Manage access
-
Manage access to projects, folders, and organizations
Grant, change, and revoke access to your projects, folders, and organizations using IAM.
-
Manage access to other resources
Grant, change, and revoke access to any resource that supports IAM policies.
-
Troubleshooting access
Find out why a user has access to a resource or doesn't have permission to call an API.
-
Analyzing access
Analyze IAM policies to find out who has access to what.
-
Simulating policy changes
Simulate an Identity and Access Management (IAM) policy change, interpret the results, and apply the simulated policy.
View, create, and maintain roles
Manage service accounts
-
Creating and managing service accounts
Create and manage IAM service accounts.
-
Creating and managing service account keys
Create and manage keys for your IAM service accounts.
-
Manage access to projects, folders, and organizations
Grant, change, and revoke access to your service accounts using IAM.
-
Creating short-lived service account credentials
Temporarily enable a service account to act as a different service account.
-
Managing service account impersonation
Control which principals are able to impersonate your service accounts.
-
Migrating to the Service Account Credentials API
Migrate code that signs JSON Web Tokens (JWTs) and binary blobs to the Service Account Credentials API.
-
Monitor usage for service accounts and keys
Use Cloud Monitoring to monitor the usage of service accounts and service account keys.
-
View recent usage for service accounts and keys
Use Activity Analyzer to list the times of the most recent authentication activities for your service accounts and service account keys.
Grant access to external identities
-
Configuring workload identity federation
Configure workload identity federation to let external identities access Google Cloud resources.
-
Obtaining short-lived credentials with identity federation
Use workload identity federation to let external identities obtain short-lived credentials and access Google Cloud resources.
-
Manage workload identity pools and providers
Perform common operations with workload identity pools and providers.
Manage recommendations
-
Review and apply recommendations
View, understand, and apply role recommendations.
-
Exporting data for recommendations
Export the data that Recommender uses to generate role recommendations.
-
Manage lateral movement insights
Review the state of lateral movement insights, which help you identify roles that that give service accounts powerful impersonation permissions across projects.
-
Manage policy insights
Review the state of IAM policy insights, the building blocks of IAM recommendations.
-
Manage service account insights
Review the state of service account insights, which help you identify unused service accounts.
Set conditional access
-
Managing conditional role bindings
Add, update, and remove conditions in your policies.
-
Configuring temporary access
Set time-based controls on access to a resource.
-
Configuring resource-based access
Set access controls for specific Google Cloud services, resource types, or resource names.
-
Setting limits on granting roles
Set limits on the roles that principals can grant and revoke.