In the Principal column, find all rows that identify you or a group that
you're included in. To learn which groups you're included in, contact your
administrator.
For all rows that specify or include you, check the Role column to see whether
the list of roles includes the required roles.
In the Principal column, find all rows that identify you or a group that
you're included in. To learn which groups you're included in, contact your
administrator.
For all rows that specify or include you, check the Role column to see whether
the list of roles includes the required roles.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-03。"],[[["\u003cp\u003eUsers need specific Identity and Access Management (IAM) permissions, included in the \u003cstrong\u003eAdvisory Notifications Viewer\u003c/strong\u003e role, to view Advisory Notifications in the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eIf an organization resource exists, notifications are received through the organization, and users must have the \u003cstrong\u003eAdvisory Notifications Viewer\u003c/strong\u003e role on the organization to view the notification details.\u003c/p\u003e\n"],["\u003cp\u003eFor projects without an organization, notifications are received through the project, and users must have the \u003cstrong\u003eAdvisory Notifications Viewer\u003c/strong\u003e role on the project to view the notification details.\u003c/p\u003e\n"],["\u003cp\u003eUsers can request access to the notifications by clicking \u003cstrong\u003eRequest access\u003c/strong\u003e in the Advisory Notifications email, which will notify a highly-privileged organization administrator to grant them the required permissions.\u003c/p\u003e\n"],["\u003cp\u003eAuthorized users can view notifications in the Google Cloud console by navigating to \u003cstrong\u003eSecurity\u003c/strong\u003e > \u003cstrong\u003eAdvisory Notifications\u003c/strong\u003e, where they can see details such as the title, date, description, and any attached files.\u003c/p\u003e\n"]]],[],null,["Viewing notifications This document shows how to configure users for Advisory Notifications\nand view notifications by using the Google Cloud console.\n\nBefore you begin\n\nEnsure that you have the required roles\n\nTo view Advisory Notifications in the Google Cloud console, each user must be\ngranted a role that contains the following Identity and Access Management (IAM)\npermissions. These permissions are included in the **Advisory Notifications\nViewer** (`roles/advisorynotifications.viewer`) IAM role.\n\n- `advisorynotifications.notifications.get`\n- `advisorynotifications.notifications.list`\n- `resourcemanager.organizations.get`, if you need to view notifications for your organization\n- `resourcemanager.projects.get`, if you need to view notifications for your project\n\nRequired roles for organizations\n\nIf you have an organization resource, you receive notifications through your organization.\n\n1. Make sure that you have the following role or roles on the organization: Advisory Notifications Viewer\n\nCheck for the roles\n\n1.\n In the Google Cloud console, go to the **IAM** page.\n\n [Go to IAM](https://console.cloud.google.com/projectselector/iam-admin/iam?supportedpurview=organizationId)\n2. Select the organization.\n3.\n In the **Principal** column, find all rows that identify you or a group that\n you're included in. To learn which groups you're included in, contact your\n administrator.\n\n4. For all rows that specify or include you, check the **Role** column to see whether the list of roles includes the required roles.\n\nGrant the roles\n\n1.\n In the Google Cloud console, go to the **IAM** page.\n\n [Go to IAM](https://console.cloud.google.com/projectselector/iam-admin/iam?supportedpurview=organizationId)\n2. Select the organization.\n3. Click person_add **Grant access**.\n4.\n In the **New principals** field, enter your user identifier.\n\n This is typically the email address for a Google Account.\n\n5. In the **Select a role** list, select a role.\n6. To grant additional roles, click add **Add\n another role** and add each additional role.\n7. Click **Save**.\n\n\u003cbr /\u003e\n\nRequired roles for projects without an organization\n\nIf you don't have an organization resource, you receive notifications through your project.\n\n1. Make sure that you have the following role or roles on the project: Advisory Notifications Viewer\n\nCheck for the roles\n\n1.\n In the Google Cloud console, go to the **IAM** page.\n\n [Go to IAM](https://console.cloud.google.com/projectselector/iam-admin/iam?supportedpurview=project)\n2. Select the project.\n3.\n In the **Principal** column, find all rows that identify you or a group that\n you're included in. To learn which groups you're included in, contact your\n administrator.\n\n4. For all rows that specify or include you, check the **Role** column to see whether the list of roles includes the required roles.\n\nGrant the roles\n\n1.\n In the Google Cloud console, go to the **IAM** page.\n\n [Go to IAM](https://console.cloud.google.com/projectselector/iam-admin/iam?supportedpurview=project)\n2. Select the project.\n3. Click person_add **Grant access**.\n4.\n In the **New principals** field, enter your user identifier.\n\n This is typically the email address for a Google Account.\n\n5. In the **Select a role** list, select a role.\n6. To grant additional roles, click add **Add\n another role** and add each additional role.\n7. Click **Save**.\n\n\u003cbr /\u003e\n\nPermission assistance in the Google Cloud console **Important:** This feature is only available if you are using Google Cloud with an organization.\n\nIt's possible for a user to receive notification emails from\nAdvisory Notifications but also be unable to view them in the\nGoogle Cloud console. If you observe this, it can be because users don't have\nsufficient permissions as described in the [previous section](#required-roles).\n\nTo help users receive access, Advisory Notifications provides\nrecipients of each notification email a two-week voucher to request permissions\nfrom a highly privileged grantor by using the following instructions:\n\n1. Click **View notification details** in the Advisory Notifications email you received.\n2. Optional: If you don't have the required permissions to view the notification, click **Request access** to gain those permissions. Clicking this button automatically contacts one of your highly-privileged organization administrators and informs them that they need to grant you the required permissions.\n3. After the administrator has granted you the required permissions, you can view the current and future notifications. You receive an email when the administrator grants you the required permissions.\n\nViewing Notifications\n\nAfter Advisory Notifications has been enabled and all selected\nusers have been granted permissions to receive\nnotifications, authorized users can view the notifications in the\nGoogle Cloud console.\n\n1. In the Google Cloud console, select **Security** from the left navigation\n menu, and then select **Advisory Notifications**. Alternatively, click the\n following link:\n\n [Go to Advisory Notifications](https://console.cloud.google.com/security/advisorynotifications/)\n2. From the list of notifications, click the notification title to see more\n information. Note that unread notifications appear in bold.\n\n3. From the **Notification details** page, you can see the title, date and time,\n description, and possibly one or more file attachments associated with the\n notification. Note that you can't delete a notification or change its status\n from read to unread.\n\nBased on your language preference in Google Cloud, you can receive an\nemail in hours or days after the initial notification email. This email\nnotifies you about the localization of your notifications.\n\nClean up\n\nNo additional steps are required to avoid incurring charges to your account.\n\nWhat's next\n\n- Learn how to [respond to Sensitive Actions notifications](/advisory-notifications/docs/respond-to-sensitive-actions).\n- Learn about [audit logging](/advisory-notifications/docs/audit-logging)."]]
