Supported services

This page lists all the Google Cloud services that write Access Transparency logs.

GA indicates that a log type is generally available for a service. Preview indicates that a log type is available, but might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.

Access Transparency logs for products in Preview are disabled by default. To opt in to Access Transparency for Preview products on your organization, contact Cloud Customer Care.

If you want to enable Access Transparency logs, see Enabling Access Transparency.

Supported Google Cloud services

Access Transparency supports the following Google Cloud services:

Google Cloud services with Access Transparency support Launch stage
Access Context Manager GA
Agent Assist GA
AlloyDB for PostgreSQL GA
Anti Money Laundering AI GA
Apigee [9] GA
App Engine [1] GA
Application Integration GA
Artifact Registry GA
BigQuery [2] GA
BigQuery Data Transfer Service GA
Bigtable GA
Binary Authorization GA
Certificate Authority Service GA
Cloud Build GA
Cloud Composer GA
Cloud Data Fusion GA
Cloud DNS GA
Cloud External Key Manager GA
Cloud Healthcare API [3] GA
Cloud HSM GA
Cloud Interconnect GA
Cloud Key Management Service (Cloud KMS) GA
Cloud Logging GA
Cloud Monitoring GA
Cloud NAT GA
Cloud Router GA
Cloud Run GA
Cloud Run functions GA
Cloud Service Mesh GA
Cloud SQL GA
Cloud Storage GA
Cloud Tasks GA
Cloud Vision GA
Cloud VPN GA
Colab Enterprise GA
Compute Engine GA
Container Registry Preview
Conversational Insights GA
Database Center Preview
Dataflow GA
Dataform GA
Dataplex Preview
Dataproc GA
Dialogflow CX GA
Document AI [4] GA
Eventarc GA
Filestore GA
Firebase Security Rules Preview
Firestore GA
GKE Connect GA
GKE Hub GA
GKE Identity Service GA
Google Cloud Armor [8] GA
Google Distributed Cloud GA
Google Kubernetes Engine GA
Google Security Operations SIEM GA
Google Security Operations SOAR GA
IAM workforce identity federation GA
Identity and Access Management (IAM) GA
Identity-Aware Proxy GA
Jurisdictional Google Cloud console GA
Looker (Google Cloud core) Preview
Memorystore for Redis GA
Organization Policy Service GA
Persistent Disk GA
Pub/Sub [5] GA
Resource Manager GA
Secret Manager GA
Secure Source Manager GA
Sensitive Data Protection GA
Serverless VPC Access GA
Spanner GA
Speaker ID GA
Speech-to-Text GA
Storage Transfer Service Preview
Text-to-Speech GA
Vector Search GA
Vertex AI [6] GA
Vertex AI Feature Store GA
Vertex AI Search [7] GA
Vertex AI Workbench instances GA
Vertex AI Workbench managed notebooks GA
Vertex AI Workbench user-managed notebooks GA

Footnotes

1. Cloud Storage and Cloud SQL are the only compatible storage backends for App Engine supported by Access Transparency.

2. Some information about your queries, tables, and datasets might not generate an Access Transparency log entry if viewed by Google Cloud Support. Viewing query text, table names, dataset names, and dataset access control lists might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing query results and table or dataset data generates Access Transparency log entries.

Some Access Transparency logs for BigQuery might not contain the accessApprovals field.

Data in queries residing in non-Google regions for BigQuery Omni does not generate an Access Transparency log entry.

Gemini in BigQuery is not supported in Assured Workloads.

3. Features within Cloud Healthcare API that are not yet generally available might not generate Access Transparency logs. For more information, see the Cloud Healthcare API documentation.

4. Requests that use either the v1beta2 API version or features exposed through the alpha-documentai.googleapis.com endpoint won't generate Access Transparency logs.

5. Some information about your topics and subscriptions might not generate an Access Transparency log entry if viewed by Cloud Customer Care. Viewing topic names, subscription names, message attributes, and timestamps might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing message payloads generates Access Transparency log entries.

6. There are some scenarios for which access to your data in Vertex AI by Google personnel isn't logged. See Limitations of Access Transparency in Vertex AI for the complete list of such scenarios.

7. Access to your content in Vertex AI Search by Google personnel isn't logged for certain scenarios. For more information about these scenarios, see Limitations of Access Transparency in Vertex AI Search.

8. Access Transparency logs will be generated for regional Google Cloud Armor security policies. Global Google Cloud Armor security policies won't generate logs.

9. The following Apigee features are not supported by Access Transparency:

  • Apigee portal
  • Features in the Preview launch stage
Additionally, Apigee Hybrid customers must upgrade to the latest version to get full Access Transparency support.

Support for Google Workspace

Several Google Workspace services such as Gmail, Google Docs, Google Calendar, and Google Drive record the actions that Google personnel take when accessing customer content.

Access Transparency logs help ensure that Google personnel access customer content with a valid business justification. Access Transparency logs can also help security information and event management (SIEM) tools identify data exfiltration and exposure to external malicious actors targeting your Google Workspace resources. You can use the Google Cloud console to access the Access Transparency logs that Google Workspace services generate.

For more information about Access Transparency logs for Google Workspace, including the list of Google Workspace services that support Access Transparency, see Access Transparency: View logs on Google access to user content.

For information about viewing and understanding the Access Transparency logs that Google Workspace services generate, see Viewing Access Transparency logs for Google Workspace.

For information about the audit logs that Google Workspace services generate, see Cloud Audit Logs for Google Workspace.