Livoa LogoLivoa
GCP Access Control Process Flow (with Tools)
1. User Requires Access (PROD/UAT/DEV)
User "Access Request" Ticket


- User info, Justification

- User info, Justification (linked Confluence)

- Resources

- Enviroment IAM Role

- Duration

Initial Reviewer Approval
Technical/Security Approval (Jira)
UAT: Manager, App Owner
2. Approval Workflow
Jira (Authorization/App Code)
GCP IAM Provisioning


(Manual via GCP Console)

All Apportioning Team Verifies (CCP Tooling/Upload)
Jira Ticket
3. Access Verification & Testing
4. Access Provisioning
App/Prod/Dev Codebase (IaC for Apps)
GCP Devops CI/CD Pipeline (Cloud Build/Deploy)
Reviewers (Managers/App Owners) (Jira/Confluence)
Update Complete Title
5. Access Revocation
Key Priorities:


Least Privilege IAM POLICIES, Segregation of Duties, Temporary Access (IAM Conditions)

6. Access Review & Testing
Initiate Revocation (Jira Ticket) (Role Change/Offboarding/Early)
Devops CI/CD Pipeline (Cloud Build/Deploy)
Immediate Revocation (Critical Cases)
GCP
DEV
X

Test

by Neeraj

0
0 uses