Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.
Google Cloud offers industry-leading controls to prevent unauthorized access to your customer content by Google support and engineering teams.
Some customers require the ability to directly manage access to their customer content by Google personnel, and to grant explicit approval every time their customer content is accessed. For this reason, we developed Access Approval - a product that ensures that your explicit approval is required for Google support and engineering to access your customer content.
Access Approval helps in implementing the security principle of least privilege, which states that nobody should have more permissions and access than they need. Even after you provide access, Google personnel can only view the content that is absolutely essential to fulfill an obligation to provide a contracted service. For example, front-line customer support personnel can only access information about customer environments that is absolutely essential for debugging customer support issues.
For more information about why Google employees might need to access customer content and about Google's privileged access principles, see Privileged access at Google.
Access Approval provides an additional layer of control on top of the transparency provided by Access Transparency Logs. Access Transparency provides you with logs that capture the actions Google personnel take when accessing your content. Access Approval also provides a historical view of all requests that were approved, dismissed, or expired.
How Access Approval works
Access Approval works by sending you an email or Pub/Sub message with an access request that you are able to approve.
Using the information in the message, you can use the Google Cloud Console or the Access Approval API to approve the access.
Google services that support Access Approval
For a complete list of the Google services that support Access Approval, see Supported services.
Access Approval exclusions
The following actions by Google do not trigger an Access Approval request:
System access to user content. These are programmatic, non-human accesses by authorized and reviewed Google processes. For example, a compression job that runs on the content or disk destruction during the content deletion process. These accesses are checked by our binary authorization functionality, which verifies that the job originates from code that was checked into production and reviewed by a second party.
Manual access for the following reasons.
- Legal access
- Where Google accesses customer content to comply with legal requirements, these accesses bypass the Access Approval service.
- Outage access
- Where Google accesses customer content to resolve an outage, these accesses bypass the Access Approval service.
- Legal access
Any other exception as documented in the Access Transparency documentation. Anything that fails to generate an Access Transparency log also doesn't generate an Access Approval request.
Requirements for using Access Approval
Before you can use Access Approval, you must first enable Access Transparency for your organization. Access Approval and Access Transparency both require your Google Cloud organization to have one of the following customer support levels:
- One of the following Role-Based Support
- Four or more Development roles.
- Four or more Production roles.
- A combination of four or more Development or Production roles. You can enable Access Approval directly in the Google Cloud Console; see the quickstart.
If you're not sure whether your Google Cloud organization has an appropriate Support package, check your Cloud Support console:
In the Support panel, you see either your Support status or the option to upgrade your package.