Organizations form the root of the resource hierarchy. Folders, Projects and ultimately resources flow up into an Organization.
- Cloud Identity is an Identity Service which manages users and groups. Cloud Identity can be configured to support federation with AD or AAD for users and groups.
- IAM manages the role based access to resources. IAM policies let you control who, has what type of access to which resource.
- The resource hierarchy provides an inheritance model to allow for structured application of IAM policies to resources.
- Organization Policy manages the actions which are allowed on a resource regardless of who is performing them. It provides for a centralized and programatic control over cloud resources within an Organization.
Policies are inherited from higher level resources.
- You cannot revoke a policy which has been inherited.
- Policies are not retroactive. Resources which are already in place but violating a policy must be manually remediated.
- Moving a project from one folder to another inherits all of the policies from the target hierarchy