Review Access Transparency logs
Using G Suite audit logs, you can see a record of actions taken by your internal staff. Access Transparency logs provide information about actions of Google staff when they access your data.
In the G Suite Admin console, you can review the Access Transparency log report, which includes information about:
- The affected resource and action.
- The time of the action.
- The reason for the action (for example, the case number associated with a customer support request).
- Information about the Google staff member acting on the data (for example, office location).
Generate the Access Transparency log report
Open the Access Transparency log report
Customize or export the log report
To narrow the scope of the log data that’s displayed, on the left, select one or more filters (such as G Suite product or date range). If you don’t see the Filters section, at the top right, click Add a filter.
Change the type of data that’s displayed
To change the type of log data that’s displayed in the report (such as date or justification), at the top right, click Manage columns .
Export the log
To export the log data to a CSV file or Google Sheets, at the top right, click Download .
Understand the Access Transparency log report data
Log field descriptions
|Report field name||System field name||Description|
|Date||items:id:time||Time the log was written.|
|Log ID||items:events:parameters:LOG_ID||Unique log ID.|
|G Suite Product||items:events:parameters:GSUITE_PRODUCT_NAME||Customer’s G Suite product that was accessed. Upper case required. Can be:
|Actor Home Office||items:events:parameters:ACTOR_HOME_OFFICE||
ISO 3166-1 alpha-2 country code in which the accessor has a permanent desk:
Access justifications, such as “Customer Initiated Support - Case Number: 12345678”.
|Resource Name||items:events:parameters:RESOURCE_NAME||Name of the resource that was accessed.|
|Owner Email||items:events:parameters:OWNER_EMAIL||The email ID or team identifier of the customer who owns the resource.|
|CUSTOMER_INTIATED_SUPPORT||Customer-Initiated support, such as a case number|
|GOOGLE_INITIATED_REVIEW||Google-initiated access for security, fraud, abuse, or compliance purposes, including:
|GOOGLE_INITIATED_SERVICE||Google-initiated access to perform system management and troubleshooting, including:
|THIRD_PARTY_DATA_REQUEST||Google accesses customer data to respond to a legal request or legal process. This includes when we respond to legal process from the customer that requires that we access the customer's own data.
In this case, Access Transparency logs might not be available if Google can’t legally inform you of such a request or process.
Integrate Access Transparency log data with third-party tools
You can use the Reports API to integrate Access Transparency logs with your existing security information and event management (SIEM) tools. For more information, refer to Access Transparency Activity Events.
Make an inquiry on a log entry
To request an access investigation on a particular Access Transparency log entry:
- Note the Log ID of the entry you want to research.
From the Admin console Home page, go to Support.
To see Support, you might have to click More controls at the bottom.
- Click Contact Support.
- Provide this information to Support:
- Log ID of the entry in question
- Note that the inquiry is for Access Transparency
- Ask for more details on the activity