What are the layers of the GCP Resource Hierarchy?
- Organization
- Folders
- Projects
- Resources
Which is the root node in the GCP Resource Hierarchy?
The Organization Resource
Roles: Organization Admin vs Organization Owner
- Organization Admin: Full power to edit all permissions.
- Organization Owner: Reserved for G Suite/Cloud Identity super admin.
More permissive parent policy…
…always overrules more restrictive child policy
In the GCP Resource Hierarchy, how many parents can an object have?
Each child object has only one parent
How are permissions inherited in the GCP Resource Hierarchy?
From top-down
What can Folders contain?
Projects and other folders
What are the identifiers of a Project?
- Project ID (must be globally unique)
- Project number (automatically generated)
- Project name (“friendly name”)
Which is the core organizational component of GCP?
The Project. Required to use and pay for any GPC resource.
How does Policy Inheritance work in the GCP Resource Hierarchy?
- Child nodes inherit parent permissions (all the way down). Example: Project Editor role granted at Organization node applies to all folders, projects and resources down the line. Example: Project Viewer role granted top folder applies to all projects and resources inside of folder.
- More permissive parent policy will also overrule restrictive child policy.
What can you see on the Dashboard page of an Organization?
Nothing. It immediately contains no resources (“Page not viewable for organizations. To view this page, select a project”).
What can you see on the Dashboard page of a Folder?
Nothing. It immediately contains no resources (“Page not viewable for folders. To view this page, select a project”).
What happens with folder-applied IAM roles if a project is removed from a folder?
Beware: Removing a project from a folder will remove folder-applied IAM roles.
