GCP - Granting Users Access to a GCP Project

To grant access to a GCP project or project resources, Google has some great documentation.  

We suggest that you use Google Groups to make logical groups for GCP Identity & Access Management (IAM) permissions.  See UW-Madison Google Workspace - Getting Started with Google Groups for a getting started with google groups (note: you want to use the "create a group" link in that KB article, not "log in to google groups")

With GCP IAM, users can be granted access with much granularity, from overall project and resource access, to individual resources within the projects.  In addition to using the Google Console, IAM controls can be added using the GCP Command Line Interface, and other methods.

By default, each GCP account will be set up with a single Google Group that will match [account name]@g-groups.wisc.edu.    This group will map to the "owner" role in GCP, except if this is a project that deals with restricted or high-risk data.   When the account is first provisioned, the account Owner, Technical Contact, Financial Contact & Security Contact provided when you requested your account will all be in that google group as Owners or Editors(GCP - Requesting a GCP Project ).     For users who should not have complete access to the account, we recommend setting up additional groups, following "least privilege" security best practices.

Please contact the UW-Cloud Team with any Identity and Access Management questions, we'd be happy to help!

See Also:

If you have any questions, feedback or ideas please Contact Us

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud

Keywords:gcp project sign in log login signin access accessing web netid shibboleth grant user resource   Doc ID:100125
Owner:Mike V.Group:Public Cloud
Created:2020-04-06 13:27 CDTUpdated:2022-01-25 08:46 CDT
Sites:Public Cloud
Feedback:  0   0