Details for the Audit Service
This topic covers details for writing policies to control access to the Audit service.
Resource-Types
audit-events
Supported Variables
Only the general variables are supported (see General Variables for All Requests).
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the use and manage verbs for the audit-events resource-type cover no extra permissions or API operations compared to the read verb.
audit-events
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
| inspect | none |
none |
none |
| read | AUDIT_EVENT_READ |
|
none |
| use | no extra |
no extra |
none |
| manage | no extra |
no extra |
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type.
For information about permissions, see Permissions.
| API Operation | Permissions Required to Use the Operation |
|---|---|
ListEvents
|
AUDIT_EVENT_READ |