Overview of Advisory Notifications

Advisory Notifications provides well-targeted, timely, and compliant communications about critical security and privacy events in the Google Cloud console and allows you to securely investigate the event, take action, and get support. Advisory Notifications aims to provide added trust and security in the following ways:

  • By integrating with Essential Contacts, Advisory Notifications makes it easy to ensure the most important people are notified.
  • Designated recipients receive only an email notification about the occurrence of a security or privacy event, but not the potentially sensitive information itself. Note that you might receive emails with full event details during the preview stage but this behaviour is gradually phasing out.
  • Security and privacy event details are stored in Google Cloud and require authentication and authorization to view their full details.
  • Notifications can be prioritized as desired for critical and timely events
  • Accompanying notification data can be downloaded securely.

Types of notifications

For this preview launch, the notifications only include security and privacy events. Other types of notifications, such as Mandatory Service Announcements (MSAs), which include billing errors, deprecation notices, and mandatory migrations can be added in the future.

Contacts for notifications

Advisory Notifications integrates with Essential Contacts to identify which users should receive notifications. Essential Contacts allows you to customize who receives notifications by providing a list of contacts. See the Essential Contacts documentation for more information.

If Essential Contacts hasn't been configured, Advisory Notifications will send notifications to the default contacts, which are determined by Identity and Access Management roles. Advisory Notifications will determine which, if any, users have been granted a highly-privileged role in the following descending order:

  1. Organization Administrator (roles/resourcemanager.organizationAdmin)
  2. Project Owner (roles/owner on a project)
  3. Billing Account Administrator (roles/billing.admin)

If one or more users have been granted the Organization Administrator role, only they will be contacted. If no users have been granted the Organization Administrator role, then Advisory Notifications will move on to the next role in the hierarchy and determine if one or more users have been granted the Project Owner primitive role on the project. If any are found, only they will be contacted. Lastly, if no users have been granted the Organization Administrator or Project Owner role, Advisory Notifications will contact any users who have been granted the Billing Account Administrator role.

See also