Google has announced the release of enterprise-focused Identity and Access Management (IAM) for Google Cloud Platform (GCP).
Google’s new IAM tool gives users the ability to assign permissions to your Cloud Platform resources through IAM roles, which are defined as a collection of permissions — owner/editor/viewer gave users permissions to all resources in a project.
Google Cloud Identity & Access Management (IAM) lets administrators authorise who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organisational structures, hundreds of work groups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organisation, with built-in auditing to ease compliance processes.
Cloud IAM provides the right tools to manage resource permissions with minimum effort and high automation. Map job functions within your company to groups and roles. Users get access only to what they need to get the job done, and admins can easily grant default permissions to entire groups of users. Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access.
Prior to Cloud IAM, you could only grant Owner, Editor, or Viewer roles to users. A wide range of services and resources now surface additional IAM roles out of the box. For example, the Cloud Pub/Sub service exposes Publisher and Subscriber roles in addition to the Owner, Editor, and Viewer roles.
Command Line Access Web and Programmatic.
Create and manage Cloud IAM policies using the Cloud Platform Console, the Cloud IAM methods, and the gcloud tool.
Single Access Control Interface
Cloud IAM provides a simple and consistent access control interface for all Cloud Platform services. Learn one access control interface and apply that knowledge to all Cloud Platform resources.
Fine-grained Access Control
Grant roles to users at a resource-level of granularity, rather than just project-level. For example, you can create an IAM access control policy that grants the Subscriber role to a user for a particular Cloud Pub/Sub topic.
Google Accounts Supported
Cloud IAM supports standard Google accounts. Create Cloud IAM policies granting permission to a Google group, a Google-hosted domain, a service account, or specific Google account holders. Centrally manage users and groups through the Google Apps Admin Console.
In-built Audit Trail
To ease compliance processes for your organisation, a full audit trail is made available to admins without any additional effort.
Free of Charge
Cloud IAM is offered at no additional charge for all Cloud Platform customers. You will be charged only for use of other Cloud Platform services. For information on the pricing of other Cloud Platform services, see the Cloud Platform Pricing Calculator.