Viewing historical Access Approval requests

This document explains how you can view all historical access requests for a project.

Before you begin

  • Ensure that you have set up Access Approval by following the instructions in the Quickstart.

  • Ensure that you have the Access Approval Viewer (roles/accessapproval.viewer) Identity and Access Management (IAM) role. For more information about IAM roles for Access Approval, see Access Approval roles.

View historical access requests

Console

  1. Go to the Access Approval page in the Google Cloud console.

    Go to Access Approval

  2. Click History.

    A table appears that includes all approved, auto-approved, dismissed, and expired requests.

    List of approved, auto-approved, dismissed, and expired access requests.

  3. Optional: If you want to see the details of any access request, click Details in the Details & logs column.

  4. Optional: If you want to view the Cloud Audit Logs or the Access Transparency logs, click Logs.

    Cloud Audit Logs provide information about the approval and dismissal actions taken by members within your organization. For more information, see Cloud Audit Logs overview.

    Access Transparency logs provide information about the actions taken by Google personnel when accessing customer content. For more information, see Access Transparency overview.

You can also see historical approvals using the Logs Explorer.

Go to Cloud Logging

If you enable Cloud Audit Logs in your Google Cloud project, you can filter by the Audited Resource accessapproval.googleapis.com.

cURL

curl -H "$(oauth2l header --json service-account-credentials.json cloud-platform)" \
          https://accessapproval.googleapis.com/v1/projects/PROJECT_ID/approvalRequests?filter=ALL

By default, the API lists all unapproved, approved, auto-approved, and non-expired requests. There is a filter parameter to do tasks such as listing all dismissed requests. For more information, see Access Approval API.

You receive a list of historical access approvals with their status.

{
  "approvalRequests": [
    {
      "name": "projects/123456/approvalRequests/xyzabc123",
      "requestedResourceName": "projects/123456",
      "requestedReason": {
        "detail":  "Case number: bar123"
        "type":  "CUSTOMER_INITIATED_SUPPORT"
      },
      "requestedLocations": {
        "principalOfficeCountry": "US",
        "principalPhysicalLocationCountry": "US"
      },
      "requestTime": "2018-08-30T17:49:13.712Z",
      "requestedExpiration": "2018-09-04T17:49:13.540Z",
      "approve": {
        "approveTime": "2018-08-30T17:49:15.737Z",
        "expireTime": "2018-09-04T17:49:13.540Z"
      }
    }
  ]
}

What's next