Best Practices

Principle of Least Privilege

Always grant the minimum permissions necessary for users to perform their tasks.

Regular Reviews

Periodically review Role Assignment and roles to ensure they are still necessary and correctly applied.

Clear Naming Conventions

Use clear, descriptive names for roles and Role Assignment to simplify management and understanding.

To summarize, IAM service store user rights and provide capabilities to validate user rights. User rights are manage with policies objects that bind projects resources to a Role Assignment. Role Assignment then bind an account or a group of account to a list of roles. And at the end a role is composed of permissions.

Principle of Least Privilege​

Regular Reviews​

Clear Naming Conventions​

Principle of Least Privilege

Regular Reviews

Clear Naming Conventions