Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2667,7 +2667,11 @@
},
"workspaceUID": {
"type": "string",
"description": "The workspace unique identifier."
"description": "The workspace unique identifier.",
"x-ms-mutability": [
"create",
"read"
]
}
},
"description": "Class representing the Kusto pool properties."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1538,7 +1538,11 @@
},
"isStorageSecondaryKeyInUse": {
"description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.",
"type": "boolean"
"type": "boolean",
"x-ms-mutability": [
Comment thread
sparatala marked this conversation as resolved.
"create",
"update"
]
},
"isAzureMonitorTargetEnabled": {
"description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'state' as 'Enabled' and 'isAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1261,7 +1261,11 @@
},
"linkedAccessCheckOnTargetResource": {
"description": "Linked Access Check On Target Resource",
"type": "boolean"
"type": "boolean",
"x-ms-mutability": [
"create",
"update"
]
},
"allowedAadTenantIdsForLinking": {
"description": "Allowed Aad Tenant Ids For Linking",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -446,7 +446,12 @@
"nodeCount": {
"type": "integer",
"format": "int32",
"description": "The number of nodes in the Big Data pool."
"description": "The number of nodes in the Big Data pool.",
"x-ms-mutability": [
Comment thread
sparatala marked this conversation as resolved.
"create",
"read",
"update"
]
},
"libraryRequirements": {
"$ref": "#/definitions/LibraryRequirements",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -706,7 +706,7 @@
"default": {
"description": "An error response received from the Azure Synapse service.",
"schema": {
"$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse"
"$ref": "../../../../common/v1/types.json#/definitions/CloudError"
}
}
},
Expand Down Expand Up @@ -1370,36 +1370,6 @@
"modelAsString": true
}
},
"ManagedIntegrationRuntime": {
"x-ms-discriminator-value": "Managed",
"description": "Managed integration runtime, including managed elastic and managed dedicated integration runtimes.",
"type": "object",
"allOf": [
{
"$ref": "#/definitions/IntegrationRuntime"
}
],
"properties": {
"provisioningState": {
"description": "Integration runtime state, only valid for managed dedicated integration runtime.",
"$ref": "#/definitions/IntegrationRuntimeState",
"readOnly": true
},
"typeProperties": {
"description": "Managed integration runtime properties.",
"x-ms-client-flatten": true,
"$ref": "#/definitions/ManagedIntegrationRuntimeTypeProperties"
},
"managedVirtualNetwork": {
"description": "Managed integration runtime managed virtual network.",
"x-ms-client-flatten": true,
"$ref": "#/definitions/ManagedIntegrationRuntimeManagedVirtualNetworkReference"
}
},
"required": [
"typeProperties"
]
},
"ManagedIntegrationRuntimeTypeProperties": {
"description": "Managed integration runtime type properties.",
"type": "object",
Expand Down Expand Up @@ -1432,7 +1402,11 @@
},
"id": {
"description": "The id of the managed virtual network.",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
}
}
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1556,7 +1556,7 @@
},
"default": {
"schema": {
"$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse"
"$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse"
},
"description": ""
}
Expand Down Expand Up @@ -5328,7 +5328,11 @@
"properties": {
"tier": {
"type": "string",
"description": "The service tier"
"description": "The service tier",
"x-ms-mutability": [
"create",
"update"
]
},
"name": {
"type": "string",
Expand Down Expand Up @@ -6165,19 +6169,31 @@
"retentionDays": {
"format": "int32",
"description": "Specifies the number of days to keep in the audit logs in the storage account.",
"type": "integer"
"type": "integer",
"x-ms-mutability": [
"create",
"read"
]
},
"auditActionsAndGroups": {
"description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)",
"type": "array",
"items": {
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
}
},
"storageAccountSubscriptionId": {
"format": "uuid",
"description": "Specifies the blob storage subscription Id.",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
},
"isStorageSecondaryKeyInUse": {
"description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1522,7 +1522,11 @@
"retentionDays": {
"format": "int32",
"description": "Specifies the number of days to keep in the audit logs in the storage account.",
"type": "integer"
"type": "integer",
"x-ms-mutability": [
"create",
"read"
]
},
"auditActionsAndGroups": {
"description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)",
Expand All @@ -1534,7 +1538,11 @@
"storageAccountSubscriptionId": {
"format": "uuid",
"description": "Specifies the blob storage subscription Id.",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
},
"isStorageSecondaryKeyInUse": {
"description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.",
Expand Down Expand Up @@ -1642,7 +1650,11 @@
},
"storageEndpoint": {
"description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
},
"storageAccountAccessKey": {
"description": "Specifies the identifier key of the Threat Detection audit storage account.",
Expand Down Expand Up @@ -1709,7 +1721,11 @@
"properties": {
"storageContainerPath": {
"description": "A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
},
"storageContainerSasKey": {
"description": "A shared access signature (SAS Key) that has read and write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required.",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -898,11 +898,19 @@
},
"administratorType": {
"description": "Workspace active directory administrator type",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
},
"sid": {
"description": "Object ID of the workspace active directory administrator",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
}
}
},
Expand Down Expand Up @@ -1095,7 +1103,11 @@
},
"linkedAccessCheckOnTargetResource": {
"description": "Linked Access Check On Target Resource",
"type": "boolean"
"type": "boolean",
"x-ms-mutability": [
"create",
"update"
]
},
"allowedAadTenantIdsForLinking": {
"description": "Allowed Aad Tenant Ids For Linking",
Expand Down Expand Up @@ -1182,7 +1194,11 @@
"properties": {
"initialWorkspaceAdminObjectId": {
"description": "AAD object ID of initial workspace admin",
"type": "string"
"type": "string",
"x-ms-mutability": [
"create",
"read"
]
}
}
},
Expand Down