Is there a native GCP service that supports Attribute based access control (ABAC). I am aware of Cloud IAP but supports RBAC i guess.
Hi @dheerajpanyam ,
Welcome to Google Cloud Community
While Google Cloud Platform (GCP) doesn’t offer a dedicated ‘ABAC service,’ it provides robust native support for Attribute-Based Access Control (ABAC). This is primarily achieved by strategically combining three key features:
- IAM Conditions: provide the means to establish and apply access controls for Google Cloud resources based on attributes and conditions.
- Resource Tags: You can use tags and conditional enforcement of policies for fine-grained control across your resource hierarchy.
- Access Context Manager: allows you to define fine-grained access control based on user identity and the context of the request (e.g. IP address, User Identity, Device Type and Operating System)
For additional reference for Attribute for IAM Conditions.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.
Thanks @kensan . Sorry i was not clear, what i need is ABAC that is more application related perhaps needs to be handled by the app. This is not ABAC for GCP Infra access.
No, GCP does not have a standalone managed ABAC service.
What GCP does provide instead:
-
IAM Conditions – Add attribute-based rules (using CEL) to IAM role bindings.
-
Resource labels/tags – Use resource attributes in access decisions.
-
Access Context Manager – Enforce access based on context (IP, device, location).
Together, these let you implement ABAC-style access on top of GCP’s RBAC-based IAM, but there’s no dedicated, centralized ABAC policy engine managed by Google Cloud.
If you need full ABAC for applications, you typically implement it yourself or use external policy engines (e.g., OPA, Cerbos).