Viewing notifications

Before you begin

Ensure that you have the required roles

To view Advisory Notifications in the Google Cloud console, each user must be granted a role that contains the following Identity and Access Management (IAM) permissions. These permissions are included in the Advisory Notifications Viewer (roles/advisorynotifications.viewer) IAM role.

• advisorynotifications.notifications.get
• advisorynotifications.notifications.list
• resourcemanager.organizations.get, if you need to view notifications for your organization
• resourcemanager.projects.get, if you need to view notifications for your project

Required roles for organizations

If you have an organization resource, you receive notifications through your organization.

Make sure that you have the following role or roles on the organization: Advisory Notifications Viewer

Check for the roles

1. In the Google Cloud console, go to the IAM page.

   Go to IAM
2. Select the organization.

3. In the Principal column, find the row that has your email address.

   If your email address isn't in that column, then you do not have any roles.

4. In the Role column for the row with your email address, check whether the list of roles includes the required roles.

Grant the roles

1. In the Google Cloud console, go to the IAM page.

   Go to IAM
2. Select the organization.
3. Click person_add Grant access.
4. In the New principals field, enter your email address.
5. In the Select a role list, select a role.
6. To grant additional roles, click add Add another role and add each additional role.
7. Click Save.

Required roles for projects without an organization

If you don't have an organization resource, you receive notifications through your project.

Make sure that you have the following role or roles on the project: Advisory Notifications Viewer

Check for the roles

1. In the Google Cloud console, go to the IAM page.

   Go to IAM
2. Select the project.

3. In the Principal column, find the row that has your email address.

   If your email address isn't in that column, then you do not have any roles.

4. In the Role column for the row with your email address, check whether the list of roles includes the required roles.

Grant the roles

1. In the Google Cloud console, go to the IAM page.

   Go to IAM
2. Select the project.
3. Click person_add Grant access.
4. In the New principals field, enter your email address.
5. In the Select a role list, select a role.
6. To grant additional roles, click add Add another role and add each additional role.
7. Click Save.

Permission assistance in the Google Cloud console

It's possible for a user to receive notification emails from Advisory Notifications but also be unable to view them in the Google Cloud console. If you observe this, it can be because users don't have sufficient permissions as described in the previous section.

To help users receive access, Advisory Notifications provides recipients of each notification email a two-week voucher to request permissions from a highly privileged grantor by using the following instructions:

1. Click View notification details in the Advisory Notifications email you received.
2. Optional: If you don't have the required permissions to view the notification, click Request access to gain those permissions. Clicking this button automatically contacts one of your highly-privileged organization administrators and informs them that they need to grant you the required permissions.
3. After the administrator has granted you the required permissions, you can view the current and future notifications. You receive an email when the administrator grants you the required permissions.