0

Recently, I have created a project to apply full permissions on a such google account from my organization. I realized that any account could enter and destroy any project.

I don't know if this is an issue or my configuration is failing. Someone has already faced this prolem?

Thanks in advance

GalloCedrone
  • 371
  • 1
  • 9
Hélson Araújo
  • 21
  • 1
  • Thanks for the feedback, but you are not supposed to post answers for that, consider to accept the best answer you received and up-vote the ones that helped you. – GalloCedrone Dec 13 '17 at 11:51

1 Answers1

0

I believe that is your configuration that is failing.

I guess that you have given too much power to users making use of wildcards without realising it. When you add a member to your project from the IAM & Admin menu you can specify a punctual user through an email address or a group of them with wildcards such:

  • Google Account email: user@gmail.com
  • Google Apps domain: example.com
  • anybody: enter "allUsers" to grant all users access
  • all Google Accounts: enter "allAuthenticatedUsers" to grant access to any user signed in to a Google Account

These kinds of wildcards are useful to grant view permissions or more for some resources and are to be avoided while granting the ownership of projects or resources that should be private.

Therefore I advise you to double check the users you granted the access to and you will likely find an entry granting too many powers to users

GalloCedrone
  • 371
  • 1
  • 9