Firestore audit logging information

This document describes audit logging for Firestore. It describes which methods are audited and details about the audit log each method produces. It lists which methods do not produce audit logs, if any. Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. For more information, see Cloud Audit Logs overview.

Notes

To view the time it took to process a DATA_READ or DATA_WRITE request, see the processing_duration field within the metadata object of an AuditLog. processing_duration describes the time the database took to actually process a request. This is smaller than the end-user latency. In particular, it does not include network overhead.

For Listenrequests, processing_duration is only present on the Audit Log for the initial result set returned. Its absent from subsequent Audit Logs for that same Listen target.

Individual writes from import operations and TTL are not audit logged.

Service name

Firestore audit logs use the service name firestore.googleapis.com.

Methods by permission type

Firestore also includes the following operations as part of the Key Visualizer diagnostic tool. These are Data Access audit logs and have the service name firestorekeyvisualizer.googleapis.com. They are enabled by turning on DATA_READ for the firestore.googleapis.com service.

• google.cloud.keyvisualizer.KeyVisualizer.GetScan
• google.cloud.keyvisualizer.KeyVisualizer.ListScans

Methods that check DATA_READ, DATA_WRITE, and ADMIN_READ permission types generate Data Access audit logs. Methods that check ADMIN_WRITE permission types generate Admin Activity audit logs.

Permission type	Methods
ADMIN_READ	google.cloud.location.Locations.GetLocation google.cloud.location.Locations.ListLocations google.firestore.admin.v1.FirestoreAdmin.GetBackup google.firestore.admin.v1.FirestoreAdmin.GetBackupSchedule google.firestore.admin.v1.FirestoreAdmin.GetDatabase google.firestore.admin.v1.FirestoreAdmin.GetField google.firestore.admin.v1.FirestoreAdmin.GetIndex google.firestore.admin.v1.FirestoreAdmin.ListBackupSchedules google.firestore.admin.v1.FirestoreAdmin.ListBackups google.firestore.admin.v1.FirestoreAdmin.ListDatabases google.firestore.admin.v1.FirestoreAdmin.ListFields google.firestore.admin.v1.FirestoreAdmin.ListIndexes google.firestore.admin.v1beta1.FirestoreAdmin.GetIndex google.firestore.admin.v1beta1.FirestoreAdmin.ListIndexes google.firestore.admin.v1beta2.FirestoreAdmin.GetField google.firestore.admin.v1beta2.FirestoreAdmin.GetIndex google.firestore.admin.v1beta2.FirestoreAdmin.ListFields google.firestore.admin.v1beta2.FirestoreAdmin.ListIndexes google.longrunning.Operations.GetOperation google.longrunning.Operations.ListOperations
ADMIN_WRITE	google.firestore.admin.v1.FirestoreAdmin.CreateBackupSchedule google.firestore.admin.v1.FirestoreAdmin.CreateDatabase google.firestore.admin.v1.FirestoreAdmin.CreateIndex google.firestore.admin.v1.FirestoreAdmin.DeleteBackup google.firestore.admin.v1.FirestoreAdmin.DeleteBackupSchedule google.firestore.admin.v1.FirestoreAdmin.DeleteDatabase google.firestore.admin.v1.FirestoreAdmin.DeleteIndex google.firestore.admin.v1.FirestoreAdmin.ExportDocuments google.firestore.admin.v1.FirestoreAdmin.ImportDocuments google.firestore.admin.v1.FirestoreAdmin.RestoreDatabase google.firestore.admin.v1.FirestoreAdmin.UpdateBackupSchedule google.firestore.admin.v1.FirestoreAdmin.UpdateDatabase google.firestore.admin.v1.FirestoreAdmin.UpdateField google.firestore.admin.v1beta1.FirestoreAdmin.CreateIndex google.firestore.admin.v1beta1.FirestoreAdmin.DeleteIndex google.firestore.admin.v1beta1.FirestoreAdmin.ExportDocuments google.firestore.admin.v1beta1.FirestoreAdmin.ImportDocuments google.firestore.admin.v1beta2.FirestoreAdmin.CreateIndex google.firestore.admin.v1beta2.FirestoreAdmin.DeleteIndex google.firestore.admin.v1beta2.FirestoreAdmin.ExportDocuments google.firestore.admin.v1beta2.FirestoreAdmin.ImportDocuments google.firestore.admin.v1beta2.FirestoreAdmin.UpdateField google.longrunning.Operations.CancelOperation google.longrunning.Operations.DeleteOperation
DATA_READ	google.firestore.v1.Firestore.BatchGetDocuments google.firestore.v1.Firestore.BeginTransaction google.firestore.v1.Firestore.GetDocument google.firestore.v1.Firestore.ListCollectionIds google.firestore.v1.Firestore.ListDocuments google.firestore.v1.Firestore.Listen google.firestore.v1.Firestore.PartitionQuery google.firestore.v1.Firestore.Rollback google.firestore.v1.Firestore.RunAggregationQuery google.firestore.v1.Firestore.RunQuery google.firestore.v1beta1.Firestore.BatchGetDocuments google.firestore.v1beta1.Firestore.BeginTransaction google.firestore.v1beta1.Firestore.GetDocument google.firestore.v1beta1.Firestore.ListCollectionIds google.firestore.v1beta1.Firestore.ListDocuments google.firestore.v1beta1.Firestore.PartitionQuery google.firestore.v1beta1.Firestore.Rollback google.firestore.v1beta1.Firestore.RunAggregationQuery google.firestore.v1beta1.Firestore.RunQuery
DATA_WRITE	google.firestore.v1.Firestore.BatchWrite google.firestore.v1.Firestore.Commit google.firestore.v1.Firestore.CreateDocument google.firestore.v1.Firestore.DeleteDocument google.firestore.v1.Firestore.UpdateDocument google.firestore.v1.Firestore.Write google.firestore.v1beta1.Firestore.BatchWrite google.firestore.v1beta1.Firestore.Commit google.firestore.v1beta1.Firestore.CreateDocument google.firestore.v1beta1.Firestore.DeleteDocument google.firestore.v1beta1.Firestore.UpdateDocument

Audit logs for each API interface

For more information about which permissions are evaluated for each method, see the Identity and Access Management documentation for Firestore.

google.cloud.location.Locations

The following section contains details about audit logs associated with methods belonging to google.cloud.location.Locations.

google.cloud.location.Locations.GetLocation

• Method: google.cloud.location.Locations.GetLocation
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.locations.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.cloud.location.Locations.GetLocation"
  

google.cloud.location.Locations.ListLocations

• Method: google.cloud.location.Locations.ListLocations
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.locations.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.cloud.location.Locations.ListLocations"
  

google.firestore.admin.v1.FirestoreAdmin

The following section contains details about audit logs associated with methods belonging to google.firestore.admin.v1.FirestoreAdmin.

google.firestore.admin.v1.FirestoreAdmin.CreateBackupSchedule

• Method: google.firestore.admin.v1.FirestoreAdmin.CreateBackupSchedule
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.backupSchedules.create - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.CreateBackupSchedule"
  

google.firestore.admin.v1.FirestoreAdmin.CreateDatabase

• Method: google.firestore.admin.v1.FirestoreAdmin.CreateDatabase
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.create - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.CreateDatabase"
  

google.firestore.admin.v1.FirestoreAdmin.CreateIndex

• Method: google.firestore.admin.v1.FirestoreAdmin.CreateIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.create - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.CreateIndex"
  

google.firestore.admin.v1.FirestoreAdmin.DeleteBackup

• Method: google.firestore.admin.v1.FirestoreAdmin.DeleteBackup
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.backups.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.DeleteBackup"
  

google.firestore.admin.v1.FirestoreAdmin.DeleteBackupSchedule

• Method: google.firestore.admin.v1.FirestoreAdmin.DeleteBackupSchedule
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.backupSchedules.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.DeleteBackupSchedule"
  

google.firestore.admin.v1.FirestoreAdmin.DeleteDatabase

• Method: google.firestore.admin.v1.FirestoreAdmin.DeleteDatabase
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.DeleteDatabase"
  

google.firestore.admin.v1.FirestoreAdmin.DeleteIndex

• Method: google.firestore.admin.v1.FirestoreAdmin.DeleteIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.DeleteIndex"
  

google.firestore.admin.v1.FirestoreAdmin.ExportDocuments

• Method: google.firestore.admin.v1.FirestoreAdmin.ExportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.export - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ExportDocuments"
  

google.firestore.admin.v1.FirestoreAdmin.GetBackup

• Method: google.firestore.admin.v1.FirestoreAdmin.GetBackup
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.backups.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.GetBackup"
  

google.firestore.admin.v1.FirestoreAdmin.GetBackupSchedule

• Method: google.firestore.admin.v1.FirestoreAdmin.GetBackupSchedule
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.backupSchedules.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.GetBackupSchedule"
  

google.firestore.admin.v1.FirestoreAdmin.GetDatabase

• Method: google.firestore.admin.v1.FirestoreAdmin.GetDatabase
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.getMetadata - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.GetDatabase"
  

google.firestore.admin.v1.FirestoreAdmin.GetField

• Method: google.firestore.admin.v1.FirestoreAdmin.GetField
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.GetField"
  

google.firestore.admin.v1.FirestoreAdmin.GetIndex

• Method: google.firestore.admin.v1.FirestoreAdmin.GetIndex
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.GetIndex"
  

google.firestore.admin.v1.FirestoreAdmin.ImportDocuments

• Method: google.firestore.admin.v1.FirestoreAdmin.ImportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.import - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ImportDocuments"
  

google.firestore.admin.v1.FirestoreAdmin.ListBackupSchedules

• Method: google.firestore.admin.v1.FirestoreAdmin.ListBackupSchedules
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.backupSchedules.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ListBackupSchedules"
  

google.firestore.admin.v1.FirestoreAdmin.ListBackups

• Method: google.firestore.admin.v1.FirestoreAdmin.ListBackups
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.backups.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ListBackups"
  

google.firestore.admin.v1.FirestoreAdmin.ListDatabases

• Method: google.firestore.admin.v1.FirestoreAdmin.ListDatabases
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ListDatabases"
  

google.firestore.admin.v1.FirestoreAdmin.ListFields

• Method: google.firestore.admin.v1.FirestoreAdmin.ListFields
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ListFields"
  

google.firestore.admin.v1.FirestoreAdmin.ListIndexes

• Method: google.firestore.admin.v1.FirestoreAdmin.ListIndexes
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.ListIndexes"
  

google.firestore.admin.v1.FirestoreAdmin.RestoreDatabase

• Method: google.firestore.admin.v1.FirestoreAdmin.RestoreDatabase
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.backups.restoreDatabase - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.RestoreDatabase"
  

google.firestore.admin.v1.FirestoreAdmin.UpdateBackupSchedule

• Method: google.firestore.admin.v1.FirestoreAdmin.UpdateBackupSchedule
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.backupSchedules.update - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.UpdateBackupSchedule"
  

google.firestore.admin.v1.FirestoreAdmin.UpdateDatabase

• Method: google.firestore.admin.v1.FirestoreAdmin.UpdateDatabase
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.update - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.UpdateDatabase"
  

google.firestore.admin.v1.FirestoreAdmin.UpdateField

• Method: google.firestore.admin.v1.FirestoreAdmin.UpdateField
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.update - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1.FirestoreAdmin.UpdateField"
  

google.firestore.admin.v1beta1.FirestoreAdmin

The following section contains details about audit logs associated with methods belonging to google.firestore.admin.v1beta1.FirestoreAdmin.

google.firestore.admin.v1beta1.FirestoreAdmin.CreateIndex

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.CreateIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.create - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.CreateIndex"
  

google.firestore.admin.v1beta1.FirestoreAdmin.DeleteIndex

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.DeleteIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.DeleteIndex"
  

google.firestore.admin.v1beta1.FirestoreAdmin.ExportDocuments

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.ExportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.export - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.ExportDocuments"
  

google.firestore.admin.v1beta1.FirestoreAdmin.GetIndex

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.GetIndex
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.GetIndex"
  

google.firestore.admin.v1beta1.FirestoreAdmin.ImportDocuments

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.ImportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.import - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.ImportDocuments"
  

google.firestore.admin.v1beta1.FirestoreAdmin.ListIndexes

• Method: google.firestore.admin.v1beta1.FirestoreAdmin.ListIndexes
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta1.FirestoreAdmin.ListIndexes"
  

google.firestore.admin.v1beta2.FirestoreAdmin

The following section contains details about audit logs associated with methods belonging to google.firestore.admin.v1beta2.FirestoreAdmin.

google.firestore.admin.v1beta2.FirestoreAdmin.CreateIndex

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.CreateIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.create - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.CreateIndex"
  

google.firestore.admin.v1beta2.FirestoreAdmin.DeleteIndex

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.DeleteIndex
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.DeleteIndex"
  

google.firestore.admin.v1beta2.FirestoreAdmin.ExportDocuments

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.ExportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.export - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.ExportDocuments"
  

google.firestore.admin.v1beta2.FirestoreAdmin.GetField

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.GetField
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.GetField"
  

google.firestore.admin.v1beta2.FirestoreAdmin.GetIndex

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.GetIndex
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.GetIndex"
  

google.firestore.admin.v1beta2.FirestoreAdmin.ImportDocuments

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.ImportDocuments
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.databases.import - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.ImportDocuments"
  

google.firestore.admin.v1beta2.FirestoreAdmin.ListFields

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.ListFields
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.ListFields"
  

google.firestore.admin.v1beta2.FirestoreAdmin.ListIndexes

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.ListIndexes
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.indexes.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.ListIndexes"
  

google.firestore.admin.v1beta2.FirestoreAdmin.UpdateField

• Method: google.firestore.admin.v1beta2.FirestoreAdmin.UpdateField
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.indexes.update - ADMIN_WRITE
• Method is a long-running or streaming operation: Long running operation
  
• Filter for this method: protoPayload.methodName="google.firestore.admin.v1beta2.FirestoreAdmin.UpdateField"
  

google.firestore.v1.Firestore

The following section contains details about audit logs associated with methods belonging to google.firestore.v1.Firestore.

google.firestore.v1.Firestore.BatchGetDocuments

• Method: google.firestore.v1.Firestore.BatchGetDocuments
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.BatchGetDocuments"
  

google.firestore.v1.Firestore.BatchWrite

• Method: google.firestore.v1.Firestore.BatchWrite
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.delete - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.BatchWrite"
  

google.firestore.v1.Firestore.BeginTransaction

• Method: google.firestore.v1.Firestore.BeginTransaction
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.BeginTransaction"
  

google.firestore.v1.Firestore.Commit

• Method: google.firestore.v1.Firestore.Commit
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.delete - DATA_WRITE
  • datastore.entities.get - DATA_READ
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.Commit"
  

google.firestore.v1.Firestore.CreateDocument

• Method: google.firestore.v1.Firestore.CreateDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.allocateIds - DATA_WRITE
  • datastore.entities.create - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.CreateDocument"
  

google.firestore.v1.Firestore.DeleteDocument

• Method: google.firestore.v1.Firestore.DeleteDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.delete - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.DeleteDocument"
  

google.firestore.v1.Firestore.GetDocument

• Method: google.firestore.v1.Firestore.GetDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.GetDocument"
  

google.firestore.v1.Firestore.ListCollectionIds

• Method: google.firestore.v1.Firestore.ListCollectionIds
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.ListCollectionIds"
  

google.firestore.v1.Firestore.ListDocuments

• Method: google.firestore.v1.Firestore.ListDocuments
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.ListDocuments"
  

google.firestore.v1.Firestore.Listen

• Method: google.firestore.v1.Firestore.Listen
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.Listen"
  
• Notes:

  Listen is a long-lived RPC that combines multiple streaming targets. Each target is a query or a set of document keys. The stream for each target includes an initial result set and a sequence of updates, additions, and removals to the result set. The targets are the relevant audit unit. Firestore audits each target as follows:

  • When the target is added, emit a log entry with the targets query or document key set. In these entries, operation.first is true. This audit log is omitted when the stream is a resumption of an earlier Listen target stream.
  • Emit periodic updates reporting the count of updates since the last audit log for this target.
  • Emit a log entry when the target is removed from the stream, either explicitly or due to the termination for the Listen RPC. This log entry reports the count of updates since the last audit log for this target. In these entries, operation.last is true.
  • The emitted log entries use the same operation.id.

google.firestore.v1.Firestore.PartitionQuery

• Method: google.firestore.v1.Firestore.PartitionQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.PartitionQuery"
  

google.firestore.v1.Firestore.Rollback

• Method: google.firestore.v1.Firestore.Rollback
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.Rollback"
  

google.firestore.v1.Firestore.RunAggregationQuery

• Method: google.firestore.v1.Firestore.RunAggregationQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.RunAggregationQuery"
  

google.firestore.v1.Firestore.RunQuery

• Method: google.firestore.v1.Firestore.RunQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.RunQuery"
  
• Notes: RunQuery is a short-lived streaming RPC and emits a log entry when the last message (document) is sent.

google.firestore.v1.Firestore.UpdateDocument

• Method: google.firestore.v1.Firestore.UpdateDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.UpdateDocument"
  

google.firestore.v1.Firestore.Write

• Method: google.firestore.v1.Firestore.Write
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.delete - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1.Firestore.Write"
  
• Notes: Write emits a log entry for every message received as each message corresponds to an independent write to the database. The emitted log entries use the same operation.id.

google.firestore.v1beta1.Firestore

The following section contains details about audit logs associated with methods belonging to google.firestore.v1beta1.Firestore.

google.firestore.v1beta1.Firestore.BatchGetDocuments

• Method: google.firestore.v1beta1.Firestore.BatchGetDocuments
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.BatchGetDocuments"
  

google.firestore.v1beta1.Firestore.BatchWrite

• Method: google.firestore.v1beta1.Firestore.BatchWrite
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.BatchWrite"
  

google.firestore.v1beta1.Firestore.BeginTransaction

• Method: google.firestore.v1beta1.Firestore.BeginTransaction
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.BeginTransaction"
  

google.firestore.v1beta1.Firestore.Commit

• Method: google.firestore.v1beta1.Firestore.Commit
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.delete - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.Commit"
  

google.firestore.v1beta1.Firestore.CreateDocument

• Method: google.firestore.v1beta1.Firestore.CreateDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.allocateIds - DATA_WRITE
  • datastore.entities.create - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.CreateDocument"
  

google.firestore.v1beta1.Firestore.DeleteDocument

• Method: google.firestore.v1beta1.Firestore.DeleteDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.delete - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.DeleteDocument"
  

google.firestore.v1beta1.Firestore.GetDocument

• Method: google.firestore.v1beta1.Firestore.GetDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.GetDocument"
  

google.firestore.v1beta1.Firestore.ListCollectionIds

• Method: google.firestore.v1beta1.Firestore.ListCollectionIds
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.ListCollectionIds"
  

google.firestore.v1beta1.Firestore.ListDocuments

• Method: google.firestore.v1beta1.Firestore.ListDocuments
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.ListDocuments"
  

google.firestore.v1beta1.Firestore.PartitionQuery

• Method: google.firestore.v1beta1.Firestore.PartitionQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.PartitionQuery"
  

google.firestore.v1beta1.Firestore.Rollback

• Method: google.firestore.v1beta1.Firestore.Rollback
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.Rollback"
  

google.firestore.v1beta1.Firestore.RunAggregationQuery

• Method: google.firestore.v1beta1.Firestore.RunAggregationQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.RunAggregationQuery"
  

google.firestore.v1beta1.Firestore.RunQuery

• Method: google.firestore.v1beta1.Firestore.RunQuery
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.get - DATA_READ
  • datastore.entities.list - DATA_READ
• Method is a long-running or streaming operation: Streaming RPC
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.RunQuery"
  
• Notes: RunQuery is a short-lived streaming RPC and emits a log entry when the last message (document) is sent.

google.firestore.v1beta1.Firestore.UpdateDocument

• Method: google.firestore.v1beta1.Firestore.UpdateDocument
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.databases.get - DATA_READ
  • datastore.entities.create - DATA_WRITE
  • datastore.entities.update - DATA_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.firestore.v1beta1.Firestore.UpdateDocument"
  

google.longrunning.Operations

The following section contains details about audit logs associated with methods belonging to google.longrunning.Operations.

google.longrunning.Operations.CancelOperation

• Method: google.longrunning.Operations.CancelOperation
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.operations.cancel - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.longrunning.Operations.CancelOperation"
  

google.longrunning.Operations.DeleteOperation

• Method: google.longrunning.Operations.DeleteOperation
  
• Audit log Type: Admin activity
  
• Permissions:
  • datastore.operations.delete - ADMIN_WRITE
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.longrunning.Operations.DeleteOperation"
  

google.longrunning.Operations.GetOperation

• Method: google.longrunning.Operations.GetOperation
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.operations.get - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.longrunning.Operations.GetOperation"
  

google.longrunning.Operations.ListOperations

• Method: google.longrunning.Operations.ListOperations
  
• Audit log Type: Data access
  
• Permissions:
  • datastore.operations.list - ADMIN_READ
• Method is a long-running or streaming operation: No.
  
• Filter for this method: protoPayload.methodName="google.longrunning.Operations.ListOperations"
  

Identify request callers

Audit Log entries include information about the identity that performed the logged operation. To identify a request caller, see the following fields within an AuditLog object:

• The caller's identity is held in the AuthenticationInfo field. This can include the principalEmail of the user. This information is sometimes redacted.

  If a JSON Web Token (JWT) was used for third-party authentication, the thirdPartyPrincipal field includes the token's header and payload. For example, audit logs for requests authenticated with Firebase Authentication include that request's auth token.

• The callerIp field within the requestMetadata object of an AuditLog entry includes the IP address of the caller.