What is Google Cloud IAM?

IAM stands for Cloud Identity and access management. It permits you to access every small and particular file of the Google Cloud resources. In addition to access property, no unwanted person can access the file or the resources of Google Cloud.

With the help of IAM, you can control the very resources of the Google Cloud in the settings of IAM policies. It means you have full control over the resources i.e who can and how much a user can access a resource. It allows you to give permission or revoke permission from the user.

Permissions that are required to access the resources:

 The accounts that are requesting API must have access permission for using the resources. It is required by every Google Cloud method with IAM. The permission is necessary to perform the specific operations on the resources. There are some methods for which you need permission. You can’t directly give the permissions to the user, for can grant permission through the role. You can bundle one or more permissions with the role. Moreover, one or more roles can be grant into a single resource.

Roles:

There are predefined roles and also permissions. Apart from this, you can create a custom role. The custom role is a collection of permission that you can give to the user according to yourself. The following points that you should know while creating custom roles for use with the manager.

• List and get permission are always granted in the pair.
• Whenever the custom role includes the folders.list and folders.get permissions, then it is must to include the projects.list and projects.get.
• Always take care of setIamPolicy permissions for organization, project, and folder with care. Be very careful while permitting user for accessing the particular resource.

Steps to view granted role in an organization of users:

• In the Google Cloud, go to Manage Resources.
• Click on the organization drop-down list, then select your organization.
• Now, select the checkbox for the organization resources.
• You can see the info panel in that under permissions click on the role and it displays all the members' roles.

Granting access control steps of an organization:

• In the Google Cloud, go to Manage Resources.
• Click on the organization drop-down list, then select your organization.
• Now, select the checkbox for the organization resources.
• If the Info Panel is not visible or hidden, click on the show info panel in the top right corner.
• In the permission tab of the Info Panel, click on Add member to add the member.
• Enter the new member that you want to add to the new member's field.
• In the select role drop-down list, select the role you want to grant to the team member.
• Click add.

You can also test user permission with the help of the testIamPermission() method. It takes the resources URL and the set of permission that you want to take it as a parameter in the form of input. It returns the set of permission that a user can access.