Stay organized with collections
Save and categorize content based on your preferences.
Sensitive actions can have a negative effect on your business if they are taken
maliciously or in error.
Investigate the activity
Consider reaching out to the owner of the user account that performed the action
to make sure that the owner took the action themselves and that the action was
intentional.
You can use Cloud Logging to view other actions taken by the same user
account. For example, the following query searches for Admin Activity Audit Logs
that mention user@domain.com:
logName:cloudaudit.googleapis.com%2Factivity AND "user@domain.com"
By default, you can view Admin Activity Audit Logs in only a single project,
folder, or organization at a time. To aggregate logs across your organization,
see
Aggregate and store your organization's logs.
Respond to an unrecognized activity
If you determine that the action was not legitimate, it is possible that the
acting user account is compromised.
If you use Google Workspace as your
identity provider, your Google Workspace administrator can take steps
to secure the account.
If you use a third-party identity provider, check their documentation for what
steps you can take.
Consider taking steps to undo the action. For example, if a sensitive role was
unintentionally granted at the organization level, you should remove this
role.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Respond to Sensitive Actions notifications\n\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nSensitive actions can have a negative effect on your business if they are taken\nmaliciously or in error.\n\nInvestigate the activity\n------------------------\n\nConsider reaching out to the owner of the user account that performed the action\nto make sure that the owner took the action themselves and that the action was\nintentional.\n\nYou can use Cloud Logging to view other actions taken by the same user\naccount. For example, the following query searches for Admin Activity Audit Logs\nthat mention `user@domain.com`: \n\n logName:cloudaudit.googleapis.com%2Factivity AND \"user@domain.com\"\n\nBy default, you can view Admin Activity Audit Logs in only a single project,\nfolder, or organization at a time. To aggregate logs across your organization,\nsee\n[Aggregate and store your organization's logs](/logging/docs/central-log-storage).\n\nRespond to an unrecognized activity\n-----------------------------------\n\nIf you determine that the action was not legitimate, it is possible that the\nacting user account is compromised.\n\n- If you use Google Workspace as your identity provider, your Google Workspace administrator can take steps to [secure the account](https://support.google.com/a/answer/2984349).\n- If you use a third-party identity provider, check their documentation for what steps you can take.\n- Consider taking steps to undo the action. For example, if a sensitive role was unintentionally granted at the organization level, you should remove this role.\n\nWhat's next\n-----------\n\n- Learn about [Sensitive Actions logs](/advisory-notifications/docs/sensitive-actions-logs).\n- Learn how to [opt in to or out of notifications](/advisory-notifications/docs/opt-in-out-notifications)."]]
