Welcome to the Alpha program for GCP IAM Policy Analyzer!

[Sophia Yang]

Hello all,

Welcome to the GCP IAM Policy Analyzer feature alpha program! Thank you so much for signing up for the Alpha,  the projects you provided have been whitelisted (unless you received an email from me about projects cannot be whitelisted).

To quickly recap the feature, the Analyzer feature helps to answer the common access question “Who has access to what”. In order to fully answer questions like “Who can read files from this GCS bucket”, “Who can access this service account?”, “What VMs can John delete in project prod?”, the product supports: 

• User group expansion, so even if a user is included in a group, we can still help identify their access.

• Role to permission expansion, so you can query by permission and/or roles.

• A limited set of resource expansion within the resource hierarchy. For example, in the query results, you can expand all VM instances within a project, or all projects under a folder.

You are all set to start trying the feature by creating your own queries. Please note, before you start, please also make sure to enable the Cloud Asset API for your project. More instructions can be found in the documentation page.

Here are the documentation links for more details:

• Feature intro and get started instructions

• API and CLI

If you have any questions or feedback, please do not hesitate to contact us at: gcp-asset-inventory...@googlegroups.com

Cheers,

The IAM Policy Analyzer team

--

                                                                                            

• Sophia Yang • Product Manager • Google Cloud Asset Inventory and Search • xiao...@google.com