Stay organized with collections
Save and categorize content based on your preferences.
Sensitive actions are always written to
Sensitive Actions Service platform logs.
Additionally, Google Cloud provides a summary of sensitive actions through
Advisory Notifications.
Links to view the first three individual actions of each type in the platform
logs are provided in the notification. You need an appropriate
Identity and Access Management role, such as
roles/logs.viewer, to be able to view Cloud Logging logs.
If there are more than three sensitive actions of a particular type, the
notification might also provide a link to view all actions in
Logging. However, this link is not provided in all cases. Some
sensitive actions, such as adding a project-level SSH key, can occur in several
different projects in your organization. In this case, Google can't provide you
with a single Logging link to view all the sensitive actions,
because Logging is always scoped to a particular resource
(project, folder, or organization).
View all Sensitive Actions logs in the organization
If you want to see all Sensitive Actions logs in your organization, you can
set up a Logging bucket to
aggregate these logs.
Use the following query to include all Sensitive Actions logs in the bucket:
logName:sensitiveaction.googleapis.com%2Faction
You can add additional terms if you only want certain types of Sensitive Actions
logs, such as AND "add_ssh_key".
Set up alerts for Sensitive Actions logs
If you want to get more frequent alerts about sensitive actions, you can
configure a log-based alert. For
example, use the following query to match all Sensitive Actions logs:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003ePre-GA features are subject to the "Pre-GA Offerings Terms," are provided "as is," and may have limited support.\u003c/p\u003e\n"],["\u003cp\u003eSensitive actions are always logged in the Sensitive Actions Service platform logs and summarized in Advisory Notifications by Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eAdvisory Notifications may provide links to view the first three sensitive actions in platform logs, requiring an appropriate Identity and Access Management role.\u003c/p\u003e\n"],["\u003cp\u003eTo view all Sensitive Actions logs in your organization, you can set up a Logging bucket using the provided query: \u003ccode\u003elogName:sensitiveaction.googleapis.com%2Faction\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou can configure log-based alerts to receive frequent notifications about sensitive actions using the query: \u003ccode\u003elogName:sensitiveaction.googleapis.com%2Faction\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Work with Sensitive Actions logs\n\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nSensitive actions are always written to\n[Sensitive Actions Service platform logs](/logging/docs/api/platform-logs#sensitive_actions_service).\nAdditionally, Google Cloud provides a summary of sensitive actions through\nAdvisory Notifications.\n\nLinks to view the first three individual actions of each type in the platform\nlogs are provided in the notification. You need an appropriate\n[Identity and Access Management role](/logging/docs/access-control#considerations), such as\n`roles/logs.viewer`, to be able to view Cloud Logging logs.\n\nIf there are more than three sensitive actions of a particular type, the\nnotification might also provide a link to view all actions in\nLogging. However, this link is not provided in all cases. Some\nsensitive actions, such as adding a project-level SSH key, can occur in several\ndifferent projects in your organization. In this case, Google can't provide you\nwith a single Logging link to view all the sensitive actions,\nbecause Logging is always scoped to a particular resource\n(project, folder, or organization).\n\nView all Sensitive Actions logs in the organization\n---------------------------------------------------\n\nIf you want to see all Sensitive Actions logs in your organization, you can\n[set up a Logging bucket](/logging/docs/central-log-storage) to\naggregate these logs.\n\nUse the following query to include all Sensitive Actions logs in the bucket: \n\n logName:sensitiveaction.googleapis.com%2Faction\n\nYou can add additional terms if you only want certain types of Sensitive Actions\nlogs, such as `AND \"add_ssh_key\"`.\n\nSet up alerts for Sensitive Actions logs\n----------------------------------------\n\nIf you want to get more frequent alerts about sensitive actions, you can\nconfigure a [log-based alert](/logging/docs/alerting/log-based-alerts). For\nexample, use the following query to match all Sensitive Actions logs: \n\n logName:sensitiveaction.googleapis.com%2Faction\n\nWhat's next\n-----------\n\n- Learn about [audit logging](/advisory-notifications/docs/audit-logging)."]]
