Google Cloud IAM implements discretionary access control, meaning each resource - be it a folder, project, or VM - has an IAM policy. We can think of this policy as an access control list, outlining who can access the resource and what actions they’re permitted to take. This model is extremely flexible. But as we scale, management can become a challenge: As the number of resources, IAM policies, and users grow, controlling access on a per-resource, per-user basis quickly becomes unviable. T...
