Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
Afficher les journaux Access Transparency pour Google Workspace
Ce document explique comment afficher et comprendre les journaux Access Transparency générés lorsque le personnel de Google accède aux données client dans les ressources Google Workspace. Les données client dans Google Workspace incluent le texte que vous avez saisi dans Gmail, Google Docs, Google Sheets, Google Slides et d'autres applications Google Workspace.
Avant de commencer
Assurez-vous de disposer du rôle IAM (Identity and Access Management) Lecteur de journaux (roles/logging.viewer). Pour en savoir plus sur l'attribution d'un rôle IAM, consultez la section Attribuer un rôle unique.
Pour utiliser Access Transparency avec Google Workspace, vous devez activer le partage de contenus Google Workspace avec Google Cloud. Pour en savoir plus sur le partage de contenu Google Workspace avec Google Cloud, consultez Partager des données avecGoogle Cloud.
Afficher les journaux Access Transparency pour Google Workspace
Vous pouvez utiliser l'explorateur de journaux de la console Google Cloud pour récupérer, afficher et analyser les journaux Access Transparency. Pour en savoir plus sur l'utilisation de l'explorateur de journaux, consultez la page Utiliser l'explorateur de journaux.
Pour afficher les journaux Access Transparency pour Google Workspace à l'aide de l'explorateur de journaux, procédez comme suit:
Accédez à la page Explorateur de journaux dans la console Google Cloud .
Remplacez ORG_ID par l'identifiant unique de votreGoogle Cloud organisation.
Cliquez sur Run query (Exécuter la requête) pour exécuter la requête.
Exemple de journal Access Transparency pour Google Workspace
L'exemple suivant est un exemple de journal Access Transparency pour Google Workspace.
{"insertId":"-6x8cuqc3rk","jsonPayload":{"activityId":{"uniqQualifier":"1720950322606095479","timeUsec":"1621441673703908"},"@type":"type.googleapis.com/ccc_hosted_reporting.ActivityProto","event":[{"status":{"success":true},"eventType":"GSUITE_RESOURCE","parameter":[{"multiStrValue":["GMAIL"],"name":"GSUITE_PRODUCT_NAME",},{"name":"RESOURCE_NAME","multiStrValue":["//googleapis.com/gmail/users/owner@example.com"],},{"name":"LOG_ID","value":"Qt8v90c0fAEy_SyaOplDvJc",},{"multiStrValue":["Google Initiated Service - For details, please refer to the documentation."],"name":"JUSTIFICATIONS",},{"name":"ACTOR_HOME_OFFICE","value":"US",},{"value":"owner@example.net","name":"OWNER_EMAIL",}],"eventName":"ACCESS"}]},"resource":{"type":"organization","labels":{"organization_id":"12345"}},"timestamp":"2021-05-19T16:27:53.703908Z","severity":"NOTICE","logName":"organizations/12345/logs/cloudaudit.googleapis.com%2Faccess_transparency","receiveTimestamp":"2021-05-19T16:28:52.867650088Z"}
Pour en savoir plus sur l'événement et les paramètres pouvant apparaître dans le champ jsonPayload des journaux Access Transparency générés lorsque le personnel Google accède aux ressources Google Workspace, consultez la section Événements d'activité Access Transparency.
Pour en savoir plus sur tous les autres champs des journaux Access Transparency pour Google Workspace, consultez LogEntry.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eThis document details how to view Access Transparency logs, which are generated when Google personnel access customer content within Google Workspace applications like Gmail, Docs, Sheets, and Slides.\u003c/p\u003e\n"],["\u003cp\u003eTo access these logs, you must possess the Logs Viewer IAM role and enable sharing of Google Workspace content with Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThe Logs Explorer in the Google Cloud console allows you to retrieve, view, and analyze these logs by using a specific query string that includes your organization's unique ID.\u003c/p\u003e\n"],["\u003cp\u003eAccess Transparency logs provide information about the events and parameters when Google personnel access resources in Google Workspace.\u003c/p\u003e\n"],["\u003cp\u003eAn example of a generated log is included, which includes details on the activity, such as the GSuite product name, the owner's email and other important information.\u003c/p\u003e\n"]]],[],null,["# Viewing Access Transparency logs for Google Workspace\n=====================================================\n\nThis document explains how you can view and understand the Access Transparency logs\ngenerated when Google personnel access Customer Data in Google Workspace\nresources. Customer Data in Google Workspace includes text that you\nhave entered into Gmail, Google Docs, Google Sheets, Google Slides, and other\nGoogle Workspace apps.\n\nBefore you begin\n----------------\n\n- Make sure that you have the Logs Viewer (`roles/logging.viewer`) Identity and Access Management\n (IAM) role. For information about granting an IAM\n role, see [Grant a single role](/iam/docs/granting-changing-revoking-access#grant-single-role).\n\n- To use Access Transparency with Google Workspace, you must enable sharing of\n Google Workspace content with Google Cloud. For information about sharing\n Google Workspace content with Google Cloud, see [Sharing data with\n Google Cloud](https://support.google.com/a/answer/9320190).\n\nView Access Transparency logs for Google Workspace\n--------------------------------------------------\n\nYou can use the [Logs Explorer](/logging/docs/view/logs-explorer-summary) in the Google Cloud console to\nretrieve, view, and analyze Access Transparency logs. For information about using\nthe Logs Explorer, see [Using the\nLogs Explorer](/logging/docs/view/logs-explorer-interface).\n\nTo view Access Transparency logs for Google Workspace using the Logs Explorer,\ndo the following:\n\n1. Go to the **Logs Explorer** page in the Google Cloud console.\n\n [Go to Logs Explorer](https://console.cloud.google.com/logs/query)\n2. Enter the following query in the Logs Explorer:\n\n logName=\"organizations/\u003cvar translate=\"no\"\u003eORG_ID\u003c/var\u003e/logs/cloudaudit.googleapis.com%2Faccess_transparency\"\n jsonPayload.@type=\"type.googleapis.com/ccc_hosted_reporting.ActivityProto\"\n\n Replace \u003cvar translate=\"no\"\u003eORG_ID\u003c/var\u003e with the unique identifier of your\n Google Cloud organization.\n3. Click **Run query** to execute the query.\n\n\nSample Access Transparency log for Google Workspace\n---------------------------------------------------\n\nThe following sample is an example of the Access Transparency log for\nGoogle Workspace. \n\n {\n \"insertId\": \"-6x8cuqc3rk\",\n \"jsonPayload\": {\n \"activityId\": {\n \"uniqQualifier\": \"1720950322606095479\",\n \"timeUsec\": \"1621441673703908\"\n },\n \"@type\": \"type.googleapis.com/ccc_hosted_reporting.ActivityProto\",\n \"event\": [\n {\n \"status\": {\n \"success\": true\n },\n \"eventType\": \"GSUITE_RESOURCE\",\n \"parameter\": [\n {\n \"multiStrValue\": [\n \"GMAIL\"\n ],\n \"name\": \"GSUITE_PRODUCT_NAME\",\n },\n {\n \"name\": \"RESOURCE_NAME\",\n \"multiStrValue\": [\n \"//googleapis.com/gmail/users/owner@example.com\"\n ],\n },\n {\n \"name\": \"LOG_ID\",\n \"value\": \"Qt8v90c0fAEy_SyaOplDvJc\",\n },\n {\n \"multiStrValue\": [\n \"Google Initiated Service - For details, please refer to the documentation.\"\n ],\n \"name\": \"JUSTIFICATIONS\",\n },\n {\n \"name\": \"ACTOR_HOME_OFFICE\",\n \"value\": \"US\",\n },\n {\n \"value\": \"owner@example.net\",\n \"name\": \"OWNER_EMAIL\",\n }\n ],\n \"eventName\": \"ACCESS\"\n }\n ]\n },\n \"resource\": {\n \"type\": \"organization\",\n \"labels\": {\n \"organization_id\": \"12345\"\n }\n },\n \"timestamp\": \"2021-05-19T16:27:53.703908Z\",\n \"severity\": \"NOTICE\",\n \"logName\": \"organizations/12345/logs/cloudaudit.googleapis.com%2Faccess_transparency\",\n \"receiveTimestamp\": \"2021-05-19T16:28:52.867650088Z\"\n }\n\nFor information about the event and parameters that can appear in the\n`jsonPayload` field of the Access Transparency logs generated when Google personnel\naccess Google Workspace resources, see [Access Transparency Activity Events](https://developers.google.com/admin-sdk/reports/v1/appendix/activity/access-transparency).\n\nFor information about all the other fields in the Access Transparency logs for\nGoogle Workspace, see [LogEntry](/logging/docs/reference/v2/rest/v2/LogEntry).\n\nWhat's next\n-----------\n\n- Learn more about [Access Transparency audit logs](https://support.google.com/a/answer/9230979).\n- Learn more about [Google Workspace audit logs](/logging/docs/audit/gsuite-audit-logging)."]]
