Key concepts
-
Overview
Introduces basic concepts to help you understand Cloud IAM.
-
Understanding roles
Describes the predefined roles for Cloud IAM, and identifies the permissions in each role.
-
Understanding custom roles
Describes custom roles for Cloud IAM, which enable you to provide different sets of permissions than the predefined roles.
-
Service accounts
Explains how your applications can use service accounts to access your resources.
-
Understanding policies
Describes how Cloud IAM controls access to a resource by attaching a policy to that resource.
-
Conditions
Explains conditional, attribute-based access control for Google Cloud resources.
-
Enforce least privilege with recommendations
Describes the Cloud IAM recommender, which helps you ensure that members have only the permissions that they actually use.
Audit logging
Best practices
-
Using resource hierarchy for access control
Best practices to consider as you decide how to manage access to your resources.
-
Understanding service accounts
Best practices to take into account when using Cloud IAM service accounts.
-
Using Cloud IAM securely
Best practices for users who are proficient with Cloud IAM.
-
Cloud IAM roles for billing-related job functions
Cloud IAM roles for users who manage billing tasks.
-
Cloud IAM roles for networking-related job functions
Cloud IAM roles for users who manage networking tasks.
-
Cloud IAM roles for auditing-related job functions
Cloud IAM roles for users who manage auditing.