Admin access to reporting rules & activity rules

As an administrator, you can set up rules in the Google Admin console. To configure a rule, you set up conditions for the rule, and specify what actions to perform when the conditions are met. 

There are several types of rules on the Rules page, including reporting rules, activity rules, data protection rules, and system defined rules.

Whether you have the ability to create reporting rules vs. activity rules depends on your Google Workspace edition, your administrative privileges, and the data source. For more information, go to the sections below.

For general instructions about creating and viewing rules, go to Create and manage rules from the Rules page and Create and manage activity rules.

Access to reporting rules

Reporting rules are custom rules created by administrators from the audit and investigation page or from the Rules page. You can use these rules to create and manage custom alerts based on your organization’s log event data (previously called audit logs).

In general, administrators with non-premium editions such as Business Starter, Business Standard, and Education Standard have the ability to create and view reporting rules, and don't have access to activity rules. To create or view reporting rules, admins also need the Reports privilege (for more information, go to Administrator privilege definitions).

Note:

  • If you're a delegated admin with a premium edition (for example, Enterprise Plus), you can only create reporting rules when you don't have sufficient administrative privileges to create an activity rule for a given data source.
  • Super Admins have access to view and modify reporting rules created by delegated admins in their domain.
  • You can create reporting rules through all log-event data sources except for Gmail logs events.

For more details about reporting rules, see Create and manage reporting rules.

Access to activity rules

Activity rules are more advanced rules created by administrators from the security investigation tool or from the Rules page. With these rules, you can set up alerts and automate actions that happen in response to activity within your domain.

For more details about activity rules, see Create and manage activity rules.

Privileges needed for creating and viewing activity rules

To create or view activity rules, admins need the following privileges:

  • Services > Security Center > Activity Rules > View
  • Services > Security Center > Activity Rules > Manage

Admins can be assigned full access for creating activity rules for all data sources, or they can be assigned granular access for specific data sources. To set privileges for specific data sources, go to:

  • Services > Security Center > This user has full administrative rights for Security Center > Data source > View metadata and attributes

For more details about setting admin privileges for creating and viewing activity rules, go to Admin privileges for the investigation tool.

Google Workspace editions with access to activity rules

For details about which Google editions provide access to activity rules, see the table below.

Note:

  • Super Admins with premium editionssuch as Enterprise Plus have the ability to create and view activity rules, but are unable to create reporting rules. However, the same Super Admins have access to view and modify reporting rules created by delegated admins in their domain.
  • A delegated admin can create an activity rule for a given data source only if they have the necessary administrative privileges for that data source. A delegated admin with a premium edition (for example, Enterprise Plus) can only create reporting rules for a given data source when they don't have the required admin privileges for that data source.
  • You can't create activity rules based on live-state data sources such as Chrome browsers, Devices, Gmail messages, and Users. You can only create activity rules based on log-event data sources—for example, Gmail log events or Device log events.
Google Workspace edition Activity rule access
Enterprise Plus

Admins have access to activity rules for all log-event data sources for which they have the necessary admin privileges*

Education Plus Admins have access to activity rules for all log-event data sources for which they have the necessary admin privileges*

Cloud Identity Premium, Enterprise Standard 

Admins have access to activity rules for the following data sources if they have the necessary admin privileges*:

  • Chrome log events
  • Device log events
  • OAuth log events
  • Rules log events
  • User log events
  • Voice log events
Business Starter, Business Standard, Business Plus, Education Fundamentals, Education Standard, Enterprise Essentials No access to activity rules

* Access to a data source for creating activity rules depends on your Google Workspace editionand your administrative privileges for specific features in the Google Admin console.

Access to both reporting rules & activity rules

Some administrators can create and view both reporting rules and activity rules depending on the data source. For example, an admin with a Cloud Identity Premium license can create activity rules using some data sources, and reporting rules using other data sources.

For more details, see the above section: Google Workspace editions with access to activity rules.

Related articles

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
false
false
true
true
73010
false
false