Getting started with Google Cloud – Resource Hierarchy

Resource Hierarchy Google Cloud

Written By: Mitali Bhalla

Why do we need to understand Google Cloud – Resource Hierarchy ? When you build an application, security comes under your responsibility. Physical security of the hardware, network integrity and securing the content present in the application, all these aspects are your factors of concern.


Let’s see how Google can help us…

When you move an application to Google Cloud Platform, Google takes up much of your work by handling many lower layers of security.

Google delivers a higher level of security at these layers than most of its customers could afford to do on their own. However, the upper layers of the security remain the customer’s responsibility.

Hence, when you shift to Google Cloud Platform, Google comes to your rescue by sharing the security handling responsibility with you which was earlier a matter of concern for you for your application. Google Platform tools like IAM help its customers to implement various security policies at these layers.


All resources of Google like virtual machines, BigQuery tables, buckets etc. are organized into projects. To organize the projects more, we can create and group them into folders. Further, all the projects and folders can be brought and grouped under a node. At all these levels of hierarchy, we can define our policies of security like whom to provide access, what amount and type of access will be provided to whom, who can modify the work etc. Policies are inherited downwards in the hierarchy.

Resource Hierarchy in Google Platform
Resource Hierarchy in Google Cloud Platform

Understanding hierarchy levels of Google Cloud Platform

All Google Cloud Platform resources belong to a Google Cloud Platform Console project. Projects are the basis for enabling and using Google Cloud Platform services. Each project is a separate compartment, and each resource belongs to exactly one. Projects can have different owners and users and they are managed and billed separately.

Hierarchy levels in google cloud platform

Each GCP project has a name and project ID (assigned by the user). The project ID is a permanent, unchangeable identifier, and it has to be unique across GCP. Project names are for own convenience and can be changed and modified accordingly.

The Cloud IAM Folders feature lets the user assign policies to resources at each level. The resources in a folder inherit IAM policies assigned to the folder. An organization node at the top of the hierarchy is required for the use of folders.

With an organization node the user can create folders inside it and put projects in those folders. The organization node can perform special tasks and roles like:

1. Designate a policy administrator

This allows only specific people to change the policies

2. Assign a project creator

The person who can control do money management.

If the organization is a G Suite customer, all projects of all the users of organization will belong to the organization automatically. Otherwise, Google Cloud Identity can be used to create an organization node.

Hence, Google Cloud Platform hierarchy is created in a manner to help its users sort, manage and secure their data and projects effectively in most efficient manner. This serves as one of the major reasons to shift to this amazing platform created by Google!

Recommended Posts –
An Insight Into The World Of Google Cloud

Read other Articles by Mitali Bhalla here.
Read other articles on Google Cloud here.

Spread the love

Leave a Comment

Your email address will not be published. Required fields are marked *