Viewing notifications
This document shows how to configure users for Advisory Notifications and view notifications by using the Google Cloud console.
Before you begin
Ensure that you have the required roles
To view Advisory Notifications in the Google Cloud console, each user must be
granted a role that contains the following Identity and Access Management (IAM)
permissions. These permissions are included in the Advisory Notifications
Viewer (roles/advisorynotifications.viewer
) IAM role.
advisorynotifications.notifications.get
advisorynotifications.notifications.list
resourcemanager.organizations.get
, if you need to view notifications for your organizationresourcemanager.projects.get
, if you need to view notifications for your project
Required roles for organizations
If you have an organization resource, you receive notifications through your organization.
-
In the Google Cloud console, go to the IAM page.
Go to IAM - Select the organization.
-
In the Principal column, find all rows that identify you or a group that you're included in. To learn which groups you're included in, contact your administrator.
- For all rows that specify or include you, check the Role colunn to see whether the list of roles includes the required roles.
-
In the Google Cloud console, go to the IAM page.
Go to IAM - Select the organization.
- Click Grant access.
-
In the New principals field, enter your user identifier. This is typically the email address for a Google Account.
- In the Select a role list, select a role.
- To grant additional roles, click Add another role and add each additional role.
- Click Save.
Make sure that you have the following role or roles on the organization: Advisory Notifications Viewer
Check for the roles
Grant the roles
Required roles for projects without an organization
If you don't have an organization resource, you receive notifications through your project.
-
In the Google Cloud console, go to the IAM page.
Go to IAM - Select the project.
-
In the Principal column, find all rows that identify you or a group that you're included in. To learn which groups you're included in, contact your administrator.
- For all rows that specify or include you, check the Role colunn to see whether the list of roles includes the required roles.
-
In the Google Cloud console, go to the IAM page.
Go to IAM - Select the project.
- Click Grant access.
-
In the New principals field, enter your user identifier. This is typically the email address for a Google Account.
- In the Select a role list, select a role.
- To grant additional roles, click Add another role and add each additional role.
- Click Save.
Make sure that you have the following role or roles on the project: Advisory Notifications Viewer
Check for the roles
Grant the roles
Permission assistance in the Google Cloud console
It's possible for a user to receive notification emails from Advisory Notifications but also be unable to view them in the Google Cloud console. If you observe this, it can be because users don't have sufficient permissions as described in the previous section.
To help users receive access, Advisory Notifications provides recipients of each notification email a two-week voucher to request permissions from a highly privileged grantor by using the following instructions:
- Click View notification details in the Advisory Notifications email you received.
- Optional: If you don't have the required permissions to view the notification, click Request access to gain those permissions. Clicking this button automatically contacts one of your highly-privileged organization administrators and informs them that they need to grant you the required permissions.
- After the administrator has granted you the required permissions, you can view the current and future notifications. You receive an email when the administrator grants you the required permissions.
Viewing Notifications
After Advisory Notifications has been enabled and all selected users have been granted permissions to receive notifications, authorized users can view the notifications in the Google Cloud console.
In the Google Cloud console, select Security from the left navigation menu, and then select Advisory Notifications. Alternatively, click the following link:
From the list of notifications, click the notification title to see more information. Note that unread notifications appear in bold.
From the Notification details page, you can see the title, date and time, description, and possibly one or more file attachments associated with the notification. Note that you can't delete a notification or change its status from read to unread.
Based on your language preference in Google Cloud, you can receive an email in hours or days after the initial notification email. This email notifies you about the localization of your notifications.
Clean up
No additional steps are required to avoid incurring charges to your account.
What's next
- Learn how to respond to Sensitive Actions notifications.
- Learn about audit logging.