Archives for GCP IAM - Page 6
Custom IAM Roles in GCP
Also read - Roles, IAM in GCP and AWS Managed Policies for On Premises Work Functions and Base Roles for Developers in GCP Can Anyone Create Custom Roles? No. Only…
Google Accounts vs. Active Directory Users
This content is password protected. To view it please enter your password below: Password:
Programmatic Identities – AWS and GCP Compared
Where is the Calling Application? Before we get to the details about programmatic identities in GCP vs. AWS, it is good to first ask the question - where will my…
OAuth for Accessing GCP Resources
Also read - OAuth Overview - and OAuth Consent Screen. Also, remember that OAuth is for Authorization (to protected resources) and not so much for plain authentication. Authentication is more…
Service Account Roles in GCP – Permissions
Also read, Base Roles required for development teams in GCP When it comes to service accounts, there are a few granular options available in GCP IAM. Service Account Admin Role:…
Allowing access to a specific Cloud Storage Bucket
MEMBER_TYPE is the type of the member you are removing from the policy. For example, user. represents both Google accounts and Google groups. Two special member types are: allAuthenticatedUsers and allUsers MEMBER_NAME is the name of the…
GCP Applying Policies to Groups of Users
(Also read this post on using groups and policies in GCP). A group, in GCP, is no different from any other identity. In practice, it looks like an email address.…
Using Groups and Policies to Implement Granular Resource Access in GCP
Adding individual members to each role is painful. Cloud IAM Groups are used to apply policies (who accesses what) to an entire groups of users (see this post to understand what…
Types of Identity in GCP
An identity in GCP can be any one of the following. The most commonly used identities for HUMAN users are the first two - Google Accounts ( your gmail account)…
Policy Troubleshooter on GCP
Ever tried to create a GCP resource and encounter issues such as missing permissions? Essentially, the 'default application credentials' that your code (or that your IAM user) is using, is…