Access & Identity
Decide who — and what — can do what. Organize work into projects, grant permissions through roles, automate with service accounts, and review activity in the audit log.
Projects
A workspace that owns deployments, domains, disks, registry, and access.
Roles & permissions
Named bundles of permissions you bind to users or service accounts.
Service accounts
Non-human identities for CI, automation, and anything that needs API credentials.
Workload identity
Federate to Google Cloud — let a deployment authenticate as a GCP service account without keys.
Audit log
Who did what, when. Filterable by resource, outcome, and time range.