title
Google Cloud IAM Tutorial | Identity & Access Management on GCP | GCP Training | Edureka
description
馃敟 Edureka Google Cloud Certification training (饾悢饾惉饾悶 饾悅饾惃饾悵饾悶: 饾悩饾悗饾悢饾悡饾悢饾悂饾悇饾煇饾煄): http://www.edureka.co/google-cloud-architect-certification-training
This Edureka video on '饾悊饾惃饾惃饾悹饾惀饾悶 饾悅饾惀饾惃饾惍饾悵 饾悎饾悵饾悶饾惂饾惌饾悽饾惌饾惒 饾悮饾惂饾悵 饾悁饾悳饾悳饾悶饾惉饾惉 饾悓饾悮饾惂饾悮饾悹饾悶饾惁饾悶饾惂饾惌' will give you an overview of Identity and Access Management in Google Cloud Platform and will help you understand various important concepts that concern Google Cloud Identity and Access Management with practical implementation. Following pointers are covered in this Google Cloud Identity and Access Management :
00:00:55 What is google Cloud IAM?
00:01:19 How does the IAM Work?
00:04:52 IAM Concepts
00:14:10 Security Enforcement through IAM
00:18:25 Google Cloud IAM Demo
------------------------------------
馃敼Checkout Edureka's Google Cloud Platform Tutorial Playlist: https://bit.ly/2PpVgHu
馃敶Subscribe to our channel to get video updates. Hit the subscribe button above: https://goo.gl/6ohpTV
馃搶饾悡饾悶饾惀饾悶饾悹饾惈饾悮饾惁: https://t.me/edurekaupdates
馃搶饾悡饾惏饾悽饾惌饾惌饾悶饾惈: https://twitter.com/edurekain
馃搶饾悑饾悽饾惂饾悿饾悶饾悵饾悎饾惂: https://www.linkedin.com/company/edureka
馃搶饾悎饾惂饾惉饾惌饾悮饾悹饾惈饾悮饾惁: https://www.instagram.com/edureka_learning/
馃搶饾悈饾悮饾悳饾悶饾悰饾惃饾惃饾悿: https://www.facebook.com/edurekaIN/
馃搶饾悞饾惀饾悽饾悵饾悶饾悞饾悺饾悮饾惈饾悶: https://www.slideshare.net/EdurekaIN
馃搶饾悅饾悮饾惉饾惌饾悰饾惃饾惐: https://castbox.fm/networks/505?country=IN
馃搶饾悓饾悶饾悶饾惌饾惍饾惄: https://www.meetup.com/edureka/
馃搶饾悅饾惃饾惁饾惁饾惍饾惂饾悽饾惌饾惒: https://www.edureka.co/community/
#edureka #googlecloudcertificationtraining #edurekagcp # googlecloudidentityandaccessmanagement #cloudiamtutorial #googlecloudplatformtraining #googlecloudiam #gcpiam
---------饾悇饾悵饾惍饾惈饾悶饾悿饾悮 饾悗饾惂饾惀饾悽饾惂饾悶 饾悡饾惈饾悮饾悽饾惂饾悽饾惂饾悹 饾悮饾惂饾悵 饾悅饾悶饾惈饾惌饾悽饾悷饾悽饾悳饾悮饾惌饾悽饾惃饾惂---------
馃數 DevOps Online Training: http://bit.ly/3qqcotZ
馃寱 Python Online Training: http://bit.ly/3i7DiDD
馃數 AWS Online Training: http://bit.ly/39EOIv9
馃寱 RPA Online Training: http://bit.ly/39t6MrE
馃數 Data Science Online Training: http://bit.ly/3bywuOu
馃寱 Big Data Online Training: http://bit.ly/35ADG8L
馃數 Java Online Training: http://bit.ly/35Avwxb
馃寱 Selenium Online Training: http://bit.ly/2Ltn4ZE
馃數 PMP Online Training: http://bit.ly/2LMP3mT
馃寱 Tableau Online Training: http://bit.ly/38z4oR9
馃數 Microsoft Azure Online Training: https://bit.ly/3wsAhV4
馃寱 Power BI Online Training: https://bit.ly/3zq1WHX
---------饾悇饾悵饾惍饾惈饾悶饾悿饾悮 饾悓饾悮饾惉饾惌饾悶饾惈饾惉 饾悘饾惈饾惃饾悹饾惈饾悮饾惁饾惉---------
馃數 DevOps Engineer Masters Program: http://bit.ly/2MY1OMc
馃寱 Cloud Architect Masters Program: http://bit.ly/2MY1OMc
馃數 Data Scientist Masters Program: http://bit.ly/3qaVZJA
馃寱 Big Data Architect Masters Program: http://bit.ly/3qaVZJA
馃數 Machine Learning Engineer Masters Program: http://bit.ly/3bxAhLG
馃寱 Business Intelligence Masters Program: http://bit.ly/3byBhiS
馃數 Python Developer Masters Program: http://bit.ly/3nw4Rb2
馃寱 RPA Developer Masters Program: http://bit.ly/3nw4Rb2
--------------------------------------------------------------------
About The Course
This course will help you pass the Google Cloud Certification Exam for Cloud Architect. The topics mentioned are strictly in line with the official exam guide provided by Google. The course starts with basics of Cloud Computing and as the course progresses you will understand the GCP core infrastructure, how to manage GCP services. This course will also cover how to use command line tools to import data into google cloud storage and run a query for data analysis
----------------------------------------------------------------------
What are the objectives of our GCP Architect Certification Training?
After completing this Google Cloud Certification training, you should be able to:
路 Understand Google Cloud Platform concepts and terminologies
路 Understand GCP products and services
路 Learn methods to develop, implement, and deploy solutions
路 Distinguish between features of similar or related products and technologies
路 Learn to work with the Compute Engine, Cloud Storage, Cloud SQL and Big Query GCP services
路 Manage GCP environments using three different methods (Console, App, Command-Line)
路 Develop knowledge of solution patterns -- methods, technologies, and designs that are used to implement security, scalability, high availability, and other desired qualities
路 Understand basics of Big Data and Machine Learning services of GCP
--------------------
Why should you go for GCP Architect Certification Training?
Google Cloud Certifications are the world鈥檚 most prestigious certifications. Google Cloud Platform is ranked as the world鈥檚 third largest cloud provider. The world-renowned services such as Google Search and Youtube are also hosted on the Google Cloud, which means applications which will be hosted on GCP will share the same world class infrastructure used by other Google products.
------------------------
For more information, Please write back to us at sales@edureka.co or call us at IND: 9606058406 / US: 18338555775 (toll free).
detail
{'title': 'Google Cloud IAM Tutorial | Identity & Access Management on GCP | GCP Training | Edureka', 'heatmap': [], 'summary': 'This tutorial covers google cloud iam, including its definition, working, concepts, and security benefits, access rights in corporate and google cloud settings, google cloud access management, resource hierarchy, and security best practices. it also demonstrates practical application and management of google cloud iam on google cloud platform.', 'chapters': [{'end': 91.9, 'segs': [{'end': 91.9, 'src': 'embed', 'start': 29.141, 'weight': 0, 'content': [{'end': 33.422, 'text': 'We will also look at how security can be strengthened through IAM service.', 'start': 29.141, 'duration': 4.281}, {'end': 38.623, 'text': 'And then finally, we will then see a demo of demonstrating IAM service on Google Cloud Platform.', 'start': 33.542, 'duration': 5.081}, {'end': 45.745, 'text': 'Before we begin, do consider subscribing to our YouTube channel and hit the bell icon to stay updated on trending technologies.', 'start': 39.784, 'duration': 5.961}, {'end': 53.007, 'text': 'And also, if you are interested in online training certification in Google Cloud Platform, check out the link given in the description box below.', 'start': 46.185, 'duration': 6.822}, {'end': 56.768, 'text': "First, let's understand what Google Cloud IAM is.", 'start': 54.087, 'duration': 2.681}, {'end': 61.135, 'text': 'So IAM, which means identity and access management,', 'start': 57.833, 'duration': 3.302}, {'end': 67.24, 'text': 'lets you grant granular access to specific Google Cloud resources and helps prevent access to other resources.', 'start': 61.135, 'duration': 6.105}, {'end': 75.206, 'text': 'IAM lets you adopt the security principle of least privilege, which states that nobody should have more permission than they actually need.', 'start': 67.9, 'duration': 7.306}, {'end': 79.068, 'text': "Let's now understand how Google Cloud IAM works.", 'start': 76.186, 'duration': 2.882}, {'end': 83.111, 'text': "First, let's take a real-time example or say real-life scenario.", 'start': 79.569, 'duration': 3.542}, {'end': 91.9, 'text': 'Suppose, if you enter a company and you got the visitor card so you have a very limited access through it, like you can access reception,', 'start': 83.251, 'duration': 8.649}], 'summary': 'The transcript covers strengthening security through iam, with a demo of iam service on google cloud platform and a real-life scenario example.', 'duration': 62.759, 'max_score': 29.141, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI29141.jpg'}], 'start': 7.355, 'title': 'Google cloud iam', 'summary': 'Discusses google cloud iam, covering its definition, working, concepts, and security benefits, emphasizing the principle of least privilege, and including a real-life scenario to illustrate its functionality.', 'chapters': [{'end': 91.9, 'start': 7.355, 'title': 'Google cloud iam: identity & access management', 'summary': 'Discusses google cloud iam, focusing on its definition, working, concepts, and security benefits, with an emphasis on the principle of least privilege and a real-life scenario, illustrating its functionality.', 'duration': 84.545, 'highlights': ['IAM, which means identity and access management, lets you grant granular access to specific Google Cloud resources and helps prevent access to other resources.', 'Google Cloud IAM works based on the security principle of least privilege, ensuring that nobody has more permission than they actually need.', 'The real-life scenario illustrates the concept of least privilege access by comparing it to limited access through a visitor card in a company.', 'The session agenda includes an overview of Google Cloud IAM, its working, concepts, and a demonstration of IAM service on Google Cloud Platform.', 'The speaker encourages the audience to subscribe to the YouTube channel for updates on trending technologies and promotes online training certification in Google Cloud Platform.']}], 'duration': 84.545, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI7355.jpg', 'highlights': ['IAM grants granular access to specific Google Cloud resources.', 'Google Cloud IAM follows the security principle of least privilege.', 'Real-life scenario illustrates least privilege access concept.', 'Session agenda includes overview, working, concepts, and demonstration of IAM service.', 'Speaker promotes YouTube channel subscription and online training certification in Google Cloud Platform.']}, {'end': 472.051, 'segs': [{'end': 159.117, 'src': 'embed', 'start': 131.401, 'weight': 0, 'content': [{'end': 134.302, 'text': 'Senior analysts have much more access to more cloud resources.', 'start': 131.401, 'duration': 2.901}, {'end': 140.945, 'text': 'He has more access to much more Excel sheets also you can say and also like various other analytical tools also.', 'start': 134.342, 'duration': 6.603}, {'end': 144.306, 'text': "Now suppose there's another person who isn't in analyst team.", 'start': 141.585, 'duration': 2.721}, {'end': 145.707, 'text': "He's in cloud team say.", 'start': 144.686, 'duration': 1.021}, {'end': 146.627, 'text': "He's a cloud engineer.", 'start': 145.787, 'duration': 0.84}, {'end': 152.575, 'text': 'So now you can see he might having the access of a lot of cloud resources compared to you,', 'start': 147.153, 'duration': 5.422}, {'end': 156.896, 'text': "but he won't be having access to certain database services which you have access to.", 'start': 152.575, 'duration': 4.321}, {'end': 159.117, 'text': 'certain databases also, which you have access to.', 'start': 156.896, 'duration': 2.221}], 'summary': 'Senior analysts have greater access to cloud resources, excel sheets, and other analytical tools compared to non-analyst cloud engineers.', 'duration': 27.716, 'max_score': 131.401, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI131401.jpg'}, {'end': 229.223, 'src': 'embed', 'start': 170.26, 'weight': 1, 'content': [{'end': 172.461, 'text': 'This is just you can say it as a real-time example.', 'start': 170.26, 'duration': 2.201}, {'end': 175.122, 'text': "Okay, that's how access and identity management works.", 'start': 172.521, 'duration': 2.601}, {'end': 178.529, 'text': "So now, let's understand how IAM works in Google Cloud.", 'start': 175.868, 'duration': 2.661}, {'end': 186.79, 'text': 'With IAM, you manage access control by defining who means identity, has what access means role, for which resource.', 'start': 179.189, 'duration': 7.601}, {'end': 195.672, 'text': 'For example, compute engine virtual machine instances, Google Kubernetes engine clusters, and cloud storage buckets are all Google Cloud resources.', 'start': 187.25, 'duration': 8.422}, {'end': 201.913, 'text': 'The organizations, folders, and projects that you use to organize your resources are also resources.', 'start': 196.132, 'duration': 5.781}, {'end': 207.392, 'text': "In IAM, permissions to access a resource isn't granted directly to the end user.", 'start': 202.85, 'duration': 4.542}, {'end': 212.995, 'text': 'Instead, permissions are grouped into roles and roles are granted to authenticated members.', 'start': 207.572, 'duration': 5.423}, {'end': 221.199, 'text': 'An IAM policy defines and enforces what roles are granted to which members and this policy is attached to a resource.', 'start': 213.335, 'duration': 7.864}, {'end': 229.223, 'text': "When an authenticated member attempts to access a resource, IAM checks the resource's policy to determine whether the action is permitted.", 'start': 221.959, 'duration': 7.264}], 'summary': 'Iam in google cloud manages access control by defining roles and permissions for resources. roles are granted to authenticated members via iam policy.', 'duration': 58.963, 'max_score': 170.26, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI170260.jpg'}, {'end': 323.759, 'src': 'embed', 'start': 296.92, 'weight': 4, 'content': [{'end': 303.525, 'text': 'So, in IAM you grant access to members and members can be of the following types like it can be a Google account,', 'start': 296.92, 'duration': 6.605}, {'end': 308.268, 'text': 'which represents a developer and administrator, or any other permission who interacts with Google Cloud.', 'start': 303.525, 'duration': 4.743}, {'end': 313.011, 'text': 'Account can be an identity including gmail.com or other domains.', 'start': 308.908, 'duration': 4.103}, {'end': 317.534, 'text': 'New users can sign up for a Google account by going to the Google account signup page.', 'start': 313.612, 'duration': 3.922}, {'end': 319.416, 'text': 'Then there is service account.', 'start': 318.335, 'duration': 1.081}, {'end': 323.759, 'text': 'A service account is an account for an application instead of an individual end user.', 'start': 319.836, 'duration': 3.923}], 'summary': 'In iam, access is granted to different types of members, including google accounts and service accounts for applications.', 'duration': 26.839, 'max_score': 296.92, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI296920.jpg'}], 'start': 91.9, 'title': 'Access rights and iam in corporate and google cloud setting', 'summary': 'Discusses access rights in a corporate setting, highlighting how different roles are granted varying levels of access. it also explains iam in google cloud, focusing on access control, roles, permissions, and identity concepts.', 'chapters': [{'end': 170.06, 'start': 91.9, 'title': 'Access rights and privileges in a corporate setting', 'summary': 'Discusses how different roles in a corporate setting are granted varying levels of access to resources, with junior analysts having limited access to databases and analytical tools, while senior analysts and cloud engineers have more extensive access to resources such as cloud services and excel sheets.', 'duration': 78.16, 'highlights': ['The access privileges in the corporate setting vary based on roles, with junior analysts having limited access to databases and analytical tools, while senior analysts have more extensive access to resources such as cloud services and Excel sheets.', 'Senior analysts have much more access to cloud resources, including more Excel sheets and various other analytical tools compared to junior analysts.', 'Cloud engineers, while having access to a lot of cloud resources, may not have access to certain databases and analytical tools that junior analysts have.']}, {'end': 472.051, 'start': 170.26, 'title': 'Iam in google cloud', 'summary': 'Explains the working of identity and access management (iam) in google cloud, where access control is managed by defining roles and permissions for resources, and it elaborates on various types of members, roles, and policies in iam as well as the concepts related to identity.', 'duration': 301.791, 'highlights': ['IAM manages access control by defining roles and permissions for resources in Google Cloud. IAM allows managing access control by defining roles and permissions for resources in Google Cloud, such as compute engine virtual machine instances, Google Kubernetes engine clusters, and cloud storage buckets.', 'Permissions in IAM are grouped into roles and granted to authenticated members via IAM policies attached to resources. In IAM, permissions are grouped into roles and granted to authenticated members through IAM policies attached to resources, defining and enforcing what roles are granted to which members.', 'Types of members in IAM include Google accounts, service accounts, Google Groups, Google Workspace domains, and Cloud Identity Domains. IAM includes various types of members such as Google accounts, service accounts, Google Groups, Google Workspace domains, and Cloud Identity Domains, each representing different entities with specific access privileges.', 'IAM allows granting access to members like Google accounts, service accounts, Google Groups, and Google Workspace domains, and Cloud Identity Domains. IAM enables granting access to members such as Google accounts, service accounts, Google Groups, Google Workspace domains, and Cloud Identity Domains, empowering them with specific access permissions to resources.', 'Google Groups provide a convenient way to apply access policies to a collection of users and service accounts. Google Groups offer a convenient approach to applying access policies to a group of users and service accounts collectively, streamlining access control management.']}], 'duration': 380.151, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI91900.jpg', 'highlights': ['Senior analysts have much more access to cloud resources, including more Excel sheets and various other analytical tools compared to junior analysts.', 'IAM manages access control by defining roles and permissions for resources in Google Cloud.', 'IAM allows managing access control by defining roles and permissions for resources in Google Cloud, such as compute engine virtual machine instances, Google Kubernetes engine clusters, and cloud storage buckets.', 'Permissions in IAM are grouped into roles and granted to authenticated members via IAM policies attached to resources.', 'IAM includes various types of members such as Google accounts, service accounts, Google Groups, Google Workspace domains, and Cloud Identity Domains, each representing different entities with specific access privileges.']}, {'end': 848.241, 'segs': [{'end': 659.164, 'src': 'embed', 'start': 634.859, 'weight': 1, 'content': [{'end': 641.021, 'text': 'For example, the predefined role PubSubPublisher provides access to only publish messages to a PubSub topic only.', 'start': 634.859, 'duration': 6.162}, {'end': 642.458, 'text': 'Then there are custom roles.', 'start': 641.638, 'duration': 0.82}, {'end': 649.961, 'text': "So roles that you create a tailor permissions to the needs of your organization when predefined roles don't meet your needs.", 'start': 642.578, 'duration': 7.383}, {'end': 652.942, 'text': 'Like you can see here, an example of role is given.', 'start': 650.561, 'duration': 2.381}, {'end': 656.343, 'text': 'like the role is assigned as a compute dot instance admins.', 'start': 652.942, 'duration': 3.401}, {'end': 659.164, 'text': 'like the role is assigned compute dot instance admin.', 'start': 656.343, 'duration': 2.821}], 'summary': 'Custom roles can tailor permissions to organization needs, e.g. compute instance admin.', 'duration': 24.305, 'max_score': 634.859, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI634859.jpg'}, {'end': 697.494, 'src': 'embed', 'start': 671.704, 'weight': 0, 'content': [{'end': 678.927, 'text': 'So you can grant roles to users by creating an IAM policy which is a collection of statements that define who has what type of access.', 'start': 671.704, 'duration': 7.223}, {'end': 686.31, 'text': 'A policy is attached to a resource and is used to enforce access control whenever that resource is accessed as you can see here.', 'start': 679.467, 'duration': 6.843}, {'end': 690.671, 'text': 'So an IAM policy is represented by the IAM policy object.', 'start': 686.95, 'duration': 3.721}, {'end': 694.473, 'text': 'An IAM policy object consists of list of role bindings.', 'start': 690.791, 'duration': 3.682}, {'end': 697.494, 'text': 'A role binding binds a list of members to a role.', 'start': 694.773, 'duration': 2.721}], 'summary': 'Iam policies grant access to users by defining role bindings.', 'duration': 25.79, 'max_score': 671.704, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI671704.jpg'}, {'end': 755.898, 'src': 'embed', 'start': 714.562, 'weight': 3, 'content': [{'end': 719.145, 'text': 'like the IAM methods are set, IAM policy which sets policies on your resources.', 'start': 714.562, 'duration': 4.583}, {'end': 722.847, 'text': 'Then there is get IAM policy which gets a policy that was previously set.', 'start': 719.185, 'duration': 3.662}, {'end': 725.349, 'text': 'Then there is test IAM permissions that sets.', 'start': 723.007, 'duration': 2.342}, {'end': 731.224, 'text': 'Then there are test IAM permissions, which test whether the caller has the specified permissions for a resource or not.', 'start': 726.121, 'duration': 5.103}, {'end': 734.666, 'text': 'Now moving on to the next and the last one, that is resource hierarchy.', 'start': 731.984, 'duration': 2.682}, {'end': 737.848, 'text': 'So Google Cloud resources are organized hierarchically.', 'start': 735.086, 'duration': 2.762}, {'end': 741.55, 'text': 'Like the organization is the root node in the hierarchy.', 'start': 738.288, 'duration': 3.262}, {'end': 744.491, 'text': 'Then there are folders, which are children of the organization.', 'start': 742.01, 'duration': 2.481}, {'end': 748.514, 'text': 'Then projects are children of the organizations or of a folder.', 'start': 745.112, 'duration': 3.402}, {'end': 753.256, 'text': 'And the last one, like the resources for each service are descendants of projects.', 'start': 749.014, 'duration': 4.242}, {'end': 755.898, 'text': 'Each resource has exactly one parent.', 'start': 754.157, 'duration': 1.741}], 'summary': 'Iam methods set policies on resources, test permissions, and manage hierarchy.', 'duration': 41.336, 'max_score': 714.562, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI714562.jpg'}], 'start': 472.932, 'title': 'Google cloud access management and resource hierarchy', 'summary': 'Covers google cloud access management, including iam policy, resource, permissions, roles, and iam policy objects, with examples such as granting access to specific resources, defining permissions at project level, and creating custom roles. it also explains the google cloud resource hierarchy, including organization, folders, projects, and resources, and how iam policies are inherited and applied at different levels, with an example illustrating policy inheritance and its impact on child resources.', 'chapters': [{'end': 714.562, 'start': 472.932, 'title': 'Google cloud access management', 'summary': 'Covers google cloud access management, including iam policy, resource, permissions, roles, and iam policy objects, with examples such as granting access to specific resources, defining permissions at project level, and creating custom roles.', 'duration': 241.63, 'highlights': ['IAM policy objects consist of a list of role bindings, which bind members to roles, enabling access control. IAM policy objects consist of a list of role bindings, which bind members to roles, enabling access control.', 'Predefined roles provide finer-grained access control than basic roles, such as PubSubPublisher role providing access to only publish messages to a PubSub topic. Predefined roles provide finer-grained access control than basic roles, such as PubSubPublisher role providing access to only publish messages to a PubSub topic.', "Custom roles allow tailoring permissions to the organization's needs, with the example of a custom role like compute.instance.admins providing access to specific resources and operations. Custom roles allow tailoring permissions to the organization's needs, with the example of a custom role like compute.instance.admins providing access to specific resources and operations.", 'IAM methods are exposed by services such as resource manager, PubSub, and cloud life sciences APIs for creating and managing access control policies on Google Cloud resources. IAM methods are exposed by services such as resource manager, PubSub, and cloud life sciences APIs for creating and managing access control policies on Google Cloud resources.', 'Permissions are represented in the form of service.resource.verb, often corresponding one-to-one with REST API methods, and are granted to users indirectly through roles containing the appropriate permissions. Permissions are represented in the form of service.resource.verb, often corresponding one-to-one with REST API methods, and are granted to users indirectly through roles containing the appropriate permissions.']}, {'end': 848.241, 'start': 714.562, 'title': 'Google cloud resource hierarchy & iam policies', 'summary': 'Explains the google cloud resource hierarchy, including organization, folders, projects, and resources, and how iam policies are inherited and applied at different levels, with an example illustrating policy inheritance and its impact on child resources.', 'duration': 133.679, 'highlights': ['IAM methods like set, get, and test permissions are used to manage IAM policies on resources, with policies being set at different levels in the resource hierarchy.', 'Google Cloud resources are organized hierarchically, with organizations as the root node, followed by folders, projects, and resources, each having exactly one parent.', 'IAM policies can be set at any level in the resource hierarchy, and resources inherit policies from their parent resources, with the effective policy being the union of set policies and inherited policies.', "Policy inheritance is transitive, leading to organizations' policies applying to resource levels, and policies for child resources inheriting from their parent resources.", 'An example is given to illustrate how policy inheritance works, showing the impact on granting roles to users at different levels in the resource hierarchy.']}], 'duration': 375.309, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI472932.jpg', 'highlights': ['IAM policy objects consist of a list of role bindings, which bind members to roles, enabling access control.', 'Predefined roles provide finer-grained access control than basic roles, such as PubSubPublisher role providing access to only publish messages to a PubSub topic.', "Custom roles allow tailoring permissions to the organization's needs, with the example of a custom role like compute.instance.admins providing access to specific resources and operations.", 'IAM methods like set, get, and test permissions are used to manage IAM policies on resources, with policies being set at different levels in the resource hierarchy.', 'Google Cloud resources are organized hierarchically, with organizations as the root node, followed by folders, projects, and resources, each having exactly one parent.']}, {'end': 1101.148, 'segs': [{'end': 978.003, 'src': 'embed', 'start': 919.62, 'weight': 0, 'content': [{'end': 921.221, 'text': 'If you combine both these rules,', 'start': 919.62, 'duration': 1.601}, {'end': 930.469, 'text': 'then you can be certain that every user who has access to the Google Cloud Platform project needs to validate themselves using MFA.', 'start': 921.221, 'duration': 9.248}, {'end': 936.974, 'text': 'This makes it much harder to compromise your project, even if the password for an email address leaks from another source.', 'start': 930.469, 'duration': 6.505}, {'end': 940.277, 'text': 'Second thing is you can set up password policy for users.', 'start': 937.895, 'duration': 2.382}, {'end': 947.963, 'text': 'The password policy settings are technically not inside the Google Cloud Platform but at the discretion of the Google Suite Domain Administrator.', 'start': 940.557, 'duration': 7.406}, {'end': 954.108, 'text': 'If you only allow users from your domain and the domain is set up with the right password policy,', 'start': 948.484, 'duration': 5.624}, {'end': 960.632, 'text': 'then these two things combined will result in the password policy being enforced on all your Google Cloud Platform users.', 'start': 954.108, 'duration': 6.524}, {'end': 964.354, 'text': 'Third one is give the necessary but the least possible privileges.', 'start': 961.592, 'duration': 2.762}, {'end': 969.357, 'text': 'So it is a good practice in general to only give the minimum necessary privileges to all of your users.', 'start': 964.774, 'duration': 4.583}, {'end': 973.9, 'text': 'If all of the previously discussed account protection methods fail,', 'start': 969.518, 'duration': 4.382}, {'end': 978.003, 'text': 'your attackers will still have fewer services to break into a still information form.', 'start': 973.9, 'duration': 4.103}], 'summary': 'Enforce mfa, password policy, and minimal privileges to enhance google cloud platform security.', 'duration': 58.383, 'max_score': 919.62, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI919620.jpg'}, {'end': 1026.553, 'src': 'embed', 'start': 1000.298, 'weight': 2, 'content': [{'end': 1005.681, 'text': 'This is a least resort security control to avoid unexpected runaway spending.', 'start': 1000.298, 'duration': 5.383}, {'end': 1014.576, 'text': 'For example, If you have a faulty script creating resources in a recursive manner, it will only be able to create them up to the quota limits.', 'start': 1005.841, 'duration': 8.735}, {'end': 1020.241, 'text': "It can also protect against compromised account creating a lot of new resources for the attacker's purposes.", 'start': 1014.996, 'duration': 5.245}, {'end': 1026.553, 'text': 'The quotas can be changed on the quotas page, but it requires the service usage.quotas.update permission,', 'start': 1020.851, 'duration': 5.702}], 'summary': 'Implement least resort security control to limit resource creation and prevent unexpected spending and unauthorized activities.', 'duration': 26.255, 'max_score': 1000.298, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1000298.jpg'}, {'end': 1107.084, 'src': 'embed', 'start': 1080.772, 'weight': 3, 'content': [{'end': 1087.818, 'text': 'This can be achieved by creating a new key for the service account, then overwriting the current key with the new one.', 'start': 1080.772, 'duration': 7.046}, {'end': 1092.501, 'text': 'Everywhere it was saved and then deleting the old key associated with the service account.', 'start': 1088.158, 'duration': 4.343}, {'end': 1097.985, 'text': 'This way, even if an application where the key was stored is compromised without your knowledge,', 'start': 1092.581, 'duration': 5.404}, {'end': 1101.148, 'text': 'the attacker will only have a limited time window to use the key.', 'start': 1097.985, 'duration': 3.163}, {'end': 1107.084, 'text': 'Now that you have a theoretical understanding of Google Cloud Identity and Access Management working in concepts,', 'start': 1101.86, 'duration': 5.224}], 'summary': 'Replace service account key to limit attacker access', 'duration': 26.312, 'max_score': 1080.772, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1080772.jpg'}], 'start': 848.881, 'title': 'Google cloud platform security best practices', 'summary': 'Covers practical iam security settings for google cloud platform including enforcing multi-factor authentication, setting up password policy for users resulting in enhanced security. it also emphasizes giving minimum necessary privileges to users, setting up quotas to prevent unexpected spending, and regularly rotating service account keys.', 'chapters': [{'end': 960.632, 'start': 848.881, 'title': 'Iam security settings for google cloud platform', 'summary': 'Highlights the practical actionable settings to greatly improve the security of your project in google cloud platform, including enforcing multi-factor authentication and setting up password policy for users, which can result in enhanced security for all platform users.', 'duration': 111.751, 'highlights': ['Enforce multi-factor authentication (MFA) Enforcing MFA for Google Cloud Platform users, especially for those from the Google Suite domain, greatly enhances project security by requiring additional proof for user authentication.', 'Setting up password policy for users By setting up the right password policy for users within the Google Suite domain, the policy can be enforced on all Google Cloud Platform users, further enhancing the overall security.']}, {'end': 1101.148, 'start': 961.592, 'title': 'Google cloud platform security best practices', 'summary': 'Emphasizes giving minimum necessary privileges to users, setting up quotas to prevent unexpected spending, and regularly rotating service account keys to enhance security on google cloud platform.', 'duration': 139.556, 'highlights': ['Set up quotas to prevent unexpected runaway spending and protect against compromised accounts creating new resources. Default quotas are set for every newly created project on Google Cloud platform, which can prevent unexpected spending and protect against compromised accounts creating new resources.', "Regularly rotate service account keys to limit the attacker's window of opportunity if an application is compromised. It is a good practice to regularly rotate the keys of the service account by creating a new key, overwriting the current key with the new one, and then deleting the old key associated with the service account to limit the attacker's window of opportunity if an application is compromised.", 'Emphasize giving minimum necessary privileges to all users to reduce the attack surface. It is a good practice to only give the minimum necessary privileges to all users in order to reduce the attack surface and mitigate potential security risks.']}], 'duration': 252.267, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI848881.jpg', 'highlights': ['Enforce multi-factor authentication (MFA) for Google Cloud Platform users greatly enhances project security.', 'Setting up password policy for users within the Google Suite domain enhances overall security.', 'Set up quotas to prevent unexpected spending and protect against compromised accounts creating new resources.', "Regularly rotate service account keys to limit the attacker's window of opportunity if an application is compromised.", 'Emphasize giving minimum necessary privileges to all users to reduce the attack surface.']}, {'end': 1432.414, 'segs': [{'end': 1128.321, 'src': 'embed', 'start': 1101.86, 'weight': 0, 'content': [{'end': 1107.084, 'text': 'Now that you have a theoretical understanding of Google Cloud Identity and Access Management working in concepts,', 'start': 1101.86, 'duration': 5.224}, {'end': 1110.827, 'text': "let's now see a practical demonstration of it on Google Cloud Platform.", 'start': 1107.084, 'duration': 3.743}, {'end': 1113.769, 'text': 'So we are at Google Cloud Console now.', 'start': 1112.068, 'duration': 1.701}, {'end': 1117.933, 'text': 'This is how the dashboard of Google Cloud Platform looks like, means console looks like.', 'start': 1113.789, 'duration': 4.144}, {'end': 1121.736, 'text': 'You can see the ID, dhruv.pantya.edureka.co.', 'start': 1118.633, 'duration': 3.103}, {'end': 1126.279, 'text': 'So what we are going to do is, we are going to see the Identity and Access Management.', 'start': 1122.296, 'duration': 3.983}, {'end': 1128.321, 'text': "So let's move on to IAM.", 'start': 1126.299, 'duration': 2.022}], 'summary': 'Practical demonstration of google cloud iam on gcp.', 'duration': 26.461, 'max_score': 1101.86, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1101860.jpg'}, {'end': 1263.975, 'src': 'embed', 'start': 1236.296, 'weight': 2, 'content': [{'end': 1240.838, 'text': 'And similarly, if you go to cloud storage, you can access other services also through this account,', 'start': 1236.296, 'duration': 4.542}, {'end': 1242.959, 'text': 'because you have the editor option at project level.', 'start': 1240.838, 'duration': 2.121}, {'end': 1246.821, 'text': "Okay Let's go to cloud storage.", 'start': 1243.419, 'duration': 3.402}, {'end': 1250.102, 'text': 'And you can see there is this demo store cloud is here.', 'start': 1247.861, 'duration': 2.241}, {'end': 1255.953, 'text': 'so you can even create a new bucket or you can just go to this one and you can upload any file into it.', 'start': 1250.652, 'duration': 5.301}, {'end': 1263.975, 'text': "also, like, i'll show you how upload files say okay, and just upload this so you can see how upload has been done,", 'start': 1255.953, 'duration': 8.022}], 'summary': 'Access other services through cloud storage account, create and upload files easily.', 'duration': 27.679, 'max_score': 1236.296, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1236296.jpg'}, {'end': 1412.792, 'src': 'embed', 'start': 1382.441, 'weight': 1, 'content': [{'end': 1386.163, 'text': 'now i can even delete these roles like the real roles i provided.', 'start': 1382.441, 'duration': 3.722}, {'end': 1390.685, 'text': 'so i can delete this role completely okay, so i can just remove it from here.', 'start': 1386.163, 'duration': 4.522}, {'end': 1395.967, 'text': "confirm, okay, so that's how the role has been deleted.", 'start': 1390.685, 'duration': 5.282}, {'end': 1399.829, 'text': 'i hope you have understand how intd and access management in google cloud works.', 'start': 1395.967, 'duration': 3.862}, {'end': 1405.106, 'text': "With this we come to the end of today's session of Identity and Access Management in Google Cloud.", 'start': 1400.523, 'duration': 4.583}, {'end': 1408.469, 'text': 'I hope you had a great time learning and understanding about it.', 'start': 1405.587, 'duration': 2.882}, {'end': 1412.792, 'text': 'And if you have any queries, please feel free to leave them down in the comment section below.', 'start': 1408.829, 'duration': 3.963}], 'summary': 'Demonstrated how to delete roles in google cloud iam and concluded session on iam in google cloud.', 'duration': 30.351, 'max_score': 1382.441, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1382441.jpg'}], 'start': 1101.86, 'title': 'Google cloud iam management', 'summary': 'Demonstrates a practical application of google cloud iam on google cloud platform, showcasing the process of providing new access permissions, including giving editor role at project level and viewer role at resource level, and accessing a virtual machine instance. it also provides a detailed walkthrough of managing identity and access in google cloud, including creating, editing, and deleting roles, and accessing storage at project and resource levels through the cloud shell, with the final demonstration showcasing the limitations of permissions and the method for viewing files through the command line interface.', 'chapters': [{'end': 1235.716, 'start': 1101.86, 'title': 'Google cloud iam demo', 'summary': 'Demonstrates a practical application of google cloud iam on google cloud platform, showcasing the process of providing new access permissions, including giving editor role at project level and viewer role at resource level, and accessing a virtual machine instance.', 'duration': 133.856, 'highlights': ['The chapter demonstrates a practical application of Google Cloud IAM on Google Cloud Platform, showcasing the process of providing new access permissions, including giving editor role at project level and viewer role at resource level, and accessing a virtual machine instance.', 'The dashboard of Google Cloud Platform is shown, with the demonstration of providing new access permissions and assigning roles at different levels.', 'The process of adding a new account and giving editor role at project level, and choosing cloud storage with the viewer option at resource level, is explained.', 'Accessing a virtual machine instance and creating a new instance from a different account with the provided permissions is illustrated.']}, {'end': 1432.414, 'start': 1236.296, 'title': 'Google cloud iam management', 'summary': 'Provides a detailed walkthrough of managing identity and access in google cloud, including creating, editing, and deleting roles, and accessing storage at project and resource levels through the cloud shell, with the final demonstration showcasing the limitations of permissions and the method for viewing files through the command line interface.', 'duration': 196.118, 'highlights': ['The chapter covers creating, editing, and deleting roles in Google Cloud IAM, with a demonstration of the process for each action, showcasing the management capabilities of IAM in the platform.', 'The walkthrough includes accessing cloud storage at both project and resource levels, demonstrating the ability to upload, delete, and view files through the cloud shell, providing practical insights into managing storage permissions.', 'The limitations of permissions are highlighted, demonstrating the impact of role deletion on access to resources, emphasizing the importance of understanding and managing permissions effectively in Google Cloud IAM.', 'The method for viewing files through the command line interface, specifically the cloud shell, is showcased, providing a practical approach for accessing files when console access is restricted, offering a valuable alternative for managing resources.']}], 'duration': 330.554, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/kzfepaEmIDI/pics/kzfepaEmIDI1101860.jpg', 'highlights': ['The chapter demonstrates a practical application of Google Cloud IAM on Google Cloud Platform, showcasing the process of providing new access permissions, including giving editor role at project level and viewer role at resource level, and accessing a virtual machine instance.', 'The chapter covers creating, editing, and deleting roles in Google Cloud IAM, with a demonstration of the process for each action, showcasing the management capabilities of IAM in the platform.', 'The walkthrough includes accessing cloud storage at both project and resource levels, demonstrating the ability to upload, delete, and view files through the cloud shell, providing practical insights into managing storage permissions.', 'The limitations of permissions are highlighted, demonstrating the impact of role deletion on access to resources, emphasizing the importance of understanding and managing permissions effectively in Google Cloud IAM.']}], 'highlights': ['IAM grants granular access to specific Google Cloud resources.', 'Google Cloud IAM follows the security principle of least privilege.', 'Real-life scenario illustrates least privilege access concept.', 'Senior analysts have much more access to cloud resources, including more Excel sheets and various other analytical tools compared to junior analysts.', 'IAM manages access control by defining roles and permissions for resources in Google Cloud.', 'IAM allows managing access control by defining roles and permissions for resources in Google Cloud, such as compute engine virtual machine instances, Google Kubernetes engine clusters, and cloud storage buckets.', 'Permissions in IAM are grouped into roles and granted to authenticated members via IAM policies attached to resources.', 'IAM includes various types of members such as Google accounts, service accounts, Google Groups, Google Workspace domains, and Cloud Identity Domains, each representing different entities with specific access privileges.', 'IAM policy objects consist of a list of role bindings, which bind members to roles, enabling access control.', 'Predefined roles provide finer-grained access control than basic roles, such as PubSubPublisher role providing access to only publish messages to a PubSub topic.', "Custom roles allow tailoring permissions to the organization's needs, with the example of a custom role like compute.instance.admins providing access to specific resources and operations.", 'IAM methods like set, get, and test permissions are used to manage IAM policies on resources, with policies being set at different levels in the resource hierarchy.', 'Google Cloud resources are organized hierarchically, with organizations as the root node, followed by folders, projects, and resources, each having exactly one parent.', 'Enforce multi-factor authentication (MFA) for Google Cloud Platform users greatly enhances project security.', 'Setting up password policy for users within the Google Suite domain enhances overall security.', 'Set up quotas to prevent unexpected spending and protect against compromised accounts creating new resources.', "Regularly rotate service account keys to limit the attacker's window of opportunity if an application is compromised.", 'Emphasize giving minimum necessary privileges to all users to reduce the attack surface.', 'The chapter demonstrates a practical application of Google Cloud IAM on Google Cloud Platform, showcasing the process of providing new access permissions, including giving editor role at project level and viewer role at resource level, and accessing a virtual machine instance.', 'The chapter covers creating, editing, and deleting roles in Google Cloud IAM, with a demonstration of the process for each action, showcasing the management capabilities of IAM in the platform.', 'The walkthrough includes accessing cloud storage at both project and resource levels, demonstrating the ability to upload, delete, and view files through the cloud shell, providing practical insights into managing storage permissions.', 'The limitations of permissions are highlighted, demonstrating the impact of role deletion on access to resources, emphasizing the importance of understanding and managing permissions effectively in Google Cloud IAM.']}