GCP - Granting Users Access to a GCP Project

To grant access to a GCP project or project resources, Google has some great documentation.  


We suggest that you use Google Groups to make logical groups for GCP Identity & Access Management (IAM) permissions.  See UW-Madison G Suite - Getting Started with Google Groups for a getting started with google groups (note: you want to use the "create a group" link in that KB article, not "log in to google groups")

With GCP IAM, users can be granted access with much granularity, from overall project and resource access, to individual resources within the projects.  In addition to using the Google Console, IAM controls can be added using the GCP Command Line Interface, and other methods.

By default, each GCP account will be set up with a single Google Group that will match [account name]@g-groups.wisc.edu.    This group will map to the "owner" role in GCP.   When the account is first provisioned, the account Owner, Technical Contact, Financial Contact & Security Contact provided when you requested your account will all be in that google group as owners (GCP - Requesting a GCP Project ).     For users who should not have complete access to the account, we recommend setting up additional groups, following "least privilege" security best practices.

Please contact the UW-Cloud Team with any Identity and Access Management questions, we'd be happy to help!

See Also:

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud




Keywords:gcp project sign in log login signin access accessing web netid shibboleth grant user resource   Doc ID:100125
Owner:Mike V.Group:Public Cloud
Created:2020-04-06 13:27 CDTUpdated:2021-02-25 15:28 CDT
Sites:Public Cloud
Feedback:  0   0