Understanding the Effective Policy Hierarchy for Google Cloud Platform Resources

C.

In Google Cloud Platform (GCP), resources are managed hierarchically using organization, folders, and projects. IAM policies can be set at any level of the hierarchy, and these policies define who can access what resources and what actions they can perform on those resources.

When IAM policies exist at different levels of the hierarchy, the effective policy at a particular node of the hierarchy is determined by the interaction between the policies set at that node and the policies inherited from its ancestors.

The effective policy at a node is the result of merging the policies set at that node and the policies inherited from its ancestors. The specific way in which policies are merged depends on the policy inheritance model used by the organization. There are two policy inheritance models:

1. Union model: In this model, the effective policy at a node is the union of the policies set at that node and the policies inherited from its ancestors. This means that if a user has access to a resource at any level of the hierarchy, they will have access to that resource at all levels of the hierarchy.

2. Intersection model: In this model, the effective policy at a node is the intersection of the policies set at that node and the policies inherited from its ancestors. This means that if a user has access to a resource at any level of the hierarchy, they will only have access to that resource at the levels of the hierarchy where the policy is set.

In summary, the effective policy at a particular node of the hierarchy in GCP is determined by the interaction between the policies set at that node and the policies inherited from its ancestors. The specific way in which policies are merged depends on the policy inheritance model used by the organization.