Skip to content
  • Products
    • Portfolio overview >

      Flexsave™

      Automatically manage cloud compute for optimized costs and agility

      Cloud Analytics

      Make sense of spend and chargeback to align with your business

      google cloud msp

      BigQuery Lens

      Optimize BigQuery costs with actionable recommendations and usage insights

      Spot Scaling

      Maximize AWS Spot savings and minimize disruptions for optimized scaling

      Anomaly Detection

      Autonomously identify cost spikes early, with zero configuration

      Platform overview >

      Organize your billing data for better business decisions

      Integrations >

      Connect your favorite tools to DoiT’s products

  • Services
    • Services overview >

      How we work

      Learn how we’re redefining support with our customer reliability engineering

      Stats

      View our live support and customer satisfaction statistics in real-time

      Cloud solutions

      Proven solutions to cloud complexity

      FinOps

      Learn how DoiT enables critical FinOps capabilities

      Areas of expertise

      Cloud Architecture

      Ensure your cloud architecture is future-ready and built for success

      Cloud Cost Optimization

      Identify opportunities to optimize costs and target spend for added value

      Cloud Migration

      Realize greater efficiency and innovation with successful cloud migration

      Cloud Security

      Center security in your cloud strategy to ensure ongoing efficacy and growth

      Data and Analytics

      Harness the potential of big data and analytics to gain a competitive edge

      Data Management

      Build your data practice with expert guidance tailored to your business goals

      DevOps Jump Start

      Accelerate your AWS workloads & release pipelines while also increasing automation, monitoring & reliability

      Infrastructure

      Maximize the full suite capabilities from your cloud infrastructure

      Kubernetes

      Manage the complexity of Kubernetes to enable innovation and scalability

      Location-Based Services

      Transform geolocational data into real-world, real-time intelligence

      Machine Learning

      Level-up key data with ML capabilities that accelerate innovation

      Multicloud

      Create meaningful business value with a robust multicloud strategy

      Training

      Build skills and capability across teams with certified, expert-led training

  • Partners
    • Alliances

      Proud to be an award‒winning multicloud partner to top‒tier cloud providers

      doit-together

      DoiT Together

      Enabling cloud growth and unlocking revenue through expert partnership

      ISV Go-Global

      Accelerate new customer growth and Marketplace integration on AWS and GCP

  • Resources
    • Resources hub >

      Blog

      Read the latest insights, tips and perspectives from our team of cloud experts

      Case Studies

      See how we’ve helped thousands of public cloud customers achieve their goals

      Cloud Masters Podcast

      Listen to our experts and customers share tangible tips for navigating the cloud.

      Ebooks and Guides

      Discover foundational expertise and future-ready recommendations for the cloud

      Events and Webinars

      Tech talks and interactive expert sessions delivered both virtually and in person

      GCPInstances.info

      Google Cloud Compute Engine instance comparison

      Help center

      Read documentation, product updates, and more

      Newsroom

      See what's new from DoiT in our latest news and announcements

      Trust Center

      How we focus on security, compliance, and privacy

      Videos

      Watch product demos, interviews and more from our cloud experts

  • About
    • About DoiT >

      Careers

      Browse our open positions and learn more about what it takes to be a Do’er

      Leadership

      Meet the team leading DoiT and our customers on a journey of hypergrowth

      Newsroom

      See what's new from DoiT in our latest news and announcements

  • Pricing
  • Contact us
  • Sign In
  • Products
    • Flexsave ™
    • Cloud Analytics
    • Spot Scaling
    • BigQuery Lens
    • Anomaly Detection
    • DoiT Platform
    • Integrations
  • Services
    • How We Work
    • Stats
    • Cloud Solutions
    • FinOps
    • Areas of expertise
      • Cloud Architecture
      • Cloud Cost Optimization
      • Cloud Migration Consulting Services
      • Cloud Security
      • Data and Analytics
      • Data Management
      • DevOps with AWS & DoiT
      • Infrastructure
      • Kubernetes
      • Location Based Services
      • Machine Learning
      • Multicloud
      • Training
  • Partners
    • ISV Go-Global
    • Award-winning public cloud partner
    • DoiT Together
  • Resources
    • Blog
    • Case Studies
    • Cloud Masters Podcast
    • Ebooks and Guides
    • Events and Webinars
    • GCPInstances.info
    • Help center
    • Newsroom
    • Trust Center
    • Videos
  • Pricing
  • About
    • Careers
    • Leadership
    • Newsroom
  • Contact us
  • Sign In
Contact us
Sign in

Blog

Using predefined IAM roles for enhanced Google Maps Platform governance

  • Tony Braun Tony Braun
  • Date: September 28, 2023

Google Maps Platform resources are provisioned and managed via the Google Maps Platform interface on the Google Cloud Console. There are multiple activities and functions that can be implemented via this interface, and their number and level of sophistication are increasing over time. This functionality often can have multiple consequences for any organization in terms of productivity, interactivity, and costs - and therefore there is often a need for an approach that will enable effective governance by providing fit-for-purpose access permissions to the various functions and activities.

Examples include the enablement of Maps-related APIs or SDKs, the creation of Maps API keys and credentials, the creation and editing of customized Maps visualization styles, and the uploading and management of customized Geospatial datasets.

This article examines using predefined Google Cloud IAM roles dedicated to Google Maps usage, which can enhance the governance of these activities more effectively according to a user organization’s permissions protocol.

 

In addition, the default Google Cloud IAM Project Owner and Project Editor roles provide the user with access to all the other non-Maps-related assets in the Google Cloud Project, which may not suit the customer’s user permission protocol.

These roles are assigned via the IAM & Admin menu page in the GCP Console:

Google Cloud has two primary predefined IAM roles relevant to the Google Maps Platform, which provide the following permissions:

  • Maps API Admin: grants read and write access to all the Maps API resources.
  • Maps API Viewer: grants read-only access to all the Maps API resources.

The detailed list of permissions for each of these roles is shown below:

Note how limited the Maps API Viewer’s access to the wide variety of functionality available on the Maps Platform Console interface is. Essentially a Maps API Viewer is able to only view and make use of existing Map IDs and Maps Styles of the relevant Maps-related GCP Project - without the possibility to make any additions, changes or deletions. These restrictions would, for example, perfectly suit the role of a junior programmer entrusted with creating code that includes predefined basemaps with custom cartographic styling that the programmer needs to use without changing the styling in any way. For example:

Naturally this restriction extends to other capabilities available via the Maps Platform Console interface, such as access to the API Key interface, or enabling additional APIs. The message below is received when a Maps API Viewer tries to access these restricted menu items:

If you would like to see what roles are associated with each specific permission, these can be viewed via the IAM permissions reference (search for mapsadmin). For example:

In addition to the Maps API Admin and Viewer roles described above, two new dedicated predefined roles have been introduced with the recent release of the new Maps Datasets API:

  • Maps Platform Datasets Admin: grants read and write access to all the Maps Platform Datasets API resources.
  • Maps Platform Datasets Viewer: grants read-only access to all the Maps Platform Datasets API resources.

These two very specific roles provide the ability to effectively manage and control access to the organization’s proprietary Geospatial datasets, as well as take advantage of the new Data-driven Styling (DDS) capabilities to cartographically style these datasets.

The detailed list of permissions for each of the predefined Datasets roles is shown below:

Lastly, there are two additional Maps-related predefined IAM roles which may seem rather obscure, but which can have a strong impact on the secure management of Maps API keys. The Maps Platform interface on the Google Cloud Console provides up-to-date insights and recommendations per GCP project about restricting API keys in order to prevent unauthorized usage. See example below:

IAM Roles specifically relevant to the viewing and application of these insights and recommendations are:

  • Google Maps Platform Insights/Recommendations Admin - admin of all Google Maps Platform insights and recommendations.

  • Google Maps Platform Insights/Recommendations Viewer - viewer of all Google Maps Platform insights and recommendations.

All of the predefined Maps IAM roles described above are very powerful and useful - but custom IAM roles could enable even finer control over permissions granted to users. If you are interested in learning about customized and highly granular IAM roles for the effective management of your team’s Google Maps Platform activities, please contact me via [email protected]

Subscribe to updates, news and more.

Subscribe

Subscribe to updates, news and more.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related blogs

On the money: Making DoiT Anomaly Detection more precise and personalized

With SKU-level anomaly detection and targeted anomaly alerting, you can drive a culture of responsible cloud spending while reducing the mean-time to resolve cost spike issues.

Keep reading 
7 cloud bill red flags featured

Seven not-so-obvious cloud bill red flags (and what you should do about it)

We share 7 subtle red flags in your cloud bill that may be reflective of an anti-pattern or overspending, and what you should do instead.

Keep reading 
Three steps to cost optimization culture

Three steps to establishing a cloud cost optimization culture in your company

The three foundational elements needed to build a cost optimization culture in your company — and a step by step guide to building one with DoiT’s products.

Keep reading 
View all blogs
Let’s do it

From cost optimization to cloud migration, machine learning and CloudOps, we’re here to make the public cloud easy — without the costs.

Ready to get started?

Get in touch

Company

  • About us
  • Blog
  • Careers
  • MS-HT statement
  • Newsroom
  • Privacy policy
  • Terms

Offering

  • Compliance
  • Products
  • Services
  • Solutions
  • Resources

Support

  • Sign in
  • Help center
  • Open ticket
  • Contact us

Never miss an update.

Subscribe to our newsletter

Subscribe to updates, news and more.