Supported services

This page lists all the Google Cloud services that write Access Transparency logs.

GA indicates that a log type is generally available for a service. Preview indicates that a log type is available, but might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.

Access Transparency logs for products in Preview are disabled by default. To opt in to Access Transparency for Preview products on your organization, contact Cloud Customer Care.

If you want to enable Access Transparency logs, see Enabling Access Transparency.

Supported Google Cloud services

Access Transparency supports the following Google Cloud services:

Google Cloud services with Access Transparency support	Launch stage
Access Context Manager	GA
Agent Assist	GA
AlloyDB for PostgreSQL	GA
Anti Money Laundering AI	GA
Apigee ^[9]	GA
App Engine ^[1]	GA
Application Integration	GA
Artifact Registry	GA
BigQuery ^[2]	GA
BigQuery Data Transfer Service	GA
Bigtable	GA
Binary Authorization	GA
Certificate Authority Service	GA
Cloud Build	GA
Cloud Composer	GA
Cloud Data Fusion	GA
Cloud DNS	GA
Cloud External Key Manager	GA
Cloud Healthcare API ^[3]	GA
Cloud HSM	GA
Cloud Interconnect	GA
Cloud Key Management Service (Cloud KMS)	GA
Cloud Logging	GA
Cloud Monitoring	GA
Cloud NAT	GA
Cloud Router	GA
Cloud Run	GA
Cloud Run functions	GA
Cloud Service Mesh	GA
Cloud SQL	GA
Cloud Storage	GA
Cloud Tasks	GA
Cloud Vision	GA
Cloud VPN	GA
Colab Enterprise	GA
Compute Engine	GA
Container Registry	Preview
Conversational Insights	GA
Database Center	Preview
Dataflow	GA
Dataform	GA
Dataplex	Preview
Dataproc	GA
Dialogflow CX	GA
Document AI ^[4]	GA
Eventarc	GA
Filestore	GA
Firebase Security Rules	Preview
Firestore	GA
GKE Connect	GA
GKE Hub	GA
GKE Identity Service	GA
Google Cloud Armor ^[8]	GA
Google Distributed Cloud	GA
Google Kubernetes Engine	GA
Google Security Operations SIEM	GA
Google Security Operations SOAR	GA
IAM workforce identity federation	GA
Identity and Access Management (IAM)	GA
Identity-Aware Proxy	GA
Jurisdictional Google Cloud console	GA
Looker (Google Cloud core)	Preview
Memorystore for Redis	GA
Organization Policy Service	GA
Persistent Disk	GA
Pub/Sub ^[5]	GA
Resource Manager	GA
Secret Manager	GA
Secure Source Manager	GA
Sensitive Data Protection	GA
Serverless VPC Access	GA
Spanner	GA
Speaker ID	GA
Speech-to-Text	GA
Storage Transfer Service	Preview
Text-to-Speech	GA
Vector Search	GA
Vertex AI ^[6]	GA
Vertex AI Feature Store	GA
Vertex AI Search ^[7]	GA
Vertex AI Workbench instances	GA
Vertex AI Workbench managed notebooks	GA
Vertex AI Workbench user-managed notebooks	GA

Footnotes

1. Cloud Storage and Cloud SQL are the only compatible storage backends for App Engine supported by Access Transparency.

2. Some information about your queries, tables, and datasets might not generate an Access Transparency log entry if viewed by Google Cloud Support. Viewing query text, table names, dataset names, and dataset access control lists might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing query results and table or dataset data generates Access Transparency log entries.

Some Access Transparency logs for BigQuery might not contain the accessApprovals field.

Data in queries residing in non-Google regions for BigQuery Omni does not generate an Access Transparency log entry.

Gemini in BigQuery is not supported in Assured Workloads.

3. Features within Cloud Healthcare API that are not yet generally available might not generate Access Transparency logs. For more information, see the Cloud Healthcare API documentation.

4. Requests that use either the v1beta2 API version or features exposed through the alpha-documentai.googleapis.com endpoint won't generate Access Transparency logs.

5. Some information about your topics and subscriptions might not generate an Access Transparency log entry if viewed by Cloud Customer Care. Viewing topic names, subscription names, message attributes, and timestamps might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing message payloads generates Access Transparency log entries.

6. There are some scenarios for which access to your data in Vertex AI by Google personnel isn't logged. See Limitations of Access Transparency in Vertex AI for the complete list of such scenarios.

7. Access to your content in Vertex AI Search by Google personnel isn't logged for certain scenarios. For more information about these scenarios, see Limitations of Access Transparency in Vertex AI Search.

8. Access Transparency logs will be generated for regional Google Cloud Armor security policies. Global Google Cloud Armor security policies won't generate logs.

9. The following Apigee features are not supported by Access Transparency:

Apigee portal
Features in the Preview launch stage

Additionally, Apigee Hybrid customers must upgrade to the latest version to get full Access Transparency support.

Support for Google Workspace

Several Google Workspace services such as Gmail, Google Docs, Google Calendar, and Google Drive record the actions that Google personnel take when accessing customer content.

Access Transparency logs help ensure that Google personnel access customer content with a valid business justification. Access Transparency logs can also help security information and event management (SIEM) tools identify data exfiltration and exposure to external malicious actors targeting your Google Workspace resources. You can use the Google Cloud console to access the Access Transparency logs that Google Workspace services generate.

For more information about Access Transparency logs for Google Workspace, including the list of Google Workspace services that support Access Transparency, see Access Transparency: View logs on Google access to user content.

For information about viewing and understanding the Access Transparency logs that Google Workspace services generate, see Viewing Access Transparency logs for Google Workspace.

For information about the audit logs that Google Workspace services generate, see Cloud Audit Logs for Google Workspace.