Cloud IAM

Cloud Identity and Access Management (IAM) provides granular access to specific Google Cloud resources with the principle of least privilege: users/applications have minimal permissions for their needs.

Use Cloud IAM to define: Who (Identity) has What access (role) to Which resource

  • Identity is a user, application or group
  • Role is a set of privileges that can be assigned to an identity
  • Resources include VMs, GKE clusters, Cloud Storage buckets, organisations, folders and projects

Resource hiearchy and organisation

Role based access control