Is there a way to monitor access to the Firestore DB by users?
I'm wondering about this because, from my understanding, at least one user must be owner of a GCP project, therefore this means that a user has to have full access to the DB in the production environment.
Even if the project owner is a highly trusted person, I would like to be able to monitor reads of the DB by the user to ensure there is no unnecessary access.
I tried exploring Cloud Monitoring to do so, but was not able to find any solutions.
CodePudding user response:
You can monitor a user's activity(data read, write etc..) on Firestore by data access audit logs.
Firestore's data access audit log is not enabled by default, So go to IAM&Admin -> Audit logs.
Then you can enable firestore audit logs like the screenshot below.
After that audit logs can be seen at Cloud logging.