Identity and Access Management

1. Identity and Access Management

So, what is Identity and Access Management? It's a way of identifying who can do what on which resource. The who can be a person, group, or application. The what refers to specific privileges or actions, and the resource could be any Google Cloud service. For example, I could give you the privilege or role of Compute Viewer. This provides you with read-only access to get and list Compute Engine resources, without being able to read the data stored on them. IAM is composed of different objects as shown on this slide. We are going to cover each of these in this module. To get a better understanding of where these fit in, let's look at IAM policies and the IAM resource hierarchy. Google Cloud resources are organized hierarchically, as shown in this tree structure. The organization node is the root node in this hierarchy, folders are the children of the organization. projects are the children of the folders, and the individual resources are the children of projects. Each resource has exactly one parent. The organization resource represents your company. IAM roles granted at this level are inherited by all resources under the organization. The folder resource could represent your department. IAM roles granted at this level are inherited by all resources that the folder contains. Projects represent a trust boundary within your company. Services within the same project have the same default level of trust.

2. Let's practice!

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.