Add access_history and polish history tables (#2434)

dqhl76 · web-flow · commit e73a946e22b4 · 2025-06-13T14:55:34.000+08:00
* Add `system_history.access_history` table and polish config

* polish access-history

* Polish other history tables to keep style consistency

* polish
diff --git a/docs/en/guides/10-deploy/04-references/02-node-config/02-query-config.md b/docs/en/guides/10-deploy/04-references/02-node-config/02-query-config.md
@@ -109,9 +109,10 @@ The following is a list of the parameters available within the [log.history] sec
 | Parameter         | Description                                                                                                                                                      |
 | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | on                | Enables or disables the history logging feature. Defaults to false. Set to true to enable history tables.                                                        |
+| log_only          | Nodes with enabled will delegate transformation tasks to other nodes, reducing their own workload.                                                               |
 | interval          | Specifies the interval (in seconds) at which the history log is flushed. Defaults to 2.                                                                          |
 | stage_name        | Specifies the name of the staging area that temporarily holds log data before it is finally copied into the table. Defaults to a unique value to avoid conflicts.|
-| level             | Sets the log level  (DEBUG, TRACE, INFO, WARN, or ERROR)  for history logging. Defaults to WARN.                                                                 |
+| level             | Sets the log level (DEBUG, TRACE, INFO, WARN, or ERROR) for history logging. Defaults to WARN.                                                                   |
 | retention_interval| The interval (in hours) at which the retention process is triggered to check if need to clean up old data. Defaults to 24.                                       |
 | tables            | Specifies which history tables to enable and their retention policies. This is an array of objects, each with table_name (the name of the history table) and retention (the retention period in hours for that table). |
 
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/access-history.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/access-history.md
@@ -0,0 +1,84 @@
+---
+title: system_history.access_history
+---
+
+This table provides detailed logging of objects accessed and modified by each query, including tables, columns, and stages, as part of the query metadata. It provides structured information about DDL and DML operations to enhance auditing.
+
+
+## Fields
+
+| Field                   | Type      | Description                                                                 |
+|-------------------------|-----------|-----------------------------------------------------------------------------|
+| query_id                | VARCHAR   | The ID of the query.                                                        |
+| query_start             | TIMESTAMP | The start time of the query.                                                |
+| user_name               | VARCHAR   | The name of the user who executed the query.                                |
+| base_objects_accessed   | VARIANT   | The objects accessed by the query.                                          |
+| direct_objects_accessed | VARIANT   | Reserved for future use; currently not in use.                              |
+| objects_modified        | VARIANT   | The objects modified by the query.                                          |
+| object_modified_by_ddl  | VARIANT   | The objects modified by the DDL (e.g `CREATE TABLE`, `ALTER TABLE`).        |
+
+The fields `base_objects_accessed`, `objects_modified`, and `object_modified_by_ddl` are all arrays of JSON objects. Each object may include the following fields:
+
+- `object_domain`: The type of object, one of [`Database`, `Table`, `Stage`].
+- `object_name`: The name of the object. For stages, this is the stage name.
+- `columns`: Column information, present only when `object_domain` is `Table`.
+- `stage_type`: The type of stage, present only when `object_domain` is `Stage`.
+- `operation_type`: The DDL operation type, one of [`Create`, `Alter`, `Drop`, `Undrop`], present only in the `object_modified_by_ddl` field.
+- `properties`: Detailed information about the DDL operation, present only in the `object_modified_by_ddl` field.
+
+## Examples
+
+
+```sql
+CREATE TABLE t (a INT, b string);
+```
+
+Will be recorded as:
+
+```
+               query_id: c2c1c7be-cee4-4868-a28e-8862b122c365
+            query_start: 2025-06-12 03:31:19.042128
+              user_name: root
+  base_objects_accessed: []
+direct_objects_accessed: []
+       objects_modified: []
+ object_modified_by_ddl: [{"object_domain":"Table","object_name":"default.default.t","operation_type":"Create","properties":{"columns":[{"column_name":"a","sub_operation_type":"Add"},{"column_name":"b","sub_operation_type":"Add"}],"create_options":{"compression":"zstd","database_id":"1","storage_format":"parquet"}}}]
+```
+
+`CREATE TABLE` is a DDL operation, so it will be recorded in the `object_modified_by_ddl` field.
+
+
+```sql
+INSERT INTO t VALUES (1, 'book');
+```
+
+Will be recorded as:
+
+```
+               query_id: e92ebc00-a07e-4138-92a9-ea17a06f0165
+            query_start: 2025-06-12 03:31:29.849848
+              user_name: root
+  base_objects_accessed: []
+direct_objects_accessed: []
+       objects_modified: [{"columns":[{"column_name":"a"},{"column_name":"b"}],"object_domain":"Table","object_name":"default.default.t"}]
+ object_modified_by_ddl: []
+```
+
+`INSERT INTO` is a DML operation, so it will be recorded in the `objects_modified` field.
+
+
+```sql
+COPY INTO @s FROM t;
+```
+
+```
+               query_id: 7fd74374-c04a-4989-a6f7-bfe8cc27e511
+            query_start: 2025-06-12 03:32:25.682248
+              user_name: root
+  base_objects_accessed: [{"columns":[{"column_name":"a"},{"column_name":"b"}],"object_domain":"Table","object_name":"default.default.t"}]
+direct_objects_accessed: []
+       objects_modified: [{"object_domain":"Stage","object_name":"s","stage_type":"Internal"}]
+ object_modified_by_ddl: []
+```
+
+The `COPY INTO` operation from table `t` to internal stage `s` involves both read and write actions. After executing this query, the source table will be recorded in the `base_objects_accessed` field, and the target stage will be recorded in the `objects_modified` field.
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/index.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/index.md
@@ -18,6 +18,7 @@ System history tables store persistent data in the `system_history` schema for a
 | [system_history.query_history](query-history.md)    | Stores structured details of query execution.                   |
 | [system_history.profile_history](profile-history.md)| Stores detailed query execution profiles and statistics.        |
 | [system_history.login_history](login-history.md)    | Records information about user login events.                    |
+| [system_history.access_history](access-history.md)  | Stores information about query access events.                   |
 
 ## Enabling System History Tables
 
@@ -51,7 +52,7 @@ table_name = "login_history"
 retention = 168
 ```
 
-> **Note:** The `log_history` table is enabled by default when history logging is turned on.
+> **Note:** The `log_history` table is enabled by default when history logging is turned on. The `level` configuration determines the number of log entries stored in the log_history table. A more detailed level will result in more entries.
 
 
 For more details about configuration options, see [Query Configuration: [log.history] Section](/guides/deploy/references/node-config/query-config#loghistory-section).
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/log-history.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/log-history.md
@@ -6,27 +6,36 @@ Stores raw log entries ingested from various nodes. This table acts as the prima
 
 All the other log tables are derived from this table, the difference is that other log tables will do some transformations to make the data more structured.
 
-```sql
-DESCRIBE system_history.log_history;
-
-╭──────────────────────────────────────────────────────╮
-│     Field    │    Type   │  Null  │ Default │  Extra │
-│    String    │   String  │ String │  String │ String │
-├──────────────┼───────────┼────────┼─────────┼────────┤
-│ timestamp    │ TIMESTAMP │ YES    │ NULL    │        │
-│ path         │ VARCHAR   │ YES    │ NULL    │        │
-│ target       │ VARCHAR   │ YES    │ NULL    │        │
-│ log_level    │ VARCHAR   │ YES    │ NULL    │        │
-│ cluster_id   │ VARCHAR   │ YES    │ NULL    │        │
-│ node_id      │ VARCHAR   │ YES    │ NULL    │        │
-│ warehouse_id │ VARCHAR   │ YES    │ NULL    │        │
-│ query_id     │ VARCHAR   │ YES    │ NULL    │        │
-│ message      │ VARCHAR   │ YES    │ NULL    │        │
-│ fields       │ VARIANT   │ YES    │ NULL    │        │
-│ batch_number │ BIGINT    │ YES    │ NULL    │        │
-╰──────────────────────────────────────────────────────╯
+## Fields
+
+| Field        | Type      | Description                                      |
+|--------------|-----------|--------------------------------------------------|
+| timestamp    | TIMESTAMP | The timestamp when the log entry was recorded    |
+| path         | VARCHAR   | Source file path and line number of the log      |
+| target       | VARCHAR   | Target module or component of the log            |
+| log_level    | VARCHAR   | Log level (e.g., `INFO`, `ERROR`)                    |
+| cluster_id   | VARCHAR   | Identifier of the cluster                        |
+| node_id      | VARCHAR   | Identifier of the node                           |
+| warehouse_id | VARCHAR   | Identifier of the warehouse                      |
+| query_id     | VARCHAR   | Query ID associated with the log                 |
+| message      | VARCHAR   | Log message content                              |
+| fields       | VARIANT   | Additional fields (as a JSON object)             |
+| batch_number | BIGINT    | Internal use, no special meaning                 |
+
+Note: The `message` field stores plain text logs, while the `fields` field stores logs in JSON format.
+
+For example, the `fields` field of a log entry might look like:
+```
+fields: {"node_id":"8R5ZMF8q0HHE6x9H7U1gr4","query_id":"72d2319a-b6d6-4b1d-8694-670137a40d87","session_id":"189fd3e2-e6ac-48c3-97ef-73094c141312","sql":"select * from system_history.log_history"}
 ```
 
+the `message` field of another log entry might appear as follows:
+```
+message: [HTTP-QUERY] Preparing to plan SQL query
+```
+
+## Examples
+
 ```sql
 SELECT * FROM system_history.log_history LIMIT 1;
 
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/login-history.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/login-history.md
@@ -4,6 +4,25 @@ title: system_history.login_history
 
 Records all login attempts in the system, including successful and failed login attempts. This table is useful for auditing user access and troubleshooting authentication issues.
 
+
+## Fields
+
+| Field          | Type      | Description                                                    |
+|----------------|-----------|------------------------------------------------------------    |
+| event_time     | TIMESTAMP | The timestamp when the login event occurred                    |
+| handler        | VARCHAR   | The protocol or handler used for the login (e.g., `HTTP`)      |
+| event_type     | VARCHAR   | The type of login event (e.g., `LoginSuccess`, `LoginFailed`)  |
+| connection_uri | VARCHAR   | The URI used for the connection                    |
+| auth_type      | VARCHAR   | The authentication method used (e.g., Password)                |
+| user_name      | VARCHAR   | The name of the user attempting to log in                      |
+| client_ip      | VARCHAR   | The IP address of the client                                   |
+| user_agent     | VARCHAR   | The user agent string of the client                            |
+| session_id     | VARCHAR   | The session ID associated with the login attempt               |
+| node_id        | VARCHAR   | The node ID where the login was processed                      |
+| error_message  | VARCHAR   | The error message if the login failed                          |
+
+## Examples
+
 Login successful example:
 ```sql
 SELECT * FROM system_history.login_history LIMIT 1;
@@ -12,7 +31,7 @@ SELECT * FROM system_history.login_history LIMIT 1;
     event_time: 2025-06-03 06:04:57.353108
        handler: HTTP
     event_type: LoginSuccess
-connection_uri: /query
+connection_uri: /session/login?disable_session_token=true
      auth_type: Password
      user_name: root
      client_ip: 127.0.0.1
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/profile-history.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/profile-history.md
@@ -3,21 +3,19 @@ title: system_history.profile_history
 ---
 Stores detailed execution profiles for SQL queries in Databend. Each entry provides performance metrics and execution statistics, allowing users to analyze and optimize query performance.
 
-The `profiles` field contains a JSON object with detailed information.
+## Fields
 
-```sql
-DESCRIBE system_history.profile_history;
-
-╭─────────────────────────────────────────────────────────╮
-│      Field      │    Type   │  Null  │ Default │  Extra │
-│      String     │   String  │ String │  String │ String │
-├─────────────────┼───────────┼────────┼─────────┼────────┤
-│ timestamp       │ TIMESTAMP │ YES    │ NULL    │        │
-│ query_id        │ VARCHAR   │ YES    │ NULL    │        │
-│ profiles        │ VARIANT   │ YES    │ NULL    │        │
-│ statistics_desc │ VARIANT   │ YES    │ NULL    │        │
-╰─────────────────────────────────────────────────────────╯
-```
+
+| Field           | Type      | Description                                                                 |
+|-----------------|-----------|-----------------------------------------------------------------------------|
+| timestamp       | TIMESTAMP | The timestamp when the profile was recorded                                 |
+| query_id        | VARCHAR   | The ID of the query associated with this profile                            |
+| profiles        | VARIANT   | A JSON object containing detailed execution profile information             |
+| statistics_desc | VARIANT   | A JSON object describing statistics format                                  |
+
+
+
+## Examples
 
 The `profiles` field can be used to extract specific information. For example, to get the `OutputRows` value for every physical plan, the following query can be used:
 ```sql
diff --git a/docs/en/sql-reference/00-sql-reference/32-system-history-tables/query-history.md b/docs/en/sql-reference/00-sql-reference/32-system-history-tables/query-history.md
