Hello Google Cloud Community,
I’m in charge of managing our company’s Google Cloud environment, which consists of over 100 projects. We maintain a clear separation between production and development projects.
Our current workflow is to grant the roles/owner permission to users when we provision a new project.
However, we are becoming concerned about the risks this poses, especially for our production environments. Once a project is live, we feel it’s not ideal for users to have owner privileges that allow them to modify or delete any resource at any time. This creates a significant risk of accidental changes or deletions in production.
We are considering moving these users to the roles/viewer permission in production to mitigate this risk. This would provide them with read-only access for monitoring and debugging, without the ability to make changes.
I would like to ask the community for advice:
-
Is reducing privileges from
ownertoviewerin production a good approach? -
What are the common best practices for managing developer access to production environments at this scale?
-
Are there other roles, such as more granular predefined roles (e.g.,
roles/monitoring.viewer,roles/logging.viewer) or custom roles, that we should be using instead? -
How do others handle the need for temporary, elevated access (i.e., “break-glass” scenarios) in production if developers are restricted to read-only?
Any insights or recommendations on how to manage this securely and efficiently across hundreds of projects would be greatly appreciated.
Thank you!