Stay organized with collections Save and categorize content based on your preferences.
This document describes audit logging for Cloud SQL. Google Cloud services generate audit logs that record administrative and access activities within your Google Cloud resources. For more information about Cloud Audit Logs, see the following:
Cloud SQL audit logs use the service name cloudsql.googleapis.com. Filter for this service:
protoPayload.serviceName="cloudsql.googleapis.com"Methods by permission type
Each IAM permission has a type property, whose value is an enum that can be one of four values: ADMIN_READ, ADMIN_WRITE, DATA_READ, or DATA_WRITE. When you call a method, Cloud SQL generates an audit log whose category is dependent on the type property of the permission required to perform the method. Methods that require an IAM permission with the type property value of DATA_READ, DATA_WRITE, or ADMIN_READ generate Data Access audit logs. Methods that require an IAM permission with the type property value of ADMIN_WRITE generate Admin Activity audit logs.
ADMIN_READ cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.backups.list
cloudsql.instances.get
cloudsql.instances.list
cloudsql.instances.listServerCas
cloudsql.operations.get
cloudsql.operations.list
cloudsql.sslCerts.get
cloudsql.sslCerts.list ADMIN_WRITE cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backups.create
cloudsql.backups.delete
cloudsql.backups.update
cloudsql.instances.addServerCa
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.delete
cloudsql.instances.demoteMaster
cloudsql.instances.failover
cloudsql.instances.migrate
cloudsql.instances.promoteReplica
cloudsql.instances.reencrypt
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.rotateServerCa
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.sslCerts.create
cloudsql.sslCerts.delete DATA_READ cloudsql.databases.get
cloudsql.databases.list
cloudsql.instances.export
cloudsql.users.get
cloudsql.users.list DATA_WRITE cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.update
cloudsql.instances.executeSql
cloudsql.instances.import
cloudsql.instances.login
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.update API interface audit logs
For information about how and which permissions are evaluated for each method, see the Identity and Access Management documentation for Cloud SQL.
cloudsql.backupRuns
The following audit logs are associated with methods belonging to cloudsql.backupRuns.
create
cloudsql.backupRuns.createcloudsql.backupRuns.create - ADMIN_WRITE protoPayload.methodName="cloudsql.backupRuns.create" delete
cloudsql.backupRuns.deletecloudsql.backupRuns.delete - ADMIN_WRITE protoPayload.methodName="cloudsql.backupRuns.delete" get
cloudsql.backupRuns.getcloudsql.backupRuns.get - ADMIN_READ protoPayload.methodName="cloudsql.backupRuns.get" list
cloudsql.backupRuns.listcloudsql.backupRuns.list - ADMIN_READ protoPayload.methodName="cloudsql.backupRuns.list" cloudsql.backups
The following audit logs are associated with methods belonging to cloudsql.backups.
create
cloudsql.backups.createcloudsql.backupRuns.create - ADMIN_WRITE protoPayload.methodName="cloudsql.backups.create" delete
cloudsql.backups.deletecloudsql.backupRuns.delete - ADMIN_WRITE protoPayload.methodName="cloudsql.backups.delete" list
cloudsql.backups.listcloudsql.backupRuns.list - ADMIN_READ protoPayload.methodName="cloudsql.backups.list" update
cloudsql.backups.updatecloudsql.backupRuns.update - ADMIN_WRITE protoPayload.methodName="cloudsql.backups.update" cloudsql.databases
The following audit logs are associated with methods belonging to cloudsql.databases.
create
cloudsql.databases.createcloudsql.databases.create - DATA_WRITE protoPayload.methodName="cloudsql.databases.create" delete
cloudsql.databases.deletecloudsql.databases.delete - DATA_WRITE protoPayload.methodName="cloudsql.databases.delete" get
cloudsql.databases.getcloudsql.databases.get - DATA_READ protoPayload.methodName="cloudsql.databases.get" list
cloudsql.databases.listcloudsql.databases.list - DATA_READ protoPayload.methodName="cloudsql.databases.list" update
cloudsql.databases.updatecloudsql.databases.update - DATA_WRITE protoPayload.methodName="cloudsql.databases.update" cloudsql.instances
The following audit logs are associated with methods belonging to cloudsql.instances.
addServerCa
cloudsql.instances.addServerCacloudsql.instances.addServerCa - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.addServerCa" clone
cloudsql.instances.clonecloudsql.instances.clone - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.clone" connect
cloudsql.instances.connectcloudsql.instances.connect - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.connect" create
cloudsql.instances.createcloudsql.instances.create - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.create" delete
cloudsql.instances.deletecloudsql.instances.delete - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.delete" demoteMaster
cloudsql.instances.demoteMastercloudsql.instances.demoteMaster - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.demoteMaster" executeSql
cloudsql.instances.executeSqlcloudsql.instances.executeSql - DATA_WRITE protoPayload.methodName="cloudsql.instances.executeSql" export
cloudsql.instances.exportcloudsql.instances.export - DATA_READ protoPayload.methodName="cloudsql.instances.export" failover
cloudsql.instances.failovercloudsql.instances.failover - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.failover" get
cloudsql.instances.getcloudsql.instances.get - ADMIN_READ protoPayload.methodName="cloudsql.instances.get" import
cloudsql.instances.importcloudsql.instances.import - DATA_WRITE protoPayload.methodName="cloudsql.instances.import" list
cloudsql.instances.listcloudsql.instances.list - ADMIN_READ protoPayload.methodName="cloudsql.instances.list" listServerCas
cloudsql.instances.listServerCascloudsql.instances.listServerCas - ADMIN_READ protoPayload.methodName="cloudsql.instances.listServerCas" login
cloudsql.instances.logincloudsql.instances.login - DATA_WRITE protoPayload.methodName="cloudsql.instances.login" migrate
cloudsql.instances.migratecloudsql.instances.migrate - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.migrate" promoteReplica
cloudsql.instances.promoteReplicacloudsql.instances.promoteReplica - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.promoteReplica" query
cloudsql.instances.query protoPayload.methodName="cloudsql.instances.query" reencrypt
cloudsql.instances.reencryptcloudsql.instances.reencrypt - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.reencrypt" resetSslConfig
cloudsql.instances.resetSslConfigcloudsql.instances.resetSslConfig - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.resetSslConfig" restart
cloudsql.instances.restartcloudsql.instances.restart - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.restart" restoreBackup
cloudsql.instances.restoreBackupcloudsql.instances.restoreBackup - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.restoreBackup" rotateServerCa
cloudsql.instances.rotateServerCacloudsql.instances.rotateServerCa - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.rotateServerCa" startReplica
cloudsql.instances.startReplicacloudsql.instances.startReplica - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.startReplica" stopReplica
cloudsql.instances.stopReplicacloudsql.instances.stopReplica - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.stopReplica" truncateLog
cloudsql.instances.truncateLogcloudsql.instances.truncateLog - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.truncateLog" update
cloudsql.instances.updatecloudsql.instances.update - ADMIN_WRITE protoPayload.methodName="cloudsql.instances.update" cloudsql.operations
The following audit logs are associated with methods belonging to cloudsql.operations.
get
cloudsql.operations.getcloudsql.instances.get - ADMIN_READ protoPayload.methodName="cloudsql.operations.get" list
cloudsql.operations.listcloudsql.instances.get - ADMIN_READ protoPayload.methodName="cloudsql.operations.list" cloudsql.sslCerts
The following audit logs are associated with methods belonging to cloudsql.sslCerts.
create
cloudsql.sslCerts.createcloudsql.sslCerts.create - ADMIN_WRITE protoPayload.methodName="cloudsql.sslCerts.create" delete
cloudsql.sslCerts.deletecloudsql.sslCerts.delete - ADMIN_WRITE protoPayload.methodName="cloudsql.sslCerts.delete" get
cloudsql.sslCerts.getcloudsql.sslCerts.get - ADMIN_READ protoPayload.methodName="cloudsql.sslCerts.get" list
cloudsql.sslCerts.listcloudsql.sslCerts.list - ADMIN_READ protoPayload.methodName="cloudsql.sslCerts.list" cloudsql.users
The following audit logs are associated with methods belonging to cloudsql.users.
create
cloudsql.users.createcloudsql.users.create - DATA_WRITE protoPayload.methodName="cloudsql.users.create" delete
cloudsql.users.deletecloudsql.users.delete - DATA_WRITE protoPayload.methodName="cloudsql.users.delete" get
cloudsql.users.getcloudsql.users.get - DATA_READ protoPayload.methodName="cloudsql.users.get" list
cloudsql.users.listcloudsql.users.list - DATA_READ protoPayload.methodName="cloudsql.users.list" update
cloudsql.users.updatecloudsql.users.update - DATA_WRITE protoPayload.methodName="cloudsql.users.update" System Event audit logs are generated by GCP systems, not direct user action. For more information, see System Event audit logs.
Method Name Filter For This Event Notes cloudsql.instances.autoFailover protoPayload.methodName="cloudsql.instances.autoFailover" cloudsql.instances.automatedBackup protoPayload.methodName="cloudsql.instances.automatedBackup" cloudsql.instances.automaticStorageIncrease protoPayload.methodName="cloudsql.instances.automaticStorageIncrease"
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4