Cloud Identity and Access Management (IAM) provides granular access to specific Google Cloud resources with the principle of least privilege: users/applications have minmal permissions for their needs.
Use Cloud IAM to define: Who (Identity) has What access (role) to Which resource
- Identity is a user, application or group
- Role is a set of privileges that can be assigned to an identity
- Resources include VMs, GKE clusters, Cloud Storage buckets, organisations, folders and projects