Google today began asking advertisers to write a justification before removing another user's access to a Google Ads account, a change that routes the request to a second administrator for approval and appears to leave accounts with only one admin without a clear way through the process. The addition was spotted by Arpan Banerjee, who posted a screenshot of the new interface on X, and was subsequently reported by Barry Schwartz at Search Engine Roundtable. The screenshot shows a "Removal of access request" dialog that asks the requesting admin to name the user whose access is being revoked, the ads account in question, and that user's current access level, alongside a free-text justification field with a note that the text "will be seen by approvers." The request, according to the interface text captured in Banerjee's post, expires in 20 days if no other administrator acts on it.

Banerjee described the change on X as a security measure. According to Banerjee, "Google Ads now asks for a justification when removing account access for added security." Schwartz, covering the discovery at Search Engine Roundtable, characterized it as a welcome addition, noting it could help in cases where an admin removes someone's access who arguably should have kept it.

The reaction that followed, however, turned quickly to a scenario the interface does not appear to address: what an admin does when there is no second admin available to approve anything at all.

A workflow with an unanswered edge case

Greg, a PPC professional posting under the handle @PPCGreg, replied to Banerjee's thread with a pointed observation. According to Greg, "it's cool except when there isn't a workflow for this situation." He linked to an earlier post of his own, from May 7, 2026, describing a related but distinct scenario inside Google Ads: a "Change access level request" dialog requiring the same kind of approval-by-a-second-admin structure, this time for upgrading a user's permissions rather than removing them.

That earlier post shows a Google Ads user attempting to change another user's access level from "Read only" to "Admin," with the interface again requiring sign-off from a separate administrator on the account before the change could take effect. Greg's caption on that post read, in his own words, "Big fan of this 'Needs Approval' ... but what happens when I'm the only admin on the account trying to add another admin? (my current situation...)" He tagged the account @adsliaison, a handle associated with Google's Ads Product Liaison team, directly in the post. That May post drew a reply from Melissa L Mackey, who wrote, "Wondered about this. Can easily happen and then what do you do?" The May 7 post has been viewed 300 times, according to the metrics visible on the platform, and drew one reply along with a small number of reactions.

Two months later, the same structural question resurfaced when Google extended a comparable approval requirement to account removal requests rather than access upgrades. Greg's reply to Banerjee's post, made at 2:24 PM on July 14, 2026, links the two episodes explicitly, framing them as the same unresolved problem appearing in a second part of the account management interface.

What the interface actually shows

The mechanics described in both screenshots are consistent with each other, even though they cover different actions. In the removal scenario Banerjee documented, a user requesting the removal of another person's access fills in a justification field before the request is sent onward. The dialog specifies that the goal is to keep the ads account secure, and that the request "need[s] to be approved by another admin" before it takes effect. Once submitted, the request carries a 20-day expiration window, after which, based on the interface text, the removal presumably lapses without ever being enacted if nobody with the authority to approve it responds in that period.

In the access-level scenario Greg documented in May, the same basic pattern applies to changing permissions rather than removing them outright. That dialog similarly required approval from another admin before an access-level change from Read only to Admin could be applied, and it likewise displayed a defined expiration window for the pending request.

Neither screenshot shows a fallback mechanism for accounts with a single administrator. Neither document shows Google offering an alternative approval path, an appeals process, or a way to designate emergency access when the two-admin structure the workflow assumes simply does not exist on a given account. The justification field itself is visible to whoever eventually reviews the request, according to the on-screen text in both dialogs, which read that the entered text "will be seen by approvers" - plural, again implying an assumption that more than one administrator is present and available to review submissions.

Why a two-person requirement creates a single point of failure

The structural issue Greg raised is not hypothetical for a meaningful share of Google Ads accounts. Small businesses, solo marketers, and independent consultants frequently manage Google Ads accounts with exactly one administrator, either because the account was set up by a single person who never added a second admin, or because a previous admin left the organization without transferring or duplicating their access. In either case, a workflow that requires a second admin's approval to remove or elevate access has no way to execute in single-admin accounts, unless Google provides an alternative route.

This is not an isolated design choice inside Google Ads. Comparable two-person approval structures already exist elsewhere in Google's advertising products. Google published a user access guide for Merchant Center for Agencies that similarly separates Admin and Standard user roles, with account linking and access requests routed through an approval step by an Admin-level user on the receiving account. That guide describes how a merchant's administrator must approve or reject incoming access requests from agencies, and how the maximum access level an agency user can hold is bounded by what the agency itself has been granted - a layered permission model built around the assumption that more than one person is available to make these decisions.

The same assumption underlies broader changes to how Google Ads treats sensitive account actions generally. Google Ads began requiring passkeys for sensitive actions from July 15, 2026, covering account linking updates and user access changes specifically - the same category of action now subject to the justification-and-approval requirement Banerjee documented. That passkey mandate followed a documented pattern of account hijacking and unauthorized access attempts across the Google Ads ecosystem throughout 2025 and into 2026, and it introduced a seven-day operational delay for certain sensitive actions specifically to prevent an attacker who has just gained access to an account from immediately locking out the legitimate owner by creating new credentials.

Security-motivated friction of this kind carries a trade-off that becomes visible only once a workflow reaches an account structure its designers did not fully anticipate. Adding a mandatory approval step reduces the risk that a single compromised or malicious actor can unilaterally strip another user of access. It does so, however, by making at least two administrators - one to request an action and one to approve it - a functional requirement for the workflow to complete at all. When only one admin exists on the account, the request has, based on the interface documented in both screenshots, nobody left to approve it before the 20-day window lapses.

A recurring pattern in Google Ads account governance

The justification requirement Banerjee documented fits inside a broader pattern PPC Land has tracked across account access, agency relationships, and account security inside Google Ads over the past two years. Google tightened rules for ad agencies managing client accounts in 2024, introducing penalties including loss of privileges and account suspension for third-party partners found enabling policy violations, with those rules taking effect in November 2024. The following year, Google began pausing ads for individual accounts linked to manager accounts found in violation of its third-party policy, a June 2025 change that made an individual advertiser's account status dependent on the compliance record of the manager account it happened to be linked to.

Account access control resurfaced again in February 2026, when a clause buried in the standard Google Ads support contact form drew attention for granting Google Ads specialists direct permission to make changes to an advertiser's account without a separate confirmation step once the advertiser checked a box on the form. That discussion, which circulated on LinkedIn after Adriaan Dekker shared a post from Arpan Banerjee - the same person who later documented the removal-approval workflow in July - centered on how consent for account changes gets captured, and how visible that consent mechanism actually is to advertisers filling out a support request during a moment when something has typically already gone wrong.

Two months after that, in April 2026, a coordinated fraud campaign targeting digital advertising agencies surfaced publicly after Pauline Jakober, founder of Group Twenty Seven, described how a scammer using a fabricated corporate inquiry nearly gained access to her agency's manager account. That case illustrated how the account-linking process itself, which grants an agency operational control once a client's account is connected, can become the entry point for fraud rather than a simple onboarding formality. Ginny Marvin, Google's Ads Product Liaison, responded directly in the discussion that followed.

Each of these developments points toward the same underlying tension: Google Ads accounts increasingly function as shared, multi-person environments with layered permissions, verification requirements, and approval chains, even though a substantial number of accounts on the platform continue to operate with a single person holding administrative control. The justification requirement documented this week extends that layered structure to one more category of action - removing access - without a visible answer for what happens when the layering assumption does not hold.

What remains unclear

Neither Banerjee's original post nor Schwartz's coverage at Search Engine Roundtable addressed what happens after the 20-day window expires on an unapproved request, whether Google offers a support pathway for single-admin accounts attempting to remove or add users, or whether the justification field serves any function beyond being visible to a future approver. Google has not published documentation describing the feature, based on the sources reviewed for this article, and the discovery appears to rest entirely on user-submitted screenshots rather than an official announcement or changelog entry.

Greg's July 14 reply linking his earlier May post suggests the underlying single-admin gap has now appeared in at least two separate corners of the Google Ads permissions system: one governing access-level changes, documented in May, and one governing access removal, documented in July. Whether Google addresses the gap with an alternative approval path, a support escalation process, or some other mechanism remains, as of this writing, unannounced.

Timeline

  • May 7, 2026 - Greg posts a screenshot of a Google Ads "Change access level request" dialog, noting the same admin-approval structure applied to upgrading a user's access level, and asking what happens when only one admin exists on an account.
  • July 14, 2026 - Arpan Banerjee posts a screenshot showing Google Ads now requires a written justification when a user requests the removal of another user's access, with the request routed to a second admin for approval and a 20-day expiration window.
  • July 14, 2026 - Barry Schwartz reports the discovery at Search Engine Roundtable.
  • July 14, 2026 - Greg replies to Banerjee's post, linking his earlier May 7 post and noting the same workflow gap recurs in the removal-access scenario.

Summary

Who: Google Ads, the platform team behind its account access and permissions workflow, alongside Arpan Banerjee and Barry Schwartz, who documented and reported the change, and Greg, a PPC professional who identified the underlying gap for single-admin accounts across two separate incidents.

What: Google Ads now requires a written justification when a user requests the removal of another user's access to an account, with the request routed to a second administrator for approval and set to expire after 20 days if unaddressed. The workflow mirrors an earlier access-level approval structure Greg documented in May 2026, and neither appears to include a fallback for accounts with only one administrator.

When: The removal-justification workflow was documented on July 14, 2026. The related access-level approval workflow was first documented on May 7, 2026.

Where: The change applies within the Google Ads account interface, specifically in the account access and user permissions section available to administrators.

Why: The addition is intended to add a layer of security against unilateral removal of user access, following a broader pattern of account-security measures Google has introduced across Google Ads over the past two years. The change also surfaces an unresolved structural question for the substantial number of Google Ads accounts operated by a single administrator, who would have no second admin available to approve a removal or access-level request under the workflow as documented.