Why it matters

GCP IAM is core security. Understanding shapes access control.

Advertisement

The architecture

Principals: users, service accounts, groups.

Roles: bundles of permissions.

Bindings: attach role to principal on resource.

GCP IAM structurePrincipalsusers + SAs + groupsRolesbundles of permsBindingsprincipal + role + resourceConditional bindings: time, IP, resource tag, etc.
IAM components.
Advertisement

How it works end to end

Hierarchy: org → folder → project → resource. Bindings inherit down.

Predefined roles: standard bundles.

Custom roles: your own bundles.

Conditional bindings: expression-based.

Workload Identity Federation: external identities as GCP principals.