Quickstart

This page shows you how to set up Access Approval using the Google Cloud Platform Console to receive email notifications of access requests on a project.

Before you begin

  1. In the GCP Console, on the project selector page, click Create to begin creating a new GCP project.

    Go to the project selector page

  2. Enable Access Transparency on the project you wish to apply it to.
  3. Contact Sales or Support, or request registration here. In order to be eligible to use Access Approval, you must have Platinum or Enterprise support in place.
  4. Ensure that you have been granted the Access Approval Config Admin IAM role.
  5. Enable the Access Approval API.

    Enable the API

Setting up email notifications

  1. Select Security and then Access Approval in the Google Cloud Platform Console. Go to the Access Approval page

  2. On the top right hand corner of the panel is a button labelled Notifications. Use this panel to add users who you would like to receive notifications on your behalf.

Approving access approval requests

To approve an Access Approval request, follow these steps:

  1. Go to the IAM section in the Google Cloud Platform Console for your project.

    Go to the IAM page

  2. Grant whoever will be performing approvals for the project (either a service account or human user) the IAM role Access Approvals Approver on the project, folder, or organization that you would like the person to have the role for.

  3. Under Security, go to Access Approval in the Google Cloud Platform Console to see all your current approval requests.

    • You can also click the link in the email sent to you with the approval request to be taken to this page.
  4. To approve a request, press the Approve button. You also have the option of dismissing the request, but this is optional; access continues to be denied even if you do not dismiss the request (subject to the bypass mechanisms detailed in the Overview. If you do not approve the access within 14 days, requests are automatically dismissed.

  5. Once the request is approved the request will become 'approved'. Any Google employee with characteristics matching the approval (for example, same justification, same location, desk location) can make an access within the approved time frame.

  6. If the request is not approved, the Google employee access will be denied. Dismissing the request only removes it from your list of pending requests, and if you fail to dismiss an approval request, access will continue to be denied.

Clean up

To avoid incurring charges to your GCP account for the resources used in this quickstart:

  1. Go Security and then Access Approval in the Google Cloud Platform Console.

    Go to the Access Approval page

  2. Remove the users for whom you added notifications.

  3. Remove the IAM role Access Approvals Approver for those users.

What's next

Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Invia feedback per...

Access Approval