July 2018
Intermediate to advanced
506 pages
16h 2m
English
Content preview from Google Cloud Platform for Developers
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
IAM roles
All actions in Google Cloud Platform have some associated permission (the WHAT). These permissions generally relate to a specific API operation or group of operations, such as listing Compute Engine VMs or creating an App Engine service. These permissions take the form of Service.Resource.Action. For example, a permission of compute.instances.list allows an actor to retrieve a list of Compute Engine VMs in a project.
While permissions offer fine-grain control over which actions an actor can take, any given activity on GCP will generally require multiple permissions. Building on the last example, there's very little utility in just being able to list VMs. A more realistic use case would be viewing all Compute Engine resources. To ...