本文將說明如何查看及瞭解 Google 人員存取 Google Workspace 資源中的客戶資料時產生的資料存取透明化控管機制記錄。Google Workspace 中的客戶資料包括您在 Gmail、Google 文件、Google 試算表、Google 簡報和其他 Google Workspace 應用程式中輸入的文字。
事前準備
請確認您具備「記錄檢視器」(roles/logging.viewer) Identity and Access Management (IAM) 角色。如要瞭解如何授予身分與存取權管理角色,請參閱「授予單一角色」。
如要在 Google Workspace 中使用資料存取透明化控管機制,您必須啟用與 Google Cloud共用 Google Workspace 內容的功能。如要瞭解如何與 Google Cloud共用 Google Workspace 內容,請參閱「與Google Cloud共用資料」一文。
查看 Google Workspace 的資料存取透明化控管機制記錄
您可以使用 Google Cloud 控制台中的記錄檔探索工具,擷取、查看及分析「資料存取透明化控管機制」記錄。如要瞭解如何使用記錄檔探索工具,請參閱「使用記錄檔探索工具」。
如要使用「記錄檢視器」查看 Google Workspace 的資料存取透明化控管機制記錄,請按照下列步驟操作:
{"insertId":"-6x8cuqc3rk","jsonPayload":{"activityId":{"uniqQualifier":"1720950322606095479","timeUsec":"1621441673703908"},"@type":"type.googleapis.com/ccc_hosted_reporting.ActivityProto","event":[{"status":{"success":true},"eventType":"GSUITE_RESOURCE","parameter":[{"multiStrValue":["GMAIL"],"name":"GSUITE_PRODUCT_NAME",},{"name":"RESOURCE_NAME","multiStrValue":["//googleapis.com/gmail/users/owner@example.com"],},{"name":"LOG_ID","value":"Qt8v90c0fAEy_SyaOplDvJc",},{"multiStrValue":["Google Initiated Service - For details, please refer to the documentation."],"name":"JUSTIFICATIONS",},{"name":"ACTOR_HOME_OFFICE","value":"US",},{"value":"owner@example.net","name":"OWNER_EMAIL",}],"eventName":"ACCESS"}]},"resource":{"type":"organization","labels":{"organization_id":"12345"}},"timestamp":"2021-05-19T16:27:53.703908Z","severity":"NOTICE","logName":"organizations/12345/logs/cloudaudit.googleapis.com%2Faccess_transparency","receiveTimestamp":"2021-05-19T16:28:52.867650088Z"}
如要瞭解 Google 人員存取 Google Workspace 資源時,可能會在資料存取透明化控管機制記錄的 jsonPayload 欄位中顯示的事件和參數,請參閱「資料存取透明化控管機制活動事件」。
如要瞭解 Google Workspace 資料存取透明化控管機制記錄檔中的所有其他欄位,請參閱 LogEntry。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThis document details how to view Access Transparency logs, which are generated when Google personnel access customer content within Google Workspace applications like Gmail, Docs, Sheets, and Slides.\u003c/p\u003e\n"],["\u003cp\u003eTo access these logs, you must possess the Logs Viewer IAM role and enable sharing of Google Workspace content with Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThe Logs Explorer in the Google Cloud console allows you to retrieve, view, and analyze these logs by using a specific query string that includes your organization's unique ID.\u003c/p\u003e\n"],["\u003cp\u003eAccess Transparency logs provide information about the events and parameters when Google personnel access resources in Google Workspace.\u003c/p\u003e\n"],["\u003cp\u003eAn example of a generated log is included, which includes details on the activity, such as the GSuite product name, the owner's email and other important information.\u003c/p\u003e\n"]]],[],null,["# Viewing Access Transparency logs for Google Workspace\n=====================================================\n\nThis document explains how you can view and understand the Access Transparency logs\ngenerated when Google personnel access Customer Data in Google Workspace\nresources. Customer Data in Google Workspace includes text that you\nhave entered into Gmail, Google Docs, Google Sheets, Google Slides, and other\nGoogle Workspace apps.\n\nBefore you begin\n----------------\n\n- Make sure that you have the Logs Viewer (`roles/logging.viewer`) Identity and Access Management\n (IAM) role. For information about granting an IAM\n role, see [Grant a single role](/iam/docs/granting-changing-revoking-access#grant-single-role).\n\n- To use Access Transparency with Google Workspace, you must enable sharing of\n Google Workspace content with Google Cloud. For information about sharing\n Google Workspace content with Google Cloud, see [Sharing data with\n Google Cloud](https://support.google.com/a/answer/9320190).\n\nView Access Transparency logs for Google Workspace\n--------------------------------------------------\n\nYou can use the [Logs Explorer](/logging/docs/view/logs-explorer-summary) in the Google Cloud console to\nretrieve, view, and analyze Access Transparency logs. For information about using\nthe Logs Explorer, see [Using the\nLogs Explorer](/logging/docs/view/logs-explorer-interface).\n\nTo view Access Transparency logs for Google Workspace using the Logs Explorer,\ndo the following:\n\n1. Go to the **Logs Explorer** page in the Google Cloud console.\n\n [Go to Logs Explorer](https://console.cloud.google.com/logs/query)\n2. Enter the following query in the Logs Explorer:\n\n logName=\"organizations/\u003cvar translate=\"no\"\u003eORG_ID\u003c/var\u003e/logs/cloudaudit.googleapis.com%2Faccess_transparency\"\n jsonPayload.@type=\"type.googleapis.com/ccc_hosted_reporting.ActivityProto\"\n\n Replace \u003cvar translate=\"no\"\u003eORG_ID\u003c/var\u003e with the unique identifier of your\n Google Cloud organization.\n3. Click **Run query** to execute the query.\n\n\nSample Access Transparency log for Google Workspace\n---------------------------------------------------\n\nThe following sample is an example of the Access Transparency log for\nGoogle Workspace. \n\n {\n \"insertId\": \"-6x8cuqc3rk\",\n \"jsonPayload\": {\n \"activityId\": {\n \"uniqQualifier\": \"1720950322606095479\",\n \"timeUsec\": \"1621441673703908\"\n },\n \"@type\": \"type.googleapis.com/ccc_hosted_reporting.ActivityProto\",\n \"event\": [\n {\n \"status\": {\n \"success\": true\n },\n \"eventType\": \"GSUITE_RESOURCE\",\n \"parameter\": [\n {\n \"multiStrValue\": [\n \"GMAIL\"\n ],\n \"name\": \"GSUITE_PRODUCT_NAME\",\n },\n {\n \"name\": \"RESOURCE_NAME\",\n \"multiStrValue\": [\n \"//googleapis.com/gmail/users/owner@example.com\"\n ],\n },\n {\n \"name\": \"LOG_ID\",\n \"value\": \"Qt8v90c0fAEy_SyaOplDvJc\",\n },\n {\n \"multiStrValue\": [\n \"Google Initiated Service - For details, please refer to the documentation.\"\n ],\n \"name\": \"JUSTIFICATIONS\",\n },\n {\n \"name\": \"ACTOR_HOME_OFFICE\",\n \"value\": \"US\",\n },\n {\n \"value\": \"owner@example.net\",\n \"name\": \"OWNER_EMAIL\",\n }\n ],\n \"eventName\": \"ACCESS\"\n }\n ]\n },\n \"resource\": {\n \"type\": \"organization\",\n \"labels\": {\n \"organization_id\": \"12345\"\n }\n },\n \"timestamp\": \"2021-05-19T16:27:53.703908Z\",\n \"severity\": \"NOTICE\",\n \"logName\": \"organizations/12345/logs/cloudaudit.googleapis.com%2Faccess_transparency\",\n \"receiveTimestamp\": \"2021-05-19T16:28:52.867650088Z\"\n }\n\nFor information about the event and parameters that can appear in the\n`jsonPayload` field of the Access Transparency logs generated when Google personnel\naccess Google Workspace resources, see [Access Transparency Activity Events](https://developers.google.com/admin-sdk/reports/v1/appendix/activity/access-transparency).\n\nFor information about all the other fields in the Access Transparency logs for\nGoogle Workspace, see [LogEntry](/logging/docs/reference/v2/rest/v2/LogEntry).\n\nWhat's next\n-----------\n\n- Learn more about [Access Transparency audit logs](https://support.google.com/a/answer/9230979).\n- Learn more about [Google Workspace audit logs](/logging/docs/audit/gsuite-audit-logging)."]]
