Google Cloud — IAM users extraction across all projects in a GCP org

Rajathithan Rajasekar
3 min readMay 18, 2020

Any enterprise would always like to know who has access and what level of access the users have to their systems and resources. You can get the users and groups information from your identity solution like Okta, Cloud identity etc.

GCP’s opensource security tool , Forseti security also enables you to get the user list, groups and roles for your entire org., actually it can do more than that like collecting your entire organization’s inventory , visualizing it, reporting violations, etc.. it is separate topic for itself, so we will concentrate only on IAM now.

Let’s see how to retrieve all the users list information from google cloud org in a cloud shell. To get the user list from a project , the below gcloud command is used

gcloud projects get-iam-policy $projectname

It displays the result in yaml format, which i find very difficult to read and interpret on who has access and what role they have, when the list is huge. [ You might have a different view on this :) ]

--members
- john.smith@somecompany.com
- jane.doe@somecompany.com
role: roles/viewer

Even if you are an org-admin, you wont be able to get the list of users for all projects in a single gcloud command . I think there might be a…

--

--

Rajathithan Rajasekar
Rajathithan Rajasekar

Written by Rajathithan Rajasekar

I like to write code in Python . Interested in cloud , dataAnalysis, computerVision, ML and deepLearning. https://rajathithanrajasekar.medium.com/membership

Responses (3)