Module 3 · GCP Organisation Hierarchy

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 27, 2026
1 min read
Read as

Last updated: April 29, 2026

100% Free

No signup. No paywall. No catch. One of our 10 most-requested practitioner modules — published in full so anyone can learn for free. We earn through consulting, not by gating knowledge.

See all 10 free modules →

GCP’s hierarchy is the foundation of multi-project security.

GCP’s hierarchy is the foundation of multi-project security.

Levels

  • Organisation — top; tied to your Google Workspace / Cloud Identity domain
  • Folders — group projects (by environment, business unit)
  • Projects — workload boundary; resources live here
  • Resources — buckets, instances, etc.

IAM inheritance

Roles granted at higher levels apply to all child resources. Org-level Owner = Owner everywhere. Use folder-level for tighter scoping.

Org Policy Service

Set guardrails enforced organisation-wide. Examples:

  • compute.disableSerialPortAccess
  • iam.disableServiceAccountKeyCreation
  • storage.publicAccessPrevention
  • compute.skipDefaultNetworkCreation

Constraints inherit; can be overridden at project level only with explicit org-admin permission.

🧠
Check your understanding

Module Quiz · 6 questions

Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
← Previous · Module 2
Module 2 · GCP Advanced — VPC-SC, WIF, Confidential Computing
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Intermediate

Resource hierarchy, IAM, service accounts, network, GCS/SQL/GKE/KMS hardening, Security Command Center.

Apr 22, 2026 · 5 min read
Academy
Module 2 · Advanced

VPC Service Controls, Workload Identity Federation, BeyondCorp, Confidential VMs, Assured Workloads, EKM.

Apr 22, 2026 · 5 min read
Academy
Module 4 · Advanced

Last updated: April 29, 2026 100% Free No signup. No paywall. No catch. One of our…

Apr 27, 2026 · 1 min read