Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

Is GCP configurable with root user and standard users as in AWS?

just want to understand, in AWS, the root user is having all access including billing information and usually we create a new standard user with necessary privilege to build cloud solution and this user may not have access to all resources including billing unless its granted by root user through IAM policy.

In GCP, when we are creating the billing configuration and export to Big query , it looks like all users having access to this information. is that not possible to have separate root user and other standard user to be created for specific projects in GCP similar to AWS with least privileges?

1 Answers

It is possible and this is explained in the lectures too. You can:
1. Create admin user ("root") with billing admin role.
2. As a "root" user create a separate project (in lectures it is called "Admin Project") and create a dataset for billing data export in that project. Other users will not have access to that project unless granted.
3. Create second user Google account. 
4. As a "root" user go to billing account management and assign second user to Billing Account User role.
5. Login as second user. Observe that now second user can use the billing account to create new projects but he cannot manage the billing account nor it can access billing data export.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?