HOW Identity and Access Managment (IAM) Works
-
GCP IAM is a platform wide access control for providing granular access control over all GCP resources
-
IAM specifies WHO can do WHAT to WHICH Thing
-
WHO:
- IAM is composed as list of policies that apply to one or more actors
- Actors are any entity that can take action on Google Cloud Resource which includes both users and service accounts
- Cloud IAM also supports policies that apply to group of actors which can exist at project level or the organization level to span multiple projects
-
WHAT:
- In general, policies apply to specific actions an actor can take, creating the concept of permissions
-
WHICH: On which cloud resource you want to apply the IAM Policy
-
Lets navigate to the roles in the IAM and admin section
-
In Cloud IAM there are three primitive roles in addition to lot of curated roles
- owner
- editor
- viewer
-
Every role has associtated set of permissions
-
Now lets explore IAM & Admin section
-
At the enterprise level we need to get the fine grained access control
Concepts
- Identity and access management is the practice of granting the right individuals access to right resource for right reason
- What are different kinds of identities
- Corporate identities: The identities that you manage for employees of your organization
- Customer identities: The identities you manage for users inorder to interact with your applications.
- Service identities: The identities that you manage in order to enable applications interact with other applications or underlying platform
- Authentication, Authorization and Accounting systems
