ALTR’s query audit logs maintain a record of all access to sensitive data protected by ALTR. Learn more.
| Name | Description |
|---|
| Completion Time | Date and time when the query audit log finished running. |
| Role | Snowflake role assigned to the Username who executed the query. |
| Filter | Click to filter query audit log entries. |
| Properties | Shows a collection of useful fields in the log entry. Click Show JSON to view the full log entry. |
| Query ID | Snowflake query ID; a unique identifier of the query. Hover over the ID or click it view the full query audit text. A popup displays to reveal the full text and the option to copy it. |
| Query Text | Input provided to execute the query. Hover over the text or click it to view the full query audit text. A popup displays to reveal the full text and the option to copy it. |
| Refresh | Click to retrieve any audit log entries that were created in the last 24 hours. |
| Rows Accessed | Number of rows returned by the query. |
| Show JSON / Hide JSON | If turned on, the full audit log entry displays under Properties as a single JSON object. If turned off, the full audit log entry details are hidden and only a select few fields display under Properties. |
| Username | Name of the Snowflake user who executed the query. |
| Name | Description |
|---|
| Key | Key within a tag key-value pair that was impacted by the query log. |
| Masking Policy | Displays the type of decision that was made for how to mask the tag. Options are: Allowed— Access to the tag is allowed for the Username / Current Role Blocked— Access to the tag has been blocked for the Username / Current Role No Permission— The Username / Current Role does not have permission to access this tag |
| Rationale | Displays the reason for the decision that was made for how to mask the tag. Options are: Most permissive - Most permissive policy— The user can access this data because the most permissive masking policy applies. Their role or user group is included in the policy for this tag. Allowed - Access data is not affected by any policies— The tag is connected to ALTR, but there’s no policy applied Blocked - Active anomaly— A policy has an alert to block the user’s access and the alert was triggered. No permission - User group is not present in any policies— A policy is configured, but the user’s role or group is not included. As a result, they have no permission to access the tag. No permission - Missing user and/or user group information— This is most likely a misconfiguration. “Query Tags” (user group information) are required, but this information wasn’t provided, the user’s role can’t be determined. Without this information, access to all data is denied. No permission - Invalid user and/or user group information— The query tag information was received, but there’s a misconfiguration—possibly over 500 roles or a message that’s too large. In either case, the user will receive “No Permission” with invalid data. No permission - Accessed data is not linked to any specific lock— The tag is connected as tokenized but there’s no policy applied. |
| Value | Value within a tag key-value pair that was impacted by the query log. |
| Name | Description |
|---|
| Column | Column within the table or view that was impacted by the query log. |
| Database | Database that was impacted by the query log. |
| Masking Policy | Displays the type of decision that was made for how to mask the Snowflake column. Options are: Allowed— Access to the column is allowed for the Username / Current Role Blocked— Access to the column has been blocked for the Username / Current Role No Permission— The Username / Current Role does not have permission to access this column |
| Rationale | Displays the reason for the decision that was made for how to mask the column. Options are: Most permissive - Most permissive policy— The user can access this data because the most permissive masking policy applies. Their role or user group is included in the policy for this column. Allowed - Access data is not affected by any policies— The column is connected to ALTR, but there’s no policy applied. Blocked - Active anomaly— A policy has an alert to block the user’s access and the alert was triggered. No permission - User group is not present in any policies— A policy is configured, but the user’s role or group is not included. As a result, they have no permission to access the column. No permission - Missing user and/or user group information— This is most likely a misconfiguration. “Query Tags” (user group information) are required, but this information wasn’t provided, the user’s role can’t be determined. Without this information, access to all data is denied. No permission - Invalid user and/or user group information— The query tag information was received, but there’s a misconfiguration—possibly over 500 roles or a message that’s too large. In either case, the user will receive “No Permission” with invalid data. No permission - Accessed data is not linked to any specific lock— The column is connected as tokenized but there’s no policy applied. |
| Schema | Schema within the database that was impacted by the query log. |
| Table/View | Table or view within the schema that was impacted by the query log. |
| Name | Description |
|---|
| Additional Parameters | Username— Name of Snowflake user who execute the query Current Role— Snowflake role assigned to the username who executed the query Query ID— Snowflake query ID, which is a unique identifier of the query log |
| Filter by column information | Filter query entries where a column connected to ALTR was accessed. These filters cannot be combined with Filter by tag information filters. Database— Name of the Snowflake database Schema— Name of the schema within the Snowflake database Table/View— Name of the table or the view within the schema Column— Name of the column in the table or the view |
| Filter by completion time | Pick a date range to filter audit log results by date. Query logs are filtered by when the audit completed. NOTE: Searching for log entries may take time depending on the number of audit records considered. Shortening this window may decrease the time required to return results. |
| Filter by tag information | Filter query entries where a tag connected to ALTR was accessed. These filters cannot be combined with Filter by column information filters. Tag Name— Name of the tag in Snowflake Tag Value— Information or data assigned to the tag |
