Enable Augmented Administrative Access

This page describes how to enable Augmented Administrative Access for your Google Cloud organization, folder, or project. Enabling this feature provides more granular details in both Access Approval requests and Access Transparency logs for supported services and fields.

Before you begin

1. Ensure that your organization has been added to the allowlist for this feature.
2. Enable Access Transparency.
3. Enable Access Approval.

Required roles

To get the permission that you need to modifyAccess Approval settings, ask your administrator to grant you the Access Approval Config Editor (roles/accessapproval.configEditor) IAM role on your organization. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the accessapproval.settings.get permission, which is required to modifyAccess Approval settings.

You might also be able to get this permission with custom roles or other predefined roles.

Enable Augmented Administrative Access using the Google Cloud console

You can enable Augmented Administrative Access at the organization, folder, or project level in the Google Cloud console:

1. In the Google Cloud console, go to the Access Approval page.

   Go to Access Approval

2. Select the organization, folder, or project that you want to enable the feature on.

3. Click Manage Settings.

4. Locate the section for Augmented Administrative Access.

5. To turn on the setting, click the Augmented Administrative Access toggle.

6. Click Save.

What's next

• Learn about Augmented Administrative Access.