Disable Cloud Logging for the Cloud Healthcare API
Stay organized with collections
Save and categorize content based on your preferences.
Overview
This guide explains how to set a constraint (constraints/gcp.disableCloudLogging)
that disables
Cloud Logging for the Cloud Healthcare API at the level of an organization,
a project, or a folder.
The constraint does not affect Cloud Audit Logs. Logs that are
generated before the constraint takes effect are not deleted and can
be accessed after the constraint takes effect.
Disabling Cloud Logging for the Cloud Healthcare API
To disable Cloud Logging for the Cloud Healthcare API, you must have the
Organization Administrator (roles/resourcemanager.organizationAdmin)
role. This role can only be granted
at the Organization level. You must have the Organization Policy Administrator
(roles/orgpolicy.policyAdminrole) to set or change organization policies.
Console
To disable Cloud Logging for the Cloud Healthcare API:
Sign in to the Google Cloud console as a Google Workspace or Cloud Identity
super administrator and go to the Organization policies page:
Click Select, and then select the project, folder, or organization
for which you want to view organization policies. The
Organization policies page displays a filterable list of organization
policy constraints that are available.
In the list of policies that appears, select
Disable Cloud Logging for Cloud Healthcare API. The
Disable Cloud Logging for Cloud Healthcare API policy uses the
constraints/gcp.disableCloudLogging ID. The Policy details page
that appears describes the constraint and provides information about how
the constraint is applied.
To update the organization policy, click Manage policy.
On the Edit policy page, select Override parent's policy.
Click Add a rule.
Under Enforcement, select an enforcement option:
To enable the constraint and disable Cloud Logging for the
Cloud Healthcare API, select On.
To disable the constraint and enable Cloud Logging for the
Cloud Healthcare API, select Off.
To enforce the policy, click Set policy.
gcloud
Get the current policy on the organization resource using the describe
command:
Replace the
ORGANIZATION_ID:
with the unique identifier for the organization resource. You can also
apply the organization policy to a folder or a project with the --folder
or the --project flags, and the
folder ID
and
project ID,
respectively.
Because a policy isn't set, this returns a NOT_FOUND error:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Disable Cloud Logging for the Cloud Healthcare API\n\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nOverview\n--------\n\nThis guide explains how to set a constraint (`constraints/gcp.disableCloudLogging`)\nthat disables\nCloud Logging for the Cloud Healthcare API at the level of an organization,\na project, or a folder.\nThe constraint does not affect Cloud Audit Logs. Logs that are\ngenerated before the constraint takes effect are not deleted and can\nbe accessed after the constraint takes effect.\n| **Note:** The constraint is only supported in the Cloud Healthcare API.\n\nDisabling Cloud Logging for the Cloud Healthcare API\n----------------------------------------------------\n\nTo disable Cloud Logging for the Cloud Healthcare API, you must have the\n[Organization Administrator](/resource-manager/docs/creating-managing-organization#adding_an_organization_admin) (`roles/resourcemanager.organizationAdmin`)\nrole. This role can only be granted\nat the Organization level. You must have the **Organization Policy Administrator**\n(`roles/orgpolicy.policyAdminrole`) to set or change organization policies. \n\n### Console\n\nTo disable Cloud Logging for the Cloud Healthcare API:\n\n1. Sign in to the Google Cloud console as a Google Workspace or Cloud Identity\n super administrator and go to the **Organization policies** page:\n\n [Go to Organization policies](https://console.cloud.google.com/iam-admin/orgpolicies)\n2. Click **Select** , and then select the project, folder, or organization\n for which you want to view organization policies. The\n **Organization policies** page displays a filterable list of organization\n policy constraints that are available.\n\n3. In the list of policies that appears, select\n **Disable Cloud Logging for Cloud Healthcare API** . The\n **Disable Cloud Logging for Cloud Healthcare API** policy uses the\n `constraints/gcp.disableCloudLogging` ID. The **Policy details** page\n that appears describes the constraint and provides information about how\n the constraint is applied.\n\n4. To update the organization policy, click **Manage policy**.\n\n5. On the **Edit policy** page, select **Override parent's policy**.\n\n6. Click **Add a rule**.\n\n7. Under **Enforcement**, select an enforcement option:\n\n - To enable the constraint and disable Cloud Logging for the Cloud Healthcare API, select **On**.\n - To disable the constraint and enable Cloud Logging for the Cloud Healthcare API, select **Off**.\n8. To enforce the policy, click **Set policy**.\n\n### gcloud\n\n1. Get the current policy on the organization resource using the `describe`\n command:\n\n gcloud org-policies describe gcp.disableCloudLogging \\\n --organization=\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e\n\n Replace the\n [\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e](/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id):\n with the unique identifier for the organization resource. You can also\n apply the organization policy to a folder or a project with the `--folder`\n or the `--project` flags, and the\n [folder ID](/resource-manager/docs/creating-managing-folders#configuring_access_to_folders)\n and\n [project ID](/resource-manager/docs/creating-managing-projects#identifying_projects),\n respectively.\n\n Because a policy isn't set, this returns a `NOT_FOUND` error: \n\n ERROR: (gcloud.org-policies.describe) NOT_FOUND: Requested entity was not found.\n\n2. Set the policy on the organization using the `set-policy` command.\n\n 1. Create a temporary file `/tmp/policy.yaml` to store the policy:\n\n name: organizations/\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e/policies/gcp.disableCloudLogging\n spec:\n rules:\n - enforce: true\n\n 2. Run the `set-policy` command:\n\n gcloud org-policies set-policy /tmp/policy.yaml\n\n3. View the current effective policy using the `describe --effective` command:\n\n gcloud org-policies describe \\\n gcp.disableCloudLogging --effective \\\n --organization=\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e\n\n After running the command, the following output displays: \n\n name: organizations/\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e/policies/gcp.disableCloudLogging\n spec:\n rules:\n - enforce: true\n\nWhat's next\n-----------\n\nSee [Using constraints](/resource-manager/docs/organization-policy/using-constraints)\nfor more information on creating an organization policy with a particular constraint."]]
