Google today released a beta version of custom roles for Cloud Identity and Access Management (IAM) on the Google Cloud Platform (GCP) that provides more granular control over data access permissions.
IAM has three basic roles for Owner, Editor, and Viewer, and more than 100 service-specific predefined roles that combine curated permissions to perform tasks on the GCP. Predefined roles are often used to control access to GCP services; for example, the Cloud SQL Viewer role combines all the permissions needed to let users browse and export databases.
Custom roles give users precise control over the 1,287 public permissions for GCP services. This tightens data security in the case someone like an auditor needs to access a database and gather data, but doesn't need to read the actual information. Admins can build a "custom role" so auditors have permission to access databases but cannot export their contents.
Google advises building custom roles by starting with a predefined role and adjusting it for the organization's needs. IAM supports custom roles across projects and full organizations to centralize role development, testing, maintenance, and sharing.
Read more details on the new Google offering here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.