Assigned
Status Update
No update yet.
Comments
ka...@google.com
on...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Background:
We have a set of PAM entitlements that we can leverage for break-glass access. As they could apply to any project in our organization we would like to define this entitlement on our org node instead of on every single project.
When a grant is requested, a user likely only needs elevated access to a specific project though, and not to every project in the org.
It would be helpful if the user can choose a lower level in the resource hierarchy to apply the grant on.
It could be like a dynamic IAM condition that you can specify while requesting the grant. An approver could review this condition before allowing the grant.