IAM Policies
An IAM policy specifies access controls for Google Cloud resources. IAM roles discussed above are part of policies. An IAM policy is attached to a cloud resource and specifies which principals have which roles for that particular resource. IAM policy can be declared using yaml or JSON format.
{
"bindings": [ /* A policy is
collection ofbindings */
{
"role": "roles/<role_name>", /* role
can be an IAM predefined role or a user-created custom role*/
"members": [ /* Binding
binds one or moremembers
, or principals */"user:tanu@example.com",
"group:gfg@example.com",
"domain:google.com",
"serviceAccount:<enter project_id>"
]
},
{
"role": "roles/<role_name>", /* a binding may consist of multiple roles each having some members */
"members": [
"user:jain@gmail.com"
],
"condition": { /*
logical expression that allows access to a resource only if the expression evaluates totrue*/
"title": "expirable access",
"description": "Does not grant access after Dec 2024",
"expression": "request.time < timestamp('< enter timestamp >')",
}
}
],
"etag": "< enter meta_data >", /* Enter meta data */
"version": 3
}
This is how you set up IAM policy using JSON.
How to Use Cloud Identity and Access Management (IAM) For Access Control on GCP?
IAM defines “who can do what on which resource”. Cloud IAM (Identity Access Management) offers a standardized set of functions and integrates access management for Google Cloud services into a single solution. You can create and manage permissions for Google Cloud resources using the Identity and Access Management (IAM) service provided by Google Cloud. The appropriate tools are provided by Cloud IAM to efficiently and highly automate the management of resource rights. Users do not receive permissions directly from you, you give them roles instead, that combine one or more permissions. You can use this to relate jobs and groups within your organization to specific job responsibilities. Users only have access to the information they require to do their tasks, and administrators can easily give default permissions to huge groups of users.
Contact Us