Secure your Business with Google Cloud IAM

An enterprise IT team can include a huge number of resources and services under one project or multiple projects which are usually accessed by multiple users in the GCP environment, but all of that would crumble if not managed efficiently.

Cloud Identity and Access Management (IAM) on Google cloud can help you manage those resources by specifying who can do what to which resource by assigning roles and permissions.

Implementing Cloud IAM is a continuous, multi-step process. Firstly, configure your users and groups. Then, determine whether to define functional roles—and skillfully map them to your users. You also need to determine whether the pre-defined roles offered by Cloud IAM meet your organization’s needs, and if not, create custom roles as required.  

The assigning of definite roles will be in the following hierarchy:

Identities: Refers to humans, group of humans or programs.

RBC: Role-Based Access Control, where permissions are assigned to roles, and users are then assigned to the specific roles.

ACL: Where permissions are directly granted to users.

In case you are new to cloud IAM, Click here for IAM documentation to get access and understand better.

Understanding the Hierarchy:

Roles and permission creation concept will be totally clear if you understand the Business Hierarchy levels from Organization to different departments i.e Folders to different Projects used by different professionals to the Resources used on GCP.

Thus accordingly, if you set a policy at the Organizational level, all its child folders (departments) and projects inherit that policy. Similarly, if you set a policy at the Project level, its child resources inherit that policy as well. Likewise, the policy for a resource is the union of the policies assigned on the resource as well as all of the policies it inherits from its preceding levels.

Define Custom Roles:

While planning your IAM implementation, you can just easily assign predefined roles to the users from the GCP IAM policy panel. There are different work-based roles already provided in the console for each resource.

Now, If the predefined IAM roles do not meet your security and work hierarchy needs, you can just easily create a custom role with one or more permissions. While creating a custom role, we recommend starting from an existing predefined role and addition to or removal of permissions from it, rather than starting from a fresh creation of permissions and roles.

Finally, you need to define a Cloud IAM policy for granting specific roles to the concerned users, who basically carry the set of policies to define the kind of access provided.

For example, a specific user can be the owner, viewer, editor, etc for a specific project containing several resources, even the access can be specific to the differential resources used within a project.

Please feel free to reach Infiflex Technologies at 033 6643 7777 for technical support. 

Summary: (do include this in the article)

Cloud Identity and Access Management (IAM) on Google cloud can help you manage those resources by specifying who can do what to which resource by assigning roles and permissions.

Implementing Cloud IAM is a continuous, multi-step process. Firstly, configure your users and groups. Then, determine whether to define functional roles—and skillfully map them to your users. You also need to determine whether the pre-defined roles offered by Cloud IAM meet your organization’s needs, and if not, create custom roles as required.