[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-11。"],[[["\u003cp\u003ePolicy Analyzer helps determine which principals have access to specific Google Cloud resources.\u003c/p\u003e\n"],["\u003cp\u003eIt can identify who can access IAM service accounts, read data in BigQuery datasets, or perform actions on Compute Engine VM instances.\u003c/p\u003e\n"],["\u003cp\u003ePolicy Analyzer can show the roles and permissions a group has on any resource within a project.\u003c/p\u003e\n"],["\u003cp\u003eYou can use it to find out who can access specific Cloud Storage bucket during set times in a particular time zone.\u003c/p\u003e\n"]]],[],null,["# Analyze access to resources\n\nYou can use Policy Analyzer for Identity and Access Management (IAM) policies to help you\nfind out which principals have what access to which Google Cloud resources.\n\nPolicy Analyzer can help you answer questions like the following:\n\n- Who can access this IAM service account?\n- Who can read data in this BigQuery dataset that contains personally identifiable information (PII)?\n- What roles and permissions does the `dev-testers` group have on any resource in this project?\n- What Compute Engine virtual machine (VM) instances can Tal delete in project A?\n- Who can access this Cloud Storage bucket during specified working hours, based on the time zone for Berlin, Germany?\n\nTo learn about how Policy Analyzer works and how to use it, see [Policy Analyzer\nfor IAM policies](/policy-intelligence/docs/policy-analyzer-overview) in the Policy Intelligence\ndocumentation."]]