Access Transparency and Access Approval
Move to the cloud with confidence
Inability to audit cloud provider access can be a barrier to cloud migration. Access Transparency enables verification of cloud provider access, bringing your audit controls closer to on-premises conditions.
Approve access by Google Cloud support engineers
Access Approval lets you approve or dismiss requests for access by Google employees working to support your service.
Make oversight part of your existing workflows
Access Transparency logs are available through Cloud Logging and can be integrated directly into existing analysis pipelines or tool exports you have already set up.
How to enable Access Transparency logs
Learn how Access Transparency provides you with logs that capture the actions Google personnel take when accessing your content.
Reading Access Transparency logs
This page describes the contents of Access Transparency log entries.
Access Approval documentation
See how the Access Approval API enables controlling access to your organization’s data by Google personnel.
Access Approval quickstart
This page shows you how to set up Access Approval using the Google Cloud Console to receive email notifications of access requests on a project.
|Access approval||Explicitly approve access to your data or configurations on Google Cloud. Access Approval requests, when combined with Access Transparency logs, can be used to audit an end-to-end chain from support ticket to access request to approval, to eventual access.|
|Access justifications||View the reason for each access, including references to specific support tickets where relevant.|
|Resource and method identification||Identify the exact resources accessed by administrators and the methods run.|
|Cloud Logging integration||Integrate seamlessly into your existing Cloud Logging configuration.|
|Accessor location||View the country in which the administrator performing the action was based.|
|Data protection controls||Take advantage of Google’s data-protection controls designed to limit support and engineering’s ability to access your data unless necessary.|
|Near real-time publication||Retrieve logs in near real time.|