Using the resource hierarchy to control access
1. Using the resource hierarchy to control access
One important cloud computing consideration involves controlling access to resources. With on-premises infrastructure, physical access controls were used. This method, however, is not as effective with resources stored in the cloud. The Google Cloud resource hierarchy is a powerful tool that can be used to control access to cloud resources. Much like the folder structure you use to organize and control access to your own files, this resource hierarchy is a tree-like structure that organizes resources into logical groups. This makes it easier to manage resources and control. Google Cloud’s resource hierarchy contains four levels, and starting from the bottom up they are: resources, projects, folders, and an organization node. The first level, resources, represent virtual machines, Cloud Storage buckets, tables in BigQuery, or anything else in Google Cloud. Resources are organized into projects, which sit on the second level. Projects can be organized into folders, or even subfolders. These sit at the third level. And then at the top level is an organization node, which encompasses all the projects, folders, and resources in your organization. It’s important to understand this resource hierarchy because it directly relates to how policies are managed and applied when you use Google Cloud. A policy is a set of rules that define who can access a resource and what they can do with it. Policies can be defined at the project, folder, and organization node levels. Some Google Cloud services can also apply policies to individual resources. The third level of the Google Cloud resource hierarchy is folders. Folders let you assign policies to resources at the level of granularity that you choose. The resources in a folder inherit policies and permissions assigned to that folder. A folder can contain projects, other folders, or a combination of both. Now that you understand the structure of the Google Cloud resource hierarchy, let’s explore some additional benefits of using it to control access to cloud resources. First, the resource hierarchy provides granular access control, meaning you can assign roles and permissions at different levels of the hierarchy, such as at the folder, project, or individual resource level. Second, because the resource hierarchy follows inheritance and propagation rules, permissions set at higher levels of the resource hierarchy are automatically inherited by lower-level resources. For example, if you grant a user access at the folder level, all projects and resources within that folder inherit those permissions by default. This inheritance simplifies access management and reduces the need for manual configuration at each individual resource level. Third, the resource hierarchy enhances security and compliance through least privilege principles. By assigning access permissions at the appropriate level in the hierarchy, you can ensure that users only have the necessary privileges to perform their tasks. This reduces the risk of unauthorized access and helps maintain regulatory compliance. Finally, the resource hierarchy provides strong visibility and auditing capabilities. You can track access permissions and changes across different levels of the hierarchy, which makes it easier to monitor and review access controls. This improves accountability and helps identify and address potential security issues.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.