With Just-in-Time Access, we can implement just-in-time privileged access management on Google Cloud by allowing users to temporarily elevate their access to certain projects. The application relies on the notion of eligible role bindings: These are role bindings with a special IAM condition, has({}.jitAccessConstraint). Once we grant a user such an eligible role binding, that role starts to show up in the JIT Access application, and the user can request to activate the role temporarily. But ...
