I'm trying to identify events in the audit logs that correspond to granting permissions for dashboards, genie spaces, and folders. Based on the documentation, my understanding is that I should be looking for the following:
serviceName: 'unityCatalog'
actionName: 'updatePermissions'
A filter on request_params.securable_type with values like 'DASHBOARD' or 'DIRECTORY'.
However, when I query our system.access.audit table, the securable_type key doesn't seem to be present in the request_params field for these events. Has anyone had any experience locating these specific permissions changes?
