Managing roles and permissions
-
Granting, changing, and revoking access
Grant, change, and revoke access to your resources using IAM.
-
Testing permissions
Test a member's permissions for a resource using IAM.
-
Viewing grantable roles for a resource
View the roles that you can grant for a particular resource using IAM.
-
Creating and managing custom roles
Create customized roles for use with IAM.
-
Maintaining custom roles with Deployment Manager
Configure and maintain custom roles with configuration files.
-
Troubleshooting access
Find out why a user has access to a resource or doesn't have permission to call an API.
-
Analyzing access
Analyze IAM policies to find out who has access to what.
-
Simulating policy changes
Simulate an Identity and Access Management (IAM) policy change, interpret the results, and apply the simulated policy.
Using service accounts
-
Creating and managing service accounts
Create and manage IAM service accounts.
-
Creating and managing service account keys
Create and manage keys for your IAM service accounts.
-
Creating short-lived service account credentials
Temporarily enable a service account to act as a different service account.
-
Managing service account impersonation
Control which members are able to impersonate your service accounts.
-
Migrating to the Service Account Credentials API
Migrate code that signs JSON Web Tokens (JWTs) and binary blobs to the Service Account Credentials API.
-
Monitoring usage for service accounts and keys
Use Cloud Monitoring to monitor the usage of service accounts and service account keys.
Using workload identity federation
-
Accessing resources from AWS
Access Google Cloud resources from Amazon Web Services (AWS) using identity federation.
-
Accessing resources from Microsoft Azure
Access Google Cloud resources from Microsoft Azure using identity federation.
-
Accessing resources from an OIDC identity provider
Access Google Cloud resources from an OIDC identity provider using identity federation.
-
Managing workload identity pools and providers
Perform common operations with workload identity pools and providers.
Managing recommendations
-
Reviewing and applying recommendations
View, understand, and apply recommendations made by the IAM recommender.
-
Exporting data for recommendations
Export the data that the IAM recommender uses to generate recommendations.
-
Managing insights
List, get, and change the state of IAM insights, the building blocks of IAM recommendations.
Setting conditional access
-
Managing conditional role bindings
Add, update, and remove conditions in your policies.
-
Configuring temporary access
Set time-based controls on access to a resource.
-
Configuring resource-based access
Set access controls for specific Google Cloud services, resource types, or resource names.
-
Setting limits on granting roles
Set limits on the roles that members can grant and revoke.