Access Transparency logs

This feature is only available with G Suite Enterprise and G Suite Enterprise for Education.

Using G Suite audit logs, you can see a record of actions taken by your internal staff. Access Transparency logs provide information about actions of Google staff when they access your data.

In the G Suite Admin console, you can review the Access Transparency log report, which includes information about:

  • The affected resource and action
  • The time of the action
  • The reason for the action (for example, the case number associated with a customer support request)
  • Information about the Google staff member acting on the data (for example, office location)

For more information about Access Transparency, see Access Transparency: View logs on Google access to user content.

Generate the Access Transparency log report

Open the Access Transparency log report

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Reports.
  3. (Optional) To customize what you review, on the right, click Manage columns "", select the columns that you want to see or hide, and click Save.

Customize or export the log report

Narrow the scope of the data that’s displayed
To narrow the scope of the log data that’s displayed, on the left, select one or more filters (such as G Suite product or date range).

Change the type of data that’s displayed
To change the type of log data that’s displayed in the report (such as date or justification), at the top right, click Manage columns "".

Export the log
To export the log data to a CSV file or Google Sheets, at the top right, click Download "".

Understand the Access Transparency log report data

Log field descriptions

Report field name  System field name Description
Date items:id:time Time the log was written.
Log ID items:events:parameters:LOG_ID Unique log ID.
G Suite Product items:events:parameters:GSUITE_PRODUCT_NAME Customer’s G Suite product that was accessed. Upper case required. Can be:
Actor Home Office items:events:parameters:ACTOR_HOME_OFFICE

ISO 3166-1 alpha-2 country code in which the accessor has a permanent desk:

  • "??" if location isn’t available
  • 3-character continent identifier where Googler is in a low-population country (ASI, EUR, OCE, AFR, NAM, SAM, ANT).


Access justifications, such as “Customer Initiated Support - Case Number: 12345678”.

Tickets tickets Tickets associated with the justification, if any.
Resource Name items:events:parameters:RESOURCE_NAME Name of the resource that was accessed.
Owner Email items:events:parameters:OWNER_EMAIL The email ID or team identifier of the customer who owns the resource.

Justification reasons

Reason Description
CUSTOMER_INITIATED_SUPPORT Customer-Initiated support, such as a case number


Externally initiated abuse reviews are invoked by the content being flagged to Google for review.
  • Users can flag content as abuse of the Google Terms of Service.
  • As a G Suite Super Administrator, you can use the Security Investigation Tool to view details associated with a document—including the document title, owner, document type, and log events that have happened to it within the last 180 days:
  1. From the investigation tool, run a search using the Drive log events data source.
  2. Under Conditions, click Document ID.
  3. Copy the resource ID from the Access Transparency log, and paste it into the Document ID field in the investigation tool.
  4. Click SEARCH

    For more details and instructions, see Customize searches within the investigation tool.
GOOGLE_INITIATED_REVIEW Google-initiated access for security, fraud, abuse, or compliance purposes, including:
  • Ensuring the safety and security of customer accounts and data
  • Confirming whether data is affected by an event that might impact account security (such as malware infections)
  • Confirming whether the customer is using Google services in compliance with Google Terms of Service
  • Investigating complaints by other users and customers, or other signals of abusive activity
  • Checking that Google services are being used consistently with relevant compliance regimes (such as anti-money laundering regulations)
GOOGLE_INITIATED_SERVICE Google-initiated access to perform system management and troubleshooting, including:
  • Backup and recovery from outages and system failures
  • Investigation to confirm that the customer is not affected by suspected service issues
  • Remediation of technical issues, such as storage failure or data corruption
THIRD_PARTY_DATA_REQUEST Google accesses customer data to respond to a legal request or legal process. This includes when we respond to legal process from the customer that requires that we access the customer's own data.

In this case, Access Transparency logs might not be available if Google can’t legally inform you of such a request or process.

Set up an Access Transparency alert

You can set up an email alert for one or more log filters, such as Owner Email and Actor Home Office. You can also enable an alert for all logs across all G Suite products that support Access Transparency.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Reports.
  3. On the left, under Audit, click Access Transparency.
  4. Click + Add Filter.
  5. Select one or more filters and click Apply.
  6. (Optional) To enable an alert for all logs across all supported G Suite products, select Event Name, then click Access below the search line. This creates a filter called Event Name: Access.
  7. Click Create Alert "", name your new alert, and enter the email IDs of any additional alert recipients.
  8. Click Create to complete the process.

Integrate Access Transparency log data with third-party tools

You can use the Reports API to integrate Access Transparency logs with your existing security information and event management (SIEM) tools. For more information, refer to Access Transparency Activity Events.

Make an inquiry on a log entry

To request an access investigation on a particular Access Transparency log entry:

  1. Note the Log ID of the entry you want to research.
  2. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  3. From the Admin console Home page, go to Support.
  4. Click Contact Support.
  5. Provide this information to Support:
    • Log ID of the entry in question
    • Note that the inquiry is for Access Transparency
    • Ask for more details on the activity

When and how long is data available?

See Data retention and lag times.

Related topics

Was this helpful?
How can we improve it?