Assigned
Status Update
No update yet.
Comments
ka...@google.com
al...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
What you would like to accomplish:
- Customer is rolling out IAM Deny and needs Wildcard (*) support for Principals. Wildcard support is currently only for permissions and not for principals.
How this might work:
- Specifically we're looking to have support for a wildcard (*) when defining exception principals.
If applicable, reasons why alternative solutions are not sufficient:
- In the provisioning process, sometimes is needed to provision many Service Accounts specific to each project. Hence, we would like to have support to be able to specify a wildcard in the exception principals to allow for that syntax for a policy rule and afterwards implement security recommendations.
- Impact Rolling out IAM Deny is much harder without wildcard support for principals.
Other information (workarounds you have tried, documentation consulted, etc):
- Documentation is a bit confusing because shows (*) for identities in a pool [1].
[1]