Stay organized with collections Save and categorize content based on your preferences.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs.
If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exemptedMembers in each AuditLogConfig are exempted.
Example Policy with multiple AuditConfigs:
{
"auditConfigs": [
{
"service": "allServices",
"auditLogConfigs": [
{
"logType": "DATA_READ",
"exemptedMembers": [
"user:jose@example.com"
]
},
{
"logType": "DATA_WRITE"
},
{
"logType": "ADMIN_READ"
}
]
},
{
"service": "sampleservice.googleapis.com",
"auditLogConfigs": [
{
"logType": "DATA_READ"
},
{
"logType": "DATA_WRITE",
"exemptedMembers": [
"user:aliya@example.com"
]
}
]
}
]
}
For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
{
"service": string,
"auditLogConfigs": [
{
object (AuditLogConfig)
}
]
} Fields service
string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs[]
object (AuditLogConfig)
The configuration for logging of each type of permission.
AuditLogConfigProvides the configuration for logging a type of permissions. Example:
{
"auditLogConfigs": [
{
"logType": "DATA_READ",
"exemptedMembers": [
"user:jose@example.com"
]
},
{
"logType": "DATA_WRITE"
}
]
}
This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
JSON representation{
"logType": enum (LogType),
"exemptedMembers": [
string
]
} Fields logType
enum (LogType)
The log type that this config enables.
exemptedMembers[]
string
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-17 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-17 UTC."],[[["AuditConfig specifies which permission types are logged for a service and which identities are exempt from logging, requiring at least one AuditLogConfig."],["If AuditConfigs exist for both `allServices` and a specific service, they are combined: the specified log types are enabled, and exempted members from each AuditLogConfig are exempted."],["AuditLogConfig configures logging for a specific permission type, and allows specification of identities that are exempted from logging for that type."],["The `service` field in AuditConfig determines which service is subject to audit logging, with `allServices` covering all services."],["`logType` in AuditLogConfig defines the type of permission being logged, while `exemptedMembers` specifies users or identities that are exempt from logging for that particular permission."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4