Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
201 views
in Technique[技术] by (71.8m points)

How to check what service is writing to Azure Cosmos Db?

We have a large collection within an Azure Cosmos database using the SQL API. We were certain this db was not being used anymore, however we have just discovered that documents within that collection are being updated frequently but we are unsure which of our many services is writing to it.

Is there an easy way of determining what service is writing/updating the documents within a collection inside of Azure portal? I have tried multiple different filter combinations in the activity log but can't find anything.

question from:https://stackoverflow.com/questions/65648415/how-to-check-what-service-is-writing-to-azure-cosmos-db

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Because Cosmos DB uses master key to provide access to data there is no way to view who is accessing your data. One way you can provide details on who accesses data is to lock down the data plane by restricting RBAC roles that can access the master keys. This article describes one way of doing that. Once that is locked down you can then Audit control plane logs to see what client applications are accessing the data.

However, do actually implement this would take a fair amount of work to redesign how master keys are accessed by your client applications such that every client application would need to be redesigned, thus negating the benefit of doing such a thing.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...