GCP is not able to identify when "Caller identities" are part of an Organization. [254306923]

Assigned

Feature Request

Status Update

No update yet.

Description

li...@google.com

created issue #1

Oct 18, 2022 07:10PM

Problem you have encountered: "GCP should be able to determine if Caller identities are in the same organization as the resource being accessed"

Currenlty is not able to do it. So in the Policy Denied audit logs users that are part of an organziation are partially redacted and replaced by three period characters. This shouldn't be happening.

What you expected to happen: "When a Caller identities is part of the Organization and is accessing a resource in the same organization, then Cloud Logging should not partially redact the user in Audit Logs"

Other information (workarounds you have tried, documentation consulted, etc): Users have reported this behaviour to the support team but they have confirmed that the Cloud Logging team is working on this. Actually, the documentation states: "Parts of the caller email addresses might be redacted and replaced by three period characters"

Comments

ge...@its.ny.gov <ge...@its.ny.gov> #2Oct 20, 2022 12:58PM

I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.

Best Regards,
Josh Moyer
Google Cloud Platform Support

Issue 254306923

Description

Issue summary

Comments

ge...@its.ny.gov <ge...@its.ny.gov> #2Oct 20, 2022 12:58PM

Add comment

Issue metadata