In the resources drop-down list, click Audited Resource, click Audited
Resources again, and then click datacatalog.googleapis.com. You will see
recent audit log entries of Data Catalog resources.
To view the log entries, select the Data Catalog
SetIamPolicy method.
Click the log entry to see details about the call to the SetIamPolicy
method.
Click the log entry fields to see details for the SetIamPolicy entry.
Click protoPayload, then click authenticationInfo to see the
principalEmail for the entity that set the IAM policy.
Click protoPayload, click request, click policy, and then click
bindings to see the bindings, including principals and roles, that were
changed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["This guide explains how to use Cloud Logging to monitor activities related to policy tags, including who granted or removed access."],["You can view logs to determine the email of the principal granting or removing access, as well as the email of the user who was granted or removed from access."],["Access the logs through the Logs Explorer page in the Google Cloud console by selecting Audited Resources, and then datacatalog.googleapis.com."],["You can filter log entries to view calls made to the `SetIamPolicy` method, where details about policy changes are stored."]]],[]]
