Google is making it easier for cloud security administrators to protect against insider threats and enhance user productivity, by granting users the permissions they need to do their jobs -- and only those permissions.
Google (Nasdaq: GOOG) has today introduced custom roles for Cloud Identity & Access Management (IAM), allowing enterprises to control 1,287 public permissions across Google Cloud Platform services.
"This helps administrators grant users the permissions they need to do their jobs -- and only those permissions," according to a post on the Google Cloud Platform blog scheduled to go live Tuesday. "Fine-grained access controls help enforce the principle of least privilege for resources and data on GCP. "
IAM offers the roles of Owner, Editor and Viewer for GCP users. Google calls those "primitive roles." Additionally, Google provides more than 100 "predefined roles" with sets of permissions needed to complete different tasks on GCP. "For example, the Cloud SQL Viewer predefined role combines 14 permissions necessary to allow users to browse and export databases."
"Custom roles complement the primitive and predefined roles when you need to be even more precise," according to the blog post, which is signed by Rohit Kare, GCP product manager. "For example, an auditor may only need to access a database to gather audit findings so they know what data is being collected, but not to read the actual data or perform any other operations."