I tried but could not figure out that how to find out who added a user or modified IAM roles of a specific user in GCP.
is anyone aware of any method?
Asked
Active
Viewed 953 times
1 Answers
2
You can see this information through Logs Viewer please check the following URL for Logs Viewer query interfaces where you can find more information
And for this specific event you can use the following query to search it in your project:
- Go to Logs Viewer
- Select a Google Cloud project.
- Use the advanced query interface:
- Paste the following query:
protoPayload.authorizationInfo.permission="resourcemanager.projects.setIamPolicy"
protoPayload.response.bindings.members="user:emailuser@gmail.com"
Change the emailuser@gmail.com for the user you are looking for.
- Click on the start button.
And you will see something like:
On View Options you can click on Expand All for more information:
Also you can see those events on the Activity tab
I hope this information would be useful to you
Jose Luis Delgadillo
- 494
- 2
- 10
-
Thank you for putting your effort and placing the required information in such a simple format. – d.s Sep 16 '20 at 05:33
-
@d.s I'm happy to help, if you find my answer useful, please consider upvoting/accepting it, thank you! – Jose Luis Delgadillo Sep 16 '20 at 13:07
-
I tired to vote but got the below message: Thanks for the feedback! Votes cast by those with less than 15 reputation are recorded, but do not change the publicly displayed post score. – d.s Sep 17 '20 at 10:40
-
@d.s Did you tried to accept the answer? does it send you a similar message? – Jose Luis Delgadillo Sep 17 '20 at 13:27
-
Voted / Accepted your answer. Thanks. – d.s Oct 13 '20 at 06:54