Consolidated Google Groups audit logs now available in G Suite and GCP

What’s changing

Consolidated Google Groups audit logs are now available in the G Suite AdminSDK Reports API and GCP Cloud Audit Logs. Specifically you’ll notice:

  • Changes in the G Suite AdminSDK Reports API: Google is introducing a new consolidated log named groups_enterprise, which includes changes to groups and group memberships across all products and APIs. These were previously split across the groups and admin audit logs.
  • Changes in GCP Cloud Audit Logging: Google is adding Google Groups information to Cloud Audit Logs (CAL) in Stackdriver. See our Cloud Blog post for more details on how this could help GCP customers. Note that this will not change visibility of these logs in the G Suite Admin console – it just adds them to Cloud Audit Logs (CAL) in Stackdriver as well.

Who’s impacted

G Suite and GCP Admins only

Why you’d use it

These changes will help improve the security and usability of Groups as an IAM tool by streamlining administration, transparency, and access monitoring.

How to get started

  • Admins:
    • Changes in the G Suite AdminSDK Reports API: Get started with the AdminSDK Reports API.
    • Changes in GCP Cloud Audit Logging: This is an opt-in feature that can be enabled at G Suite Admin console > Company profile > Legal & Compliance > Sharing options. 
  • End users: No action needed.

Additional details

Changes in the G Suite AdminSDK Reports API 
Changes to groups have historically been logged in either the groups or admin audit logs. Changes made in the Google Groups product are logged in the groups log while changes made through admin tools like the Admin console, AdminSDK, and GCDS are logged in the admin log. As part of our efforts to streamline administration and increase transparency, we’re introducing a new consolidated log named groups_enterprise, which includes changes to groups and group memberships across all products and APIs. This new log is now available through the AdminSDK Reports API and will be available in the Admin console in the future.

Changes in GCP Cloud Audit Logging 
Google Groups are the recommended way to grant access to GCP resources when using IAM policies. GCP customers have told us that having group audit logs available in Google Cloud Audit Logs would help streamline security and access monitoring. With that in mind, they’re adding Google Groups information to Cloud Audit Logs (CAL) in Stackdriver. See Google’s Cloud Blog post for more details on how this can help GCP customers.

Comments

comments