Understanding IAM in GCP
IAM is a central manager that manages who can access what—in other words, authorization. IAM manages all authorization within GCP. The concept is simple—you grant roles to accounts so that the accounts have the required permission to access specific GCP services. Here is a diagram for an account that needs to query a table in BigQuery:
In the example shown in the previous diagram, in order to access a BigQuery table, an account needs, at a minimum, two roles: data viewer and job user. These roles contain multiple permissions to specifically perform an operation in BigQuery.
Let's go through each of the important terms that we use in the IAM space, as follows:
- Account—An account in GCP can be divided into two—a user account and a service account:
- User account—Your personal email is a user account. ...