Supported editions for this feature: Enterprise; Education Standard and Plus. Compare your edition
Access Transparency logs provide information about the actions of Google staff when they access your data.
In the Google Admin console, you can review the Access Transparency audit log, which includes information about:
- The affected resource and action
- The time of the action
- The reason for the action (for example, the case number associated with a customer support request)
- Information about the Google staff member acting on the data (for example, office location)
For more information, go to Access Transparency: View logs on Google access to user content.
Forward log data to the Google Cloud Platform
You can opt in to share log data with Google Cloud Platform. If you turn on sharing, data is forwarded to Cloud Logging, where you can query and view your logs, and control how you route and store your logs.
Generate the Access Transparency audit log
Open the Access Transparency log
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Reports.
- On the left, click AuditAccess Transparency.
Customize data or export the audit log
Filter the scope of the data that’s displayed
To narrow the scope of the log data that’s displayed, on the left, select one or more filters (such as product or date range). For more information, go to filter and export log data and create alerts.
Customize the data that’s displayed
To change the data that’s displayed in the report (such as Date or Justifications), click Manage columns select the dataclick Save.
Export the audit log
To export the audit log data to a CSV file or Google Sheets, click Download select the formatclick Download
Understand the Access Transparency log data
Log field descriptions
Log field name | System field name | Description |
---|---|---|
Date | items:id:time | Time the log was written |
Google Workspace Product | items:events:parameters:GSUITE_PRODUCT_NAME | Customer’s product that was accessed. Upper case required. Can be:
|
Owner Email | items:events:parameters:OWNER_EMAIL | The email ID or team identifier of the customer who owns the resource |
Actor Home Office | items:events:parameters:ACTOR_HOME_OFFICE |
ISO 3166-1 alpha-2 country/region code in which the accessor has a permanent desk:
|
Justifications |
items:events:parameters:JUSTIFICATIONS |
Access justifications, such as Customer Initiated Support - Case Number: 12345678 |
Tickets | tickets | Tickets associated with the justification, if any |
Log ID | items:events:parameters:LOG_ID | Unique log ID |
Resource Name | items:events:parameters:RESOURCE_NAME | Name of the resource that was accessed. Resource names can be used in the security investigation tool to further identify, triage, and take action on security and privacy issues in your domain. |
Justification descriptions
Reason | Description |
---|---|
CUSTOMER_INITIATED_SUPPORT | Customer-initiated support, such as a case number |
EXTERNALLY_INITIATED_ABUSE_REVIEW
|
Externally initiated abuse reviews are invoked when content is reported to Google for review.
For more details and instructions, go to Customize searches within the investigation tool. Learn more about reporting abuse. |
GOOGLE_INITIATED_REVIEW | Google-initiated access for security, fraud, abuse, or compliance purposes, including:
|
GOOGLE_INITIATED_SERVICE | Google-initiated access to perform system management and troubleshooting, including:
|
THIRD_PARTY_DATA_REQUEST | Google accesses customer data to respond to a legal request or legal process. This includes when we respond to legal process from the customer that requires that we access the customer's own data. In this case, Access Transparency logs might not be available if Google can’t legally inform you of such a request or process. |
Set up an Access Transparency alert
You can set up an email alert for one or more log filters, such as Owner Email and Actor Home Office. You can also enable an alert for all logs across all products that support Access Transparency.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Reports.
- Under Audit log, click Access Transparency.
- Click + Add a filter.
- Select one or more filters and click Apply.
- (Optional) To turn on an alert for all logs across all supported products, click Event NameAccess. This action creates a filter called Event Name: Access.
- Click Create reporting rule , enter a rule name, and then enter the emails of any additional alert recipients.
- Click Create.
Integrate Access Transparency log data with third-party tools
You can use the Reports API to integrate Access Transparency logs with your existing security information and event management (SIEM) tools. For more information, go to Access Transparency Activity Events.
When and how long is data available?
Go to Data retention and lag times.