Google services with Access Transparency logs

The table below lists the Google Cloud services that write Access Transparency logs.

GA indicates that a log type is generally available for a service. Preview indicates that a log type is available, but might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.

If you want to enable Access Transparency logs, see Enabling Access Transparency.

The following Google services are supported by Access Transparency:

Google Cloud services with Access Transparency support Availability
Notebooks GA
Vertex AI1 GA
Artifact Registry GA
Anthos clusters on VMware GA
App Engine2 GA
BigQuery3 GA
Cloud Bigtable GA
Cloud Composer Preview
Cloud Data Fusion GA
Cloud Data Loss Prevention GA
Cloud External Key Manager GA
Cloud Healthcare API4 GA
Cloud HSM GA
Cloud Key Management Service (KMS) GA
Cloud Logging GA
Cloud Spanner GA
Cloud SQL GA
Cloud Storage GA
Cloud Vision GA
Compute Engine GA
Container Registry Preview
Dataflow GA
Dataproc GA
Google Kubernetes Engine GA
Identity and Access Management GA
Persistent Disk GA
Pub/Sub5 GA
Speech-to-Text GA
Text-to-Speech GA

1 There are some scenarios for which access to your data in Vertex AI by Google personnel isn't logged. See Limitations of Access Transparency in Vertex AI for the complete list of such scenarios.

2 Cloud Storage and Cloud SQL are the only compatible storage backends for App Engine currently supported by Access Transparency.

3 Some information about your queries, tables, and datasets might not generate an Access Transparency log entry if viewed by Google Cloud Support. Viewing query text, table names, dataset names, and dataset access control lists might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing query results and table or dataset data generates Access Transparency log entries.
Some Access Transparency logs for BigQuery might not contain the accessApprovals field.

4 Features within Cloud Healthcare API that are not yet generally available might not generate Access Transparency logs. For more information, see the Cloud Healthcare API documentation.

5 Some information about your topics and subscriptions might not generate an Access Transparency log entry if viewed by Google Cloud Support. Viewing topic names, subscription names, message attributes, and timestamps might not generate Access Transparency log entries; this access pathway gives read-only access. Viewing message payloads generates Access Transparency log entries.