Supported editions for this feature: Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus. Compare your edition
As part of Google's long-term commitment to security and transparency, you can use Access Transparency to review logs of actions taken by Google staff when accessing user content.
For details and instructions on viewing these logs in the security investigation tool, see Access Transparency log events.
What’s in Access Transparency logs?
Access Transparency logs include data about Google staff activity, including:
- Actions by the Support team that you may have requested by phone
- Basic engineering investigations into your support requests
- Other investigations made for valid business purposes, such as recovering from an outage
Access Transparency use cases
There are a variety of reasons why you might use Access Transparency. Some examples include:
- Verify that Google is accessing your data for valid business reasons, such as fixing a problem or responding to a request.
- Verify that Google staff are correctly addressing a request.
- Collect and analyze tracked access events through an automated security information and event management (SIEM) tool.
Services that write Access Transparency logs
The following Google Workspace services write Access Transparency logs:
- Gmail—Subjects, bodies, attachments
- Calendar—Event titles, descriptions, locations
- Chat—Names, chat room titles, spaces; message and topic bodies in both direct messages and chat rooms; user information (including name, email address, and chat room membership)
- Drive—Original file content uploaded to Drive
- Google Docs, Forms, Sheets, Sites, Slides—Contents of documents, including file body text, embedded images, embedded drawings, comments, and form responses.
Note: Legacy Sites is not covered. - Meet recordings stored in Drive
Note: In-progress meetings have no administrative access from Google. Recordings stored in Drive are the only persisted artifacts of a meeting.
Access Transparency logs aren’t available for any editions, products or services not explicitly stated above. Third-party data indexing, YouTube, video, images, migration and emergency access to support quality of service are also excluded.
When is an Access Transparency log entry created?
An Access Transparency supported service writes a log entry when people at Google access user content that was created using the supported service. For example, a log entry is created if a Support engineer is helping to fix a Calendar problem.
A log entry isn’t written when:
- A user grants a Google staff person permission to access the data via doc sharing.
- Google is legally prohibited from notifying you of the access.
- The data in question is a public resource identifier, such as a file identification number.
- A system job accesses the data. For example, a compression job that runs on the data or machine learning functions. (In this case, Google uses an internal version of Binary Authorization to check that system code running on Access Transparency supported services is reviewed by a second party.)