You can use Policy Analyzer for Identity and Access Management (IAM) policies to help you find out which principals have what access to which Google Cloud resources.
Policy Analyzer can help you answer questions like the following:
- Who can access this IAM service account?
- Who can read data in this BigQuery dataset that contains personally identifiable information (PII)?
- What roles and permissions does the
dev-testers
group have on any resource in this project? - What Compute Engine virtual machine (VM) instances can Tal delete in project A?
- Who can access this Cloud Storage bucket during specified working hours, based on the time zone for Berlin, Germany?
To learn about how Policy Analyzer works and how to use it, see Policy Analyzer for IAM policies in the Policy Intelligence documentation.