google-cloud-privileged_access_manager 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +48 -1
- data/lib/google/cloud/privileged_access_manager/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6c5414a23e8310f2f2379de4b37969d3bb2294440ce1049b1cd5a82813ffb124
|
4
|
+
data.tar.gz: da26a13fb5d759d1fd9811ba28581ea474dfb1d838a7246f9f807c7ca06116c9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c09252e3f0fe829eb3f874078f4d18a5b6826448d09331251177684b55b442439ba580e5eb35a101c629845e8c74c49d0a497f7a370f91ef5ba771ec3d8cdd99
|
7
|
+
data.tar.gz: 3cad6a3c8d2b05fb450841d670c71181b61ba00820ec50440bdf9cdace51b90f584293dbf293e962f0aca2a3c550a3576185aff400e7de343aab88f20f914771
|
data/README.md
CHANGED
@@ -2,7 +2,54 @@
|
|
2
2
|
|
3
3
|
Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.
|
4
4
|
|
5
|
-
## Overview
|
5
|
+
## Overview
|
6
|
+
|
7
|
+
Privileged Access Manager (PAM) is a Google Cloud native, managed solution
|
8
|
+
to secure, manage and audit privileged access while ensuring operational
|
9
|
+
velocity and developer productivity.
|
10
|
+
|
11
|
+
PAM enables just-in-time, time-bound, approval-based access elevations,
|
12
|
+
and auditing of privileged access elevations and activity. PAM lets you
|
13
|
+
define the rules of who can request access, what they can request access
|
14
|
+
to, and if they should be granted access with or without approvals based
|
15
|
+
on the sensitivity of the access and emergency of the situation.
|
16
|
+
|
17
|
+
## Concepts
|
18
|
+
|
19
|
+
### Entitlement
|
20
|
+
|
21
|
+
An entitlement is an eligibility or license that allows specified users
|
22
|
+
(requesters) to request and obtain access to specified resources subject
|
23
|
+
to a set of conditions such as duration, etc. entitlements can be granted
|
24
|
+
to both human and non-human principals.
|
25
|
+
|
26
|
+
### Grant
|
27
|
+
|
28
|
+
A grant is an instance of active usage against the entitlement. A user can
|
29
|
+
place a request for a grant against an entitlement. The request may be
|
30
|
+
forwarded to an approver for their decision. Once approved, the grant is
|
31
|
+
activated, ultimately giving the user access (roles/permissions) on a
|
32
|
+
resource per the criteria specified in entitlement.
|
33
|
+
|
34
|
+
### How does PAM work
|
35
|
+
|
36
|
+
PAM creates and uses a service agent (Google-managed service account) to
|
37
|
+
perform the required IAM policy changes for granting access at a
|
38
|
+
specific
|
39
|
+
resource/access scope. The service agent requires getIAMPolicy and
|
40
|
+
setIAMPolicy permissions at the appropriate (or higher) access scope
|
41
|
+
-
|
42
|
+
Organization/Folder/Project to make policy changes on the resources listed
|
43
|
+
in PAM entitlements.
|
44
|
+
|
45
|
+
When enabling PAM for a resource scope, the user/ principal performing
|
46
|
+
that action should have the appropriate permissions at that resource
|
47
|
+
scope
|
48
|
+
(resourcemanager.\\{projects|folders|organizations}.setIamPolicy,
|
49
|
+
resourcemanager.\\{projects|folders|organizations}.getIamPolicy, and
|
50
|
+
resourcemanager.\\{projects|folders|organizations}.get) to list and grant
|
51
|
+
the service agent/account the required access to perform IAM policy
|
52
|
+
changes.
|
6
53
|
|
7
54
|
Actual client classes for the various versions of this API are defined in
|
8
55
|
_versioned_ client gems, with names of the form `google-cloud-privileged_access_manager-v*`.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-privileged_access_manager
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-cloud-core
|