What is Cloud IAM in GCP?

Q: What is Cloud IAM in GCP?

Cloud IAM (Identity and Access Management) in GCP controls who can do what on which resources. The core model: Principal (who): Google account, service account, Google group, Cloud Identity domain. Role (what): a collection of permissions. Roles are: Primitive (Owner, Editor, Viewer — broad, legacy), Predefined (specific: roles/storage.objectViewer), or Custom (create your own). Policy: a binding of principal to role on a resource. Policies are inherited down the resource hierarchy (Organizati

Answer

Cloud IAM (Identity and Access Management) in GCP controls who can do what on which resources. The core model: Principal (who): Google account, service account, Google group, Cloud Identity domain. Role (what): a collection of permissions. Roles are: Primitive (Owner, Editor, Viewer — broad, legacy), Predefined (specific: roles/storage.objectViewer), or Custom (create your own). Policy: a binding of principal to role on a resource. Policies are inherited down the resource hierarchy (Organization → Folder → Project → Resource). Service Accounts: identities for workloads/VMs to access GCP APIs. IAM is deny-by-default — permissions must be explicitly granted. Use predefined roles and least-privilege principle.

What is BigQuery?

What is Google Cloud SQL?

More Google Cloud Platform (GCP) Questions

View all →

All Google Cloud Platform (GCP) Questions Browse All Topics