Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
frithjof_v
Super User
Super User

Warehouse Audit: How to audit SELECT actions?

‎04-05-2025 07:03 AM

I'm running this code in a Fabric Notebook to enable warehouse audit for a newly created Fabric warehouse:

 

import sempy.fabric as fabric
client = fabric.FabricRestClient()

payload = {
    "state": "Enabled",
    "retentionDays": "0"
}

url = https://api.fabric.microsoft.com/v1/workspaces/<workspaceId>/warehouses/<warehouseId>/settings/sqlAudit


response = client.patch(url, json=payload)
print(response.json())

response = client.get(url)
print(response.json())

I inserted the actual workspace id and warehouse id in the url.

Everything above runs successfully.

 

Next, I wish to configure audit action groups. I try to do this:

 

data = [ "DATABASE_OBJECT_PERMISSION_CHANGE_GROUP" ]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

The above also works.

 

Next, I tried to do the following, to specifically audit SELECT statements:

 

data = [ "SELECT" ]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

Then I get the following error:

FabricHTTPException: 500 Internal Server Error for url: https://api.fabric.microsoft.com/v1/workspaces/.../warehouses/.../settings/sqlAudit/setAuditActionsAndGroups
Error: {"requestId":"...","errorCode":"InternalServerError","message":"An internal error occurred."}
Headers: {'Cache-Control': 'no-store, must-revalidate, no-cache', 'Pragma': 'no-cache', 'Transfer-Encoding': 'chunked', 'Content-Type': 'application/json; charset=utf-8', 'x-ms-public-api-error-code': 'InternalServerError', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Frame-Options': 'deny', 'X-Content-Type-Options': 'nosniff', 'RequestId': '...', 'Access-Control-Expose-Headers': 'RequestId', 'Date': 'Sat, 05 Apr 2025 14:11:14 GMT'}

 

My goal is to enable Audit on SELECT actions (just for test purposes, I guess this can accumulate a lot of data, but I just want to enable it for test purposes).

 

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-audit-logs#database-level-audit-action-g...

 

 

The following does work, but this setting also audits many other actions:

 

data = [ 'BATCH_COMPLETED_GROUP' ]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

Here is the blog and docs I followed:

Introducing SQL Audit Logs for Fabric Data Warehouse | Microsoft Fabric-blogg | Microsoft Fabric

Configure SQL Audit Logs in Fabric Data Warehouse (Preview) - Microsoft Fabric | Microsoft Learn

Labels:
Message 1 of 5
978 Views
1 ACCEPTED SOLUTION
nilendraFabric
Community Champion
Community Champion

‎04-05-2025 04:13 PM

Check this

 

https://github.com/MicrosoftDocs/fabric-docs/blob/main/docs/data-warehouse/configure-sql-audit-logs....

 

 

 

 

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-audit-logs

 

try:

 


data = ["SCHEMA_OBJECT_ACCESS_GROUP"]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

-----

SELECT * FROM sys.fn_get_audit_file_v2(
'https://onelake.blob.fabric.microsoft.com/<workspaceId>/<warehouseId>/Audit/sqldbauditlogs/',
default, default, default, default)
WHERE statement_type = 'SELECT'

 

 

Other option you can try is , not documented though:

 

 

data = [{
"auditActionName": "SELECT",
"objectName": "YourTableName",
"objectType": "TABLE",
"objectSchema": "dbo" 
}]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

 

 

View solution in original post

Message 2 of 5
914 Views
4 REPLIES 4
v-bmanikante
Community Support
Community Support

‎04-21-2025 06:50 AM

Hi @frithjof_v ,

 

We would like to follow up to see if the solution provided by the super user resolved your issue. Please let us know if you need any further assistance.
If our super user response resolved your issue, please mark it as "Accept as solution" and click "Yes" if you found it helpful.

Regards,
B Manikanteswara Reddy

Message 5 of 5
446 Views
0
v-bmanikante
Community Support
Community Support

‎04-14-2025 10:06 PM

Hi @frithjof_v ,

 

We would like to follow up to see if the solution provided by the super user resolved your issue. Please let us know if you need any further assistance.
If our super user response resolved your issue, please mark it as "Accept as solution" and click "Yes" if you found it helpful.

Regards,
B Manikanteswara Reddy

Message 4 of 5
677 Views
0
v-bmanikante
Community Support
Community Support

‎04-11-2025 05:26 AM

Hi @frithjof_v ,

 

We would like to follow up to see if the solution provided by the super user resolved your issue. Please let us know if you need any further assistance.
If our super user response resolved your issue, please mark it as "Accept as solution" and click "Yes" if you found it helpful.

Regards,
B Manikanteswara Reddy

Message 3 of 5
766 Views
0
nilendraFabric
Community Champion
Community Champion

‎04-05-2025 04:13 PM

Check this

 

https://github.com/MicrosoftDocs/fabric-docs/blob/main/docs/data-warehouse/configure-sql-audit-logs....

 

 

 

 

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-audit-logs

 

try:

 


data = ["SCHEMA_OBJECT_ACCESS_GROUP"]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

-----

SELECT * FROM sys.fn_get_audit_file_v2(
'https://onelake.blob.fabric.microsoft.com/<workspaceId>/<warehouseId>/Audit/sqldbauditlogs/',
default, default, default, default)
WHERE statement_type = 'SELECT'

 

 

Other option you can try is , not documented though:

 

 

data = [{
"auditActionName": "SELECT",
"objectName": "YourTableName",
"objectType": "TABLE",
"objectSchema": "dbo" 
}]
response = client.post(url + "/setAuditActionsAndGroups", json=data)

 

 

 

Message 2 of 5
915 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

May FBC25 Carousel

Fabric Monthly Update - May 2025

Check out the May 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All