GCP IAM Flashcards
What is IAM?
Who can do what and what resourc. It is GCP’s identity and access manage.
In GCP IAM what is a member?
A member is a ‘who’, this can be a person or a service account.
Service account = Application access
People =
- Google account
- Google group
- G Suite Domain
- Google identity domain
Can a GCP IAM member be a google account?
Yes
Can a GCP IAM Service account be a google account?
No, an application can be a service account
What is a google account?
It is a person interaction with Google and can be a Gmail account or can be a non-google account associated with a google account.
What is a google group?
It is a collection of google accounts
What is a G Suit Domain
Is a virtual group of domain users, it can not be used for individual identity but you can set permissions.
In GCP IAM, what is the hierarchy structure?
Organizations
Folders
Projets
Resoiurces
In GCP IAM, what is the main structure of IAS objects
Permissions -> Roles -> Policies
What is a GCP IAM permission?
It is a resource based permission, compute.instanceAdmin.v1
What is a GCP IAM role?
A role is a collection of permissions, 100% completely different than AWS role.
What is a GCP IAM policy?
It is a collection of roles and it is where a member (users) can become
When using GCP IAS, how can we think of IAS applied to an organization or an organization child?
Who
What they can do
Resources they can do it on
How can we think of GCP IAM?
Members (who) are granted permissions and roles to GCP services (resource)
In GCP IAM what is a service account?
It is a software application or service calling GCP, software application uses the service account to call GCP.
In GCP ISA what is the permission format?
service.resource.action
compute.instance.delete
In GCP IAM can you give me an example of a permission?
compute.rinstance.delete
Can you asign a permission direct to a member?
No, permissions are applied a role.
What is a GCP IAM primitive role?
Includes owner, editor and viewer roles and existed before Cloud IAM. These roles (owner, editor and viewer) apply only to the project level.
What is a GCP IAM role?
provide granular access servcies in GCP
What is a GCP IAM custom role?
You cna build a custum role with your own permissions.
What will the GCP prinitive role ‘Viewer’ allow you to do?
Read only and view resources
What will the GCP prinitive role ‘Editior’ allow you to do?
Edit resources
What will the GCP prinitive role ‘Owner’ allow you to do?
All editor permissions and,
- Manage roles and permissions
- Setup billing
Can a member/user be granted multipal roles?
Yes
In GCP IAM, give an example of a predefined role?
roles/appEngine.appAdmin
In the following GCP IAM) role ‘roles/appEngine.appAdmin’, what will role enable you to do?
This role will give you admin permissions to theGCP App Engine.
What is a GCP IAM Policy?
An GCP IAM policy is a coletcion of GCP roles, a GCP IAM policy is not the same as a AWS policy
What you set a policy at the orgnizational level of GCP, will projects and resources inherate this policy?
Yes, as the orgnization is at the higest level all child resources inherate this policy. Resources inheriat from it parent.
If i give admin access at the orgnizational level and then give less rights at the project or resource level, will the user have less rights or admin rights?
Admin rights, the rights at the more pareent level will apply.
What are the 3 roles used in GCP IAM?
Primitive, Predefined, Custom?