Overview

Who

  • Who is allowed access to resources
  • Principals / members:
    • Google accounts
    • Service accounts
    • Google Groups
    • Google Workspace accounts
    • Cloud Identity domains
    • All authenticated users
    • All users

Access

  • What access principals have
  • Roles:
    • Groups of permissions
    • Can’t assign individual permissions to principals—must assign a role
  • Security Admin Role—role which allows management of any IAM policy

Which

Roles

Primitive Roles

  • Original pre-IAM roles
  • Course-grained
  • Owner, Editor, Viewer

Predefined Roles

  • Predefined by Google
  • Granular
  • Target specific resources

Custom Roles

  • Unique set of permissions
  • Tailor permissions for principle of least privilege

Policies

Google Cloud IAM Policies

See Also


Graph View