Overview of Security and Privacy Advisory notifications
Stay organized with collections
Save and categorize content based on your preferences.
The Advisory Notifications service uses Security and Privacy Advisory
notifications to inform you of critical security and privacy events.
Who receives Security and Privacy Advisory notifications
Advisory Notifications contacts different users depending on whether the notification is sent to an organization or project.
Organization contacts
Advisory Notifications integrates with
Essential Contacts to identify which users should receive
notifications. Essential Contacts lets you control who receives
notifications by providing a list of contacts. Security and privacy advisory notifications
are sent to contacts in the Security and All categories at the
organization level. For more information, see
Managing contacts for notifications.
If Essential Contacts hasn't been configured,
Advisory Notifications sends notifications to the default
contacts, which are determined by Identity and Access Management roles.
If one or more users have been granted the Organization Administrator role (roles/resourcemanager.organizationAdmin) on the organization,
only they are contacted. If no users have been granted the Organization
Administrator role, then Advisory Notifications moves on to the
next role in the hierarchy and determines if one or more users have been granted
the Owner basic role (roles/owner) on any project owned by the organization. If
any are found, only they are contacted. Finally, if no users have been granted
the Organization Administrator or Project Owner role,
Advisory Notifications contacts any users who have been granted
the Billing Account Administrator role (roles/billing.admin) on any billing account owned by the
organization.
Project contacts
When a notification is sent to a project, Advisory Notifications contacts Identity and Access Management roles in the following order. If one or more users have been granted
the Owner basic role (roles/owner) on the project, only they are contacted. Otherwise, if no users have been granted
the Project Owner role,
Advisory Notifications contacts any users who have been granted
the Billing Account Administrator role (roles/billing.admin) on the billing account associated with the
project, if it exists.
Opting out
Security and Privacy Advisory notifications are mandatory. You cannot opt
out of receiving these notifications.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Advisory Notifications service delivers critical security and privacy alerts to users.\u003c/p\u003e\n"],["\u003cp\u003eNotification recipients are determined by whether the alert is for an organization or a specific project.\u003c/p\u003e\n"],["\u003cp\u003eFor organizations, notifications are sent to users listed in Essential Contacts under the Security and All categories, or to default contacts based on Identity and Access Management roles, starting with Organization Administrator and then Project Owner, then Billing Account Administrator if the two first options are not relevant.\u003c/p\u003e\n"],["\u003cp\u003eFor projects, notifications go to users with the Project Owner role, or to Billing Account Administrators if no Project Owners are present.\u003c/p\u003e\n"],["\u003cp\u003eReceiving Security and Privacy Advisory notifications is mandatory, with no option to opt out.\u003c/p\u003e\n"]]],[],null,["# Overview of Security and Privacy Advisory notifications\n\nThe Advisory Notifications service uses Security and Privacy Advisory\nnotifications to inform you of critical security and privacy events.\n\nWho receives Security and Privacy Advisory notifications\n--------------------------------------------------------\n\nAdvisory Notifications contacts different users depending on whether the notification is sent to an organization or project.\n\n### Organization contacts\n\nAdvisory Notifications integrates with\nEssential Contacts to identify which users should receive\nnotifications. Essential Contacts lets you control who receives\nnotifications by providing a list of contacts. Security and privacy advisory notifications\nare sent to contacts in the **Security** and **All** categories at the\n**organization level** . For more information, see\n[Managing contacts for notifications](/resource-manager/docs/managing-notification-contacts).\n\nIf Essential Contacts hasn't been configured,\nAdvisory Notifications sends notifications to the default\ncontacts, which are determined by Identity and Access Management roles.\n\nIf one or more users have been granted the **Organization Administrator** role (`roles/resourcemanager.organizationAdmin`) on the organization,\nonly they are contacted. If no users have been granted the **Organization\nAdministrator** role, then Advisory Notifications moves on to the\nnext role in the hierarchy and determines if one or more users have been granted\nthe **Owner** basic role (`roles/owner`) on any project owned by the organization. If\nany are found, only they are contacted. Finally, if no users have been granted\nthe **Organization Administrator** or **Project Owner** role,\nAdvisory Notifications contacts any users who have been granted\nthe **Billing Account Administrator** role (`roles/billing.admin`) on any billing account owned by the\norganization.\n\n### Project contacts\n\nWhen a notification is sent to a project, Advisory Notifications contacts Identity and Access Management roles in the following order. If one or more users have been granted\nthe **Owner** basic role (`roles/owner`) on the project, only they are contacted. Otherwise, if no users have been granted\nthe **Project Owner** role,\nAdvisory Notifications contacts any users who have been granted\nthe **Billing Account Administrator** role (`roles/billing.admin`) on the billing account associated with the\nproject, if it exists.\n\nOpting out\n----------\n\nSecurity and Privacy Advisory notifications are mandatory. You cannot opt\nout of receiving these notifications.\n\nWhat's next\n-----------\n\n- Learn about [Sensitive Actions](/advisory-notifications/docs/sensitive-actions-overview) notifications.\n- Learn how to [view notifications](/advisory-notifications/docs/quickstart)."]]
