Reputation: 582
What is the effect of assigning an IAM role to a domain in GCP?
I came across a GCP project that has a IAM role assigned to a domain (domain:example.com).
What does that do?
Upvotes: 0
Views: 53
Answers (2)
Reputation: 162
In addition to what @somethingsomething said, in cases like this, instead of assigning access to individual users, the domain acts as a principal in IAM. Meaning anyone with an email address from that domain example.com will be granted the specified permissions when accessing the GCP project.
Google Cloud IAM allows granular access control with roles: you can choose a specific IAM role to assign to the domain and define the level of access the users from that domain will have within the project (e.g., "Viewer" for read-only access, "Editor" for read-write access).
Upvotes: 1
Reputation: 2189
It will give access to all users part of that domain. So in this situation anyone with a google account that ends in @example.com.
Not really sure what could be unclear about that in the first place. Maybe see https://cloud.google.com/iam/docs/principals-overview#g-suite-domain for which type of domains are supported by google?
Upvotes: 1
Related Questions
- How do I list the roles associated with a gcp service account?
- How to change the project in GCP using CLI commands
- Error assigning GCP IAM Role for Creating Monitoring Policy
- GCP: what are the permissions of viewer role has?
- Assigning role to Group in GCP causing Role does not exist in the resource's hierarchy
- How to list, find, or search iam policies across services (APIs), resource types, and projects in google cloud platform (GCP)?
- What's the equivalent IAM role for https://www.googleapis.com/auth/devstorage.read_write scope
- IAM Custom Role for Inserting to Specific BigQuery Dataset
- Create Customized role in GCP
- Temporarly switch to high privileged Role with Google Cloud Platform IAM