What is a Google Cloud IAM Role?
A Google Cloud IAM role is a collection of access permissions, such as read, write, and delete. These determine what a user can do once they federate into a Google Cloud project.
Kion helps you create, manage, and apply Google Cloud IAM roles from a central location. With Kion, you can create IAM roles once and easily apply them across multiple Google Cloud projects. When you need to make a change, you can update the role in Kion, and Kion will modify it in all of your Google Cloud projects.
Kion uniquely offers the option to deny permissions on Google Cloud IAM roles. You can deny specific permissions, or use wildcards to deny groups of permissions. Denials on IAM roles applied on OUs are inherited by descendant resources, enabling organization and department wide protections. For more information, see Preventative Google Cloud IAM Roles.
We strongly recommend that you grant access via the principle of least privilege. Read more about least privilege and how it applies to role definitions in Principle of Least Privilege.