We need to implement an event-based trigger system that can detect any manual intervention performed by users. Upon detection of such an event, the system should automatically send a warning email. The events can be generated through DLT or other processes.
However, we are specifically avoiding SQL-based alerts at the workflow level because querying large datasets from system tables could be cost-prohibitive and result in performance degradation, especially for events that generate substantial data volumes.
An example of a query that is currently under consideration is:
select * from system.access.audit
where action_name like '%Group%' and user_identity.email != 'e9db3613-14b1-46b2-a6dc-593b139f32e9'
limit 50;
This query identifies user actions, but executing it on large datasets could lead to inefficiencies. Thus, a more efficient event-based approach is required.