public sealed class AuditConfig : IMessage<AuditConfig>, IEquatable<AuditConfig>, IDeepCloneable<AuditConfig>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Identity and Access Management (IAM) v1 API class AuditConfig.
Specifies the audit configuration for a service.
The configuration determines which permission types are logged, and what
identities, if any, are exempted from logging.
An AuditConfig must have one or more AuditLogConfigs.
If there are AuditConfigs for both allServices and a specific service,
the union of the two AuditConfigs is used for that service: the log_types
specified in each AuditConfig are enabled, and the exempted_members in each
AuditLogConfig are exempted.
For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
logging. It also exempts jose@example.com from DATA_READ logging, and
aliya@example.com from DATA_WRITE logging.
Specifies a service that will be enabled for audit logging.
For example, storage.googleapis.com, cloudsql.googleapis.com.
allServices is a special value that covers all services.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eAuditConfig\u003c/code\u003e class in the Google Cloud IAM v1 API specifies audit logging configurations for services, including which permission types are logged and which identities are exempted.\u003c/p\u003e\n"],["\u003cp\u003eAudit configurations can be set for individual services or globally using \u003ccode\u003eallServices\u003c/code\u003e, and the effective configuration for a specific service is the union of both.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAuditConfig\u003c/code\u003e allows for the specification of multiple \u003ccode\u003eAuditLogConfigs\u003c/code\u003e, each defining a \u003ccode\u003elog_type\u003c/code\u003e and optionally listing \u003ccode\u003eexempted_members\u003c/code\u003e who are excluded from logging.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAuditConfig\u003c/code\u003e class is part of the \u003ccode\u003eGoogle.Cloud.Iam.V1\u003c/code\u003e namespace, and it includes properties like \u003ccode\u003eAuditLogConfigs\u003c/code\u003e and \u003ccode\u003eService\u003c/code\u003e to manage the logging configuration.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the AuditConfig class documentation is version 3.4.0, with previous versions available for review dating back to 2.2.0.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Identity and Access Management (IAM) v1 API - Class AuditConfig (3.4.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.4.0 (latest)](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.AuditConfig)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.3.0/Google.Cloud.Iam.V1.AuditConfig)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.2.0/Google.Cloud.Iam.V1.AuditConfig)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.1.0/Google.Cloud.Iam.V1.AuditConfig)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.0.0/Google.Cloud.Iam.V1.AuditConfig)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.4.0/Google.Cloud.Iam.V1.AuditConfig)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.3.0/Google.Cloud.Iam.V1.AuditConfig)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.2.0/Google.Cloud.Iam.V1.AuditConfig) \n\n public sealed class AuditConfig : IMessage\u003cAuditConfig\u003e, IEquatable\u003cAuditConfig\u003e, IDeepCloneable\u003cAuditConfig\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Identity and Access Management (IAM) v1 API class AuditConfig.\n\nSpecifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs: \n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts `jose@example.com` from DATA_READ logging, and\n`aliya@example.com` from DATA_WRITE logging. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e AuditConfig \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[AuditConfig](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.AuditConfig), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[AuditConfig](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.AuditConfig), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[AuditConfig](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.AuditConfig), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Iam.V1](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Iam.V1.dll\n\nConstructors\n------------\n\n### AuditConfig()\n\n public AuditConfig()\n\n### AuditConfig(AuditConfig)\n\n public AuditConfig(AuditConfig other)\n\nProperties\n----------\n\n### AuditLogConfigs\n\n public RepeatedField\u003cAuditLogConfig\u003e AuditLogConfigs { get; }\n\nThe configuration for logging of each type of permission.\n\n### Service\n\n public string Service { get; set; }\n\nSpecifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services."]]
