[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[[["\u003cp\u003eThis guide explains how to use Cloud Logging to monitor activities related to policy tags, including who granted or removed access.\u003c/p\u003e\n"],["\u003cp\u003eYou can view logs to determine the email of the principal granting or removing access, as well as the email of the user who was granted or removed from access.\u003c/p\u003e\n"],["\u003cp\u003eAccess the logs through the Logs Explorer page in the Google Cloud console by selecting Audited Resources, and then datacatalog.googleapis.com.\u003c/p\u003e\n"],["\u003cp\u003eYou can filter log entries to view calls made to the \u003ccode\u003eSetIamPolicy\u003c/code\u003e method, where details about policy changes are stored.\u003c/p\u003e\n"]]],[],null,["# Audit policy tags\n=================\n\nThis document describes how to use [Cloud Logging](/logging/docs) to audit activities\nrelated to policy tags. For example, you can determine:\n\n- The email address for the principal that grants or removes access on a policy\n tag\n\n- The email address for whom the access was granted or removed\n\n- The policy tag whose access was changed\n\nAccess to logs\n--------------\n\nFor information about the permission you need to view logs, see the\n[Cloud Logging access control guide](/logging/docs/access-control).\n\nViewing logs for policy tag events\n----------------------------------\n\n1. Go to the **Logs Explorer** page in the Google Cloud console.\n\n [Go to Logs Explorer](https://console.cloud.google.com/logs/query)\n2. In the resources drop-down list, click **Audited Resource** , click **Audited\n Resources** again, and then click **datacatalog.googleapis.com**. You will see\n recent audit log entries of Data Catalog resources.\n\n3. To view the log entries, select the Data Catalog\n `SetIamPolicy` method.\n\n4. Click the log entry to see details about the call to the `SetIamPolicy`\n method.\n\n5. Click the log entry fields to see details for the `SetIamPolicy` entry.\n\n - Click `protoPayload`, then click `authenticationInfo` to see the\n `principalEmail` for the entity that set the IAM policy.\n\n - Click `protoPayload`, click `request`, click `policy`, and then click\n `bindings` to see the bindings, including principals and roles, that were\n changed.\n\nWhat's next\n-----------\n\nLearn about [best practices for policy tags](/bigquery/docs/best-practices-policy-tags)."]]