Understanding GCP IAM between multiple projects

0 votes
We use GCP at my company and have numerous projects there. I'm currently attempting to organize the IAM roles across all of the projects, however, some of the IAM settings are unclear to me. Are the two projects fully independent entities with distinct IAM roles and permissions, or is there any overlap that could make it possible for a change in one project to have an impact on the other project?
Nov 4, 2022 in GCP by Ashwini
• 5,430 points
1,205 views

1 answer to this question.

0 votes

Roles set on one project cannot be easily changed on another project. You need to take a few factors into account, though.

While individual projects may have their own access control policies, access can also be managed at levels above and beyond projects. The four resource locations where you can control access are as follows:

  • a company's level. The organizational resource speaks for your business. All resources inside the organization inherit any IAM roles provided at this level.
  • the folder level. Projects, other folders, or a combination of both can be found in folders. Projects or other folders included within the parent folder will inherit any roles provided at the top folder level.
  • Project scale. Within your business, a trust boundary is represented by projects. Services that are part of the same project are assumed to be trustworthy. For instance, Cloud Storage buckets located inside the same project can be accessed by App Engine instances. Resources within a project inherit IAM roles that have been granted at the project level.
  • level of resources. Genomics Datasets, Pub/Sub topics, and Compute Engine instances are additional resources that enable lower-level roles in addition to the current Cloud Storage and BigQuery ACL systems, allowing you to grant certain users access to a single resource inside a project.
  • Individual access, access through a service account, organization-wide access, and membership in Google Groups are all options. This means that you could unintentionally add or remove someone from numerous roles in various projects when you add or delete them from the organization or a Google group.
  • Additionally, anyone in that member group can alter permissions if they have been allocated a role that allows them to change IAM roles. They might alter the regulations in a way that you don't want 
answered Nov 7, 2022 by Tejashwini
• 3,820 points

Related Questions In GCP

0 votes
1 answer

GCP - Switching between projects.

You could use gcloud init command to ...READ MORE

answered Nov 5, 2019 in GCP by Sirajul
• 59,230 points
1,275 views
0 votes
1 answer

How do I setup a network peering connection from multiple GCP projects to the same MongoDB cluster

If you have a project and want ...READ MORE

answered Apr 11, 2022 in GCP by Korak
• 5,820 points
1,367 views
0 votes
1 answer

How can i grant access to a GCP project for a large scale multiple users at once?

gcloud auth to service accounts is allowed. ...READ MORE

answered Oct 16, 2019 in GCP by Sirajul
• 59,230 points
1,347 views
0 votes
0 answers

GCP - how to add a Google account as an IAM principal to a project?

How do I add a Google account ...READ MORE

Nov 9, 2022 in GCP by Ashwini
• 5,430 points
394 views
0 votes
1 answer

GCP - how to add a Google account as an IAM principal to a project?

I post this community wiki answer to ...READ MORE

answered Nov 10, 2022 in GCP by Ashwini
• 5,430 points
1,193 views
0 votes
2 answers
0 votes
1 answer
0 votes
1 answer

what is the difference between BigQuery and Storage on GCP?

Both a data warehouse and a SQL ...READ MORE

answered Nov 7, 2022 in GCP by Tejashwini
• 3,820 points
520 views
0 votes
1 answer

Google cloud: How to list all service-accounts from all Projects in GCP

It's been noted by the commenters that ...READ MORE

answered Nov 10, 2022 in GCP by Tejashwini
• 3,820 points
1,491 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP