Request to add --predicate-expression argument to az sql server audit-policy update

[Brutiquzz]

Related command

az sql server audit-policy update --predicate-expression "sqlserver.server_principal_name LIKE '%@domain.com'"

Is your feature request related to a problem? Please describe. The argument --predicate-expression does not exist in the az powershell but in the AzureRM powershell it does.

As an example we are capable of:

Set-AzSqlServerAudit `
  -ResourceGroupName "someRG" `
  -ServerName "someServer" `
  -BlobStorageTargetState "Enabled" `
  -StorageAccountResourceId "someStorageAccountResourceId" `
  -PredicateExpression "sqlserver.server_principal_name LIKE '%@domain.com'"

This is a problem because AzureRM will be deprecated in 2024.

This is important to us because we are in a situation where we would like to audit only activity performed by an employee with access to azure and not our hosted services. (example could be a developer running queries in the Azure Sql Query Editor)

Perhaps you can further clarify that if we enable this audit policy with predicate expression will that stop functioning once AzureRM deprecates ? Or are we from then on just not able to create more audit policies of the like ?

Describe the solution you'd like add the argument --predicate-expression to az sql server audit-policy update as we know it from AzureRM

Describe alternatives you've considered Perhaps not your area but the entire subject of Audit policies does not seem accessible from Azure portal which would probably be preferable for transparency for other co-developers

[yonzhan]

Thank you for opening this issue, we will look into it.

[arwinlashawn]

Hi @yonzhan, keen to see this feature go live along with documented guidelines regarding expression syntax. Is there any update on this?