To implement role-based access control to Google Cloud resources, it’s often useful to create a set of groups, where each group represents a role for a certain set of resources. For example, we might create groups such as database reader and database admin that grant access to a set of database-related resources. How can we automate the management of these groups, without granting our automation too much access? Option 1: Using a delegated admin service account Groups are a Cloud Identity o...
