Switch to a laptop (or maximize your browser window) for an optimal viewing experience.

UWB Hacks the Cloud Documentation

All the essential information needed to create an amazing cloud-based application at the UW Bothell 2020 hackathon.

Go to Documentation Home Go to Hackathon Website View on GitHub

GCP Secrets & Permissions Management

Who Needs Permissions?

GCP entities typically fall into two categories:

Read about service accounts here and user accounts here.

Google IAM

GCP Identity and Access Management (IAM) is the tool which manages access permissions between users and GCP resources (such as a database instance or a Cloud Function).

IAM Roles

Roles are used to grant entities (users, user groups, or service accounts) access to resources in a GCP project. This access level is associated with a role. Roles are fully customizable, but the common, predefined roles are:

There are additional permissions levels which allow entities access to specific resources, and many of these permissions are configured from GCP templates for specific products and project resources. An entity may have many roles.

Read more about GCP IAM roles in the GCP documentation page.

IAM Policies

IAM policies are attached to GCP resources, and describe the access permissions that GCP entities have to this particular resource.

Each policy has one or more bindings, which describe the association between the entity and the resource.

Bindings consist of the following required fields:

Bindings can also include a condition, which is the part of the policy that grants granular access to specific products or resources. Conditions support conditional expressions, which become very powerful control mechanisms when combined.

Read more about IAM policies in the GCP documentation page.