[EXTERNAL] Cloud Asset Inventory product updates | June 11th, 2020

[Shaun Bennett]

Google Cloud Asset Inventory Updates | June 11th, 2020

ASSET SERVICES

Beta launch: IAM Policy Analyzer

Cloud Asset Inventory helps you answer common questions around “Who has what access to what GCP resource?” by exposing permission levels on resources in a project. To fully answer questions like “Who can read files from this GCS bucket”, “Who can access this service account?”, “What VMs can John delete in project prod?”, the product supports the following Beta functionality (Documentation): 

• User group expansion. Even if a user is included in a group, we can still help identify their access.

• Role to permission expansion. You can query by permission and/or roles.

• Limited resource expansion within the resource hierarchy. For example you can expand all VM instances within a project included in query results, or expand all projects under a folder.

• Understand resource and policy hierarchy. Regardless where you are querying within the resource hierarchy, we will always find the effective IAM policies under the specified organization or folder.

If IAM Policy Analyzer functionality is potentially useful to your organization, you can find additional details in the Policy Analyzer Documentation, join the mailing list here or directly email gcp-asset-inventory...@googlegroups.com with any additional questions.

Thanks very much!

Google Cloud Asset Inventory team

--

Shaun Bennett | Program Management, Google Cloud Asset Inventory & Search | esh...@google.com