richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed emojis, merged 2 folders, removed duplication

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-11 16:47:35 +02:00
parent 9b7b3a3a85
commit 24403ce731
92 changed files with 106 additions and 1432 deletions
Download patch file Download diff file Expand all files Collapse all files

15
Corpus/Sparks/Identity and Access Management (IAM).md
View file

@ -6,6 +6,21 @@ In IAM, permission to access a resource isn't granted _directly_ to the end us
An _allow policy_, also known as an _IAM policy_, defines and enforces what roles are granted to which principals. Each allow policy is attached to a resource. When an authenticated principal attempts to access a resource, IAM checks the resource's allow policy to determine whether the action is permitted.
See:
- [Identification](Identification.md) "This is who I am"
- [Authentication](../Standards/ISO27x/Authentication.md) "This is how I prove it"
- [Authorization](../Standards/ISO27x/Authorization.md) "... then this is what you get access to"
- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md)
- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
## How IAM works
With IAM, you manage access control by defining _who_ (identity) has _what access_ (role) for _which resource_. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources.
In IAM, permission to access a resource isn't granted _directly_ to the end user. Instead, permissions are grouped into _roles_, and roles are granted to authenticated _principals_. (In the past, IAM often referred to principals as _members_. Some APIs still use this term.)
An _allow policy_, also known as an _IAM policy_, defines and enforces what roles are granted to which principals. Each allow policy is attached to a resource. When an authenticated principal attempts to access a resource, IAM checks the resource's allow policy to determine whether the action is permitted.
See:
- [Identification](Identification.md) "This is who I am"
- [Authentication](../Standards/ISO27x/Authentication.md) "This is how I prove it"