Someone Changed My IAM Policy Without Telling Me. Audit Logs Told Me First. (opens in new tab)

Admin Activity Logs are on by default\. Data Access Logs are not\. Here is what that difference costs you\. Audit logs show what changed\. Data Access Logs show what was touched\. I was reviewing service account permissions on a Vertex AI project — routine, after the cleanup I described in a previous article — and found a role binding I had not created\. Someone had modified the IAM policy\. No ticket, no message, no explanation\. I opened Cloud Logging, searched Admin Activity logs, and foun...