Google Cloud 系统专注于使用控制和监控来保护您的内容。您存储在 Google Cloud上的内容完全归您所有。Google 员工有时可能需要访问您的内容,但这些访问都有正当的业务理由。
Google 员工请求访问客户数据的原因
Google 员工请求访问客户数据的最常见原因是解决客户的支持服务工单。如果您创建客户支持请求,则 Google 员工可能需要请求访问您的数据。Access Transparency 让客户可以看到这些访问。无论组织是否启用了 Access Transparency,Google 都提供了各种控件来保护您的数据隐私。如需详细了解这些控制措施,请参阅 Google 基础架构安全设计概览。
什么是特权访问权限
Google 员工为履行合同服务的义务而访问您的数据的行为称为“特权访问”。系统会出于以下原因访问您在 Google Cloud 中的数据:
您正在访问自己的数据。
您使用的某项服务正在代表您访问数据。
如果 Google 员工被请求提供合同服务,则担任特权管理员的 Google 员工可以访问您的数据。
特权访问权限管理的基础原则
Google Cloud的特权访问管理策略会严格限制单个 Google 员工可以查看的您的数据以及可以对您的数据执行的操作。 Google Cloud的特权访问机制基于以下原则:
最小权限:默认情况下,系统会拒绝所有 Google 员工访问客户数据。授予访问权限时,授权只是暂时性的,并且提供的访问权限不得大于提供合同服务绝对需要的访问权限。
限制对数据的单人访问:任何单个 Google 员工想要在没有其他人陪同的情况下独自访问这些数据都应该极其困难。
所有访问都必须有正当理由:默认情况下,Google 员工无法访问客户数据。Google 员工只有在有效的业务理由存在的情况下,才能访问您的数据。Google 人员无法访问已关闭的理由或 Google 人员不是直接关联的协作者的客户数据。如需正当业务理由的列表,请参阅理由原因代码。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-18。"],[[["\u003cp\u003eGoogle personnel may require temporary access to customer content, but only with a valid business justification, such as resolving a customer support ticket.\u003c/p\u003e\n"],["\u003cp\u003ePrivileged access refers to Google personnel accessing customer data to fulfill a contracted service, which is strictly limited and managed.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud's privileged access management is based on principles such as least privilege, limiting singular access, requiring justification for all access, and employing monitoring and alerting.\u003c/p\u003e\n"],["\u003cp\u003eAccess to customer data is denied by default for Google personnel, and any granted access is temporary and no greater than what is absolutely necessary.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud undergoes third-party audits to ensure data protection practices align with their controls and commitments.\u003c/p\u003e\n"]]],[],null,["# Privileged access at Google Cloud\n=================================\n\nGoogle Cloud systems are built with a focus on protecting your content\nusing controls and monitoring. Your content stored on Google Cloud\ncompletely belongs to you. Occasionally, Google personnel might need to access\nyour content but these accesses are never without a valid business\njustification.\n\nWhy Google personnel request access to Customer Data\n----------------------------------------------------\n\nThe most common reason why Google personnel request access to\n[Customer Data](/terms/service-terms) is to resolve a customer support ticket.\nIf you create a customer support request, then a Google personnel might be\nrequired to request access to your data. Access Transparency exists to provide\ncustomers visibility into these accesses. Google provides various controls\nto support the private of your data, regardless of whether Access Transparency is\nenabled on an organization. For more information about these controls, see\n[Google infrastructure security design overview](/docs/security/infrastructure/design).\n\nWhat is privileged access\n-------------------------\n\nGoogle personnel's access to your data to fulfill an obligation of providing\na contracted service is called *privileged access*. Access to your data\nin Google Cloud is usually because of the following reasons:\n\n- You are accessing your own data.\n- A service you are using is accessing data on your behalf.\n\nWhen requested to provide a contracted service, Google personnel acting as a\nprivileged administrator can access your data.\n\nFoundational principles of privileged access management\n-------------------------------------------------------\n\nGoogle Cloud's privileged access management strategy strictly limits what a\nsingle Google staff member can view and do with your data. Google Cloud's\nprivileged access philosophy is based on the following principles:\n\n- **Least privilege**: Access to Customer Data is denied by default for all\n Google personnel. When access is granted, it is temporary and no greater than\n what is absolutely necessary to provide the contracted service.\n\n- **Limit singular access to data**: Singularly accessing Customer Data without\n another individual involved is extremely difficult for any and every\n Google personnel.\n\n- **All access must be justified** : By default, Google personnel don't have\n access to Customer Data. Google personnel can access your data only with an\n **active** , valid business justification. Google personnel can't access\n Customer Data for justifications that are closed or where the Google person is\n not a directly linked collaborator. For the list of valid business\n justifications, see [Justification reason codes](/assured-workloads/access-transparency/docs/reading-logs#justification-reason-codes).\n\n- **Monitor and alerting**: Monitoring and response processes exist to identify,\n triage, and remediate violations of these principles.\n\nFor more information about Google Cloud's privileged access philosophy, see\n[Privileged access in\nGoogle Cloud](/docs/security/privileged-access-management).\n\nGoogle Cloud products regularly undergo independent, third-party audits and\ncertifications to verify that their data protection practices match their\ncontrols and commitments. For more information about how Google Cloud products\nprovide customers with transparency and control over their content, see the\nwhitepaper on [Trusting your data with Google Cloud](https://services.google.com/fh/files/misc/072022_google_cloud_trust_whitepaper.pdf).\n\nWhat's next\n-----------\n\n- To know more about Google Cloud's commitment toward protecting the privacy\n of Customer Data, see\n [Google Cloud and common privacy principles](/privacy/common-privacy-principles).\n\n- To learn about the core principles upon which controls that prevent\n unauthorized administrative access are based, see\n [Overview of administrative access controls](/assured-workloads/cloud-provider-access-management/docs/administrative-access).\n\n- To see the list of business justifications for which Google personnel can\n request to access customer data, see\n [Justification reason codes](/assured-workloads/access-transparency/docs/reading-logs#justification-reason-codes)."]]