is insufficient budget the query is rejected. There might be multiple charge attempts if a single query references multiple views. In this case there must be sufficient budget for all charges or the query is rejected and charges are refunded in best effort. The budget does not have a refresh policy and can only be updated via ALTER VIEW or circumvented by creating a new view that can be queried with a fresh budget. |
delta |
Optional. The total delta budget for all queries against the privacy-protected view. Each subscriber query against this view charges the amount of delta that is pre-defined by the contributor through the privacy policy deltaPerQuery field. If there is sufficient budget, then the subscriber query attempts to complete. It might still fail due to other reasons, in which case the charge is refunded. If there is insufficient budget the query is rejected. There might be multiple charge attempts if a single query references multiple views. In this case there must be sufficient budget for all charges or the query is rejected and charges are refunded in best effort. The budget does not have a refresh policy and can only be updated via ALTER VIEW or circumvented by creating a new view that can be queried with a fresh budget. |
epsilon |
Output only. The epsilon budget remaining. If budget is exhausted, no more queries are allowed. Note that the budget for queries that are in progress is deducted before the query executes. If the query fails or is cancelled then the budget is refunded. In this case the amount of budget remaining can increase. |
delta |
Output only. The delta budget remaining. If budget is exhausted, no more queries are allowed. Note that the budget for queries that are in progress is deducted before the query executes. If the query fails or is cancelled then the budget is refunded. In this case the amount of budget remaining can increase. |
JoinRestrictionPolicy
Represents privacy policy associated with "join restrictions". Join restriction gives data providers the ability to enforce joins on the 'joinAllowedColumns' when data is queried from a privacy protected view.
JSON representation |
---|
{
"joinAllowedColumns": [
string
],
"joinCondition": enum ( |
Fields | |
---|---|
join |
Optional. The only columns that joins are allowed on. This field is must be specified for join_conditions JOIN_ANY and JOIN_ALL and it cannot be set for JOIN_BLOCKED. |
join |
Optional. Specifies if a join is required or not on queries for the view. Default is JOIN_CONDITION_UNSPECIFIED. |
BigQueryAuditMetadata.TableConstraints
Describes constraints defined on a BigQuery table.
JSON representation |
---|
{ "primaryKey": { object ( |
Fields | |
---|---|
primary |
The primary key of the table. |
foreign |
Foreign keys of the table. |
BigQueryAuditMetadata.TableConstraints.PrimaryKey
Describes a primary key defined on a table.
JSON representation |
---|
{ "columns": [ string ] } |
Fields | |
---|---|
columns[] |
Table columns that are part of the primary key. |
BigQueryAuditMetadata.TableConstraints.ForeignKey
Describes a foreign key defined on a table.
JSON representation |
---|
{ "name": string, "referencingColumns": [ string ], "referencedColumns": [ string ], "referencedTableId": string, "referencedDatasetId": string, "referencedProjectId": string } |
Fields | |
---|---|
name |
The name of the foreign key. |
referencing |
Table columns that are part of the foreign key. |
referenced |
Columns that are part of the referenced key. |
referenced |
The referenced table id. |
referenced |
The dataset of the referenced table. |
referenced |
The project of the referenced table. |
TimePartitioning
JSON representation |
---|
{ "type": string, "expirationMs": string, "field": string, "requirePartitionFilter": boolean } |
Fields | |
---|---|
type |
Required. The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively. |
expiration |
Optional. Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value. |
field |
Optional. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. A wrapper is used here because an empty string is an invalid value. |
requirePartitionFilter |
If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. This field is deprecated; please set the field with the same name on the table itself instead. This field needs a wrapper because we want to output the default value, false, if the user explicitly set it. |
RangePartitioning
JSON representation |
---|
{ "field": string, "range": { "start": string, "end": string, "interval": string } } |
Fields | |
---|---|
field |
Required. The name of the column to partition the table on. It must be a top-level, INT64 column whose mode is NULLABLE or REQUIRED. |
range |
Defines the ranges for range partitioning. |
range. |
Required. The start of range partitioning, inclusive. This field is an INT64 value represented as a string. |
range. |
Required. The end of range partitioning, exclusive. This field is an INT64 value represented as a string. |
range. |
Required. The width of each interval. This field is an INT64 value represented as a string. |
Clustering
Configures table clustering.
JSON representation |
---|
{ "fields": [ string ] } |
Fields | |
---|---|
fields[] |
One or more fields on which data should be clustered. Only top-level, non-repeated, simple-type fields are supported. The ordering of the clustering fields should be prioritized from most to least important for filtering purposes. Additional information on limitations can be found here: https://cloud.google.com/bigquery/docs/creating-clustered-tables#limitations |
PartitioningDefinition
The partitioning information, which includes managed table, external table and metastore partitioned table partition information.
JSON representation |
---|
{
"partitionedColumn": [
{
object ( |
Fields | |
---|---|
partitioned |
Optional. Details about each partitioning column. This field is output only for all partitioning types other than metastore partitioned tables. BigQuery native tables only support 1 partitioning column. Other table types may support 0, 1 or more partitioning columns. For metastore partitioned tables, the order must match the definition order in the Hive Metastore, where it must match the physical layout of the table. For example, CREATE TABLE a_table(id BIGINT, name STRING) PARTITIONED BY (city STRING, state STRING). In this case the values must be ['city', 'state'] in that order. |
PartitionedColumn
The partitioning column information.
JSON representation |
---|
{ "field": string } |
Fields | |
---|---|
field |
Required. The name of the partition column. |
BigQueryAuditMetadata.TableChange
Table metadata change event.
JSON representation |
---|
{ "table": { object ( |
Fields | |
---|---|
table |
Updated table metadata. |
truncated |
True if the table was truncated. |
reason |
Describes how the table metadata was changed. |
job |
The URI of the job that changed a table. Present if the reason is JOB or QUERY. Format: |
binding |
List of IAM policy deltas. |
alter |
Statistics for ALTER TABLE sql statement. |
replica |
The replica table which the updated table is replicated to. |
BigQueryAuditMetadata.TableChange.AlterTableStats
Statistics for ALTER TABLE sql statement.
JSON representation |
---|
{ "addedColumns": integer, "droppedColumns": integer, "updatedColumns": integer, "renamedColumns": integer } |
Fields | |
---|---|
added |
Number of columns added during sql execution. |
dropped |
Number of columns dropped during sql execution. |
updated |
Number of columns modified during sql execution. There can be multiple type of modifications like SET OPTION, SET DATA TYPE etc. |
renamed |
Number of columns renamed during sql execution. |
BigQueryAuditMetadata.TableDeletion
Table deletion event.
JSON representation |
---|
{
"reason": enum ( |
Fields | |
---|---|
reason |
Describes how table was deleted. |
job |
The URI of the job that deleted a table. Present if the reason is QUERY. Format: |
BigQueryAuditMetadata.TableDataRead
Table data read event.
JSON representation |
---|
{
"fields": [
string
],
"fieldsTruncated": boolean,
"policyTags": [
string
],
"policyTagsTruncated": boolean,
"reason": enum ( |
Fields | |
---|---|
fields[] |
List of the accessed fields. Entire list is truncated if the record size exceeds 100K. |
fields |
True if the fields list was truncated. |
policy |
List of the referenced policy tags. That is, policy tags attached to the accessed fields or their ancestors. Policy tag resource name is a string of the format: |
policy |
True if the policy tag list was truncated. At most 100 policy tags can be saved. |
reason |
Describes how the table data was read. |
job |
The URI of the job that read a table. Present if the reason is JOB but can be reducted for privacy reasons. Format: |
session |
The URI of the read session that read a table. Present if the reason is CREATE_READ_SESSION. Format: |
read |
The name of the read stream that is being read OR split. Present if the reason is READ_ROWS or SPLIT_READ_STREAM. This will be of the form |
offset |
The offset requested in a READ_ROWS call. |
row |
Number of serialized rows in the rows block. Present if the reason is READ_ROWS. |
fraction |
A value in the range (0.0, 1.0) that specifies the fractional point at which the original stream should be split. Present iff the reason is SPLIT_READ_STREAM. |
primary |
Primary stream name, which contains the beginning portion of |readStream|. An empty value indicates that the original stream can no longer be split. Present iff the reason is SPLIT_READ_STREAM. |
remainder |
Remainder stream name, which contains the tail of |readStream|. An empty value indicates that the original stream can no longer be split. Present iff the reason is SPLIT_READ_STREAM. |
write |
The name of the write stream that is being used for the table data read. This will be of the form |
BigQueryAuditMetadata.TableDataChange
Table data change event.
JSON representation |
---|
{
"deletedRowsCount": string,
"insertedRowsCount": string,
"truncated": boolean,
"reason": enum ( |
Fields | |
---|---|
deleted |
Number of deleted rows. |
inserted |
Number of inserted rows. |
truncated |
True if the table was truncated. |
reason |
Describes how the table data was changed. |
job |
The URI of the job that changed a table. Format: |
stream |
If written from WRITE_API, the name of the stream. Format: |
batch |
During batch commits, multiple stream names would be involved. Format: |
BigQueryAuditMetadata.ModelDeletion
Model deletion event.
JSON representation |
---|
{
"reason": enum ( |
Fields | |
---|---|
reason |
Describes how the model was deleted. |
job |
The URI of the job that deleted a model. Present if the reason is QUERY. Format: |
BigQueryAuditMetadata.ModelCreation
Model creation event.
JSON representation |
---|
{ "model": { object ( |
Fields | |
---|---|
model |
Model metadata. |
reason |
Describes how the model was created. |
job |
The URI of the job that created the model. Format: |
BigQueryAuditMetadata.Model
Trained BigQuery ML model.
JSON representation |
---|
{ "modelName": string, "modelInfo": { object ( |
Fields | |
---|---|
model |
Model URI. Format: |
model |
User-provided metadata for the model. |
expire |
Model expiration time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
create |
Model creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update |
Model last update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
encryption |
Model encryption information. Set when non-default encryption is used. |
BigQueryAuditMetadata.ModelMetadataChange
Model metadata change event.
JSON representation |
---|
{ "model": { object ( |
Fields | |
---|---|
model |
Updated model. |
reason |
Describes how the model metadata was changed. |
job |
The URI of the job that changed the model metadata. Present if and only if the reason is QUERY. Format: |
BigQueryAuditMetadata.ModelDataChange
Model data change event.
JSON representation |
---|
{
"reason": enum ( |
Fields | |
---|---|
reason |
Describes how the model data was changed. |
job |
The URI of the job that changed the model data. Format: |
BigQueryAuditMetadata.ModelDataRead
Model data read event.
JSON representation |
---|
{
"reason": enum ( |
Fields | |
---|---|
reason |
Describes how the model data was read. |
job |
The URI of the job that read the model data. Format: |
BigQueryAuditMetadata.RoutineCreation
Routine creation event.
JSON representation |
---|
{ "routine": { object ( |
Fields | |
---|---|
routine |
Created routine. |
reason |
Describes how the routine was created. |
job |
The URI of the job that created the routine. Format: |
BigQueryAuditMetadata.Routine
User Defined Function (UDF) or Stored Procedure.
JSON representation |
---|
{ "routineName": string, "createTime": string, "updateTime": string } |
Fields | |
---|---|
routine |
Routine URI. Format: |
create |
Routine creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update |
Routine last update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
BigQueryAuditMetadata.RoutineChange
Routine change event.
JSON representation |
---|
{ "routine": { object ( |
Fields | |
---|---|
routine |
Updated routine. |
reason |
Describes how the routine was updated. |
job |
The URI of the job that updated the routine. Format: |
BigQueryAuditMetadata.RoutineDeletion
Routine deletion event.
JSON representation |
---|
{ "routine": { object ( |
Fields | |
---|---|
routine |
Deleted routine. |
reason |
Describes how the routine was deleted. |
job |
The URI of the job that deleted the routine. Present if the reason is QUERY. Format: |
BigQueryAuditMetadata.RowAccessPolicyCreation
Row access policy creation event.
JSON representation |
---|
{
"rowAccessPolicy": {
object ( |
Fields | |
---|---|
row |
The row access policy created by this event. |
job |
The URI of the job that created this row access policy. Format: |
BigQueryAuditMetadata.RowAccessPolicy
BigQuery row access policy.
JSON representation |
---|
{ "rowAccessPolicyName": string } |
Fields | |
---|---|
row |
Row access policy URI. Format: |
BigQueryAuditMetadata.RowAccessPolicyChange
Row access policy change event.
JSON representation |
---|
{
"rowAccessPolicy": {
object ( |
Fields | |
---|---|
row |
The row access policy that was changed by this event. |
job |
The URI of the job that created this row access policy. Format: |
BigQueryAuditMetadata.RowAccessPolicyDeletion
Row access policy deletion event.
JSON representation |
---|
{
"rowAccessPolicies": [
{
object ( |
Fields | |
---|---|
row |
The row access policies that were deleted. At present, only populated when a single policy is dropped. |
job |
The job that deleted these row access policies. Format: |
all |
This field is set to true when a DROP ALL command has been executed, thus removing all row access policies on the table. |
BigQueryAuditMetadata.UnlinkDataset
Unlink linked dataset from its source dataset event
JSON representation |
---|
{
"linkedDataset": string,
"sourceDataset": string,
"reason": enum ( |
Fields | |
---|---|
linked |
The linked dataset URI which is unlinked from its source. Format: |
source |
The source dataset URI from which the linked dataset is unlinked. Format: |
reason |
Reason for unlinking linked dataset |
BigQueryAuditMetadata.SearchIndexCreation
Search index creation event.
JSON representation |
---|
{ "searchIndex": { object ( |
Fields | |
---|---|
search |
Search index metadata. |
reason |
Describes how the search index was created. |
job |
The URI of the job that created the search index. Format: |
BigQueryAuditMetadata.SearchIndex
BigQuery Search Index.
JSON representation |
---|
{ "searchIndexName": string } |
Fields | |
---|---|
search |
Search index URI. Format: |
BigQueryAuditMetadata.SearchIndexDeletion
Search index deletion event.
JSON representation |
---|
{ "searchIndex": { object ( |
Fields | |
---|---|
search |
Search index metadata. |
reason |
Describes how the search index was deleted. |
job |
The URI of the job that deleted the search index. Format: |
BigQueryAuditMetadata.VectorIndexCreation
Vector index creation event.
JSON representation |
---|
{ "vectorIndex": { object ( |
Fields | |
---|---|
vector |
Vector index metadata. |
reason |
Describes how the vector index was created. |
job |
The URI of the job that created the vector index. Format: |