Role-Based Access for Third-Party Audit

Ensured secure third-party audit access to a database containing sensitive customer billing and invoice data. Using Google Cloud IAM, I created a custom role with restricted permissions for viewing and listing the database contents. I then assigned this role to the audit team members and verified that the access had been correctly granted.

Step 1

Created Custom Role

Step 2

Assigned Role to User

Step 3

Verified Role Assignment

Steps

Step 1: Created a custom IAM role with permissions limited to viewing and listing the database contents.

Step 2: Assigned the custom role to audit team members using IAM to grant controlled access.

Step 3: Verified that the custom role had been correctly assigned and the audit team could access the database as intended.

Tools

Google Cloud IAM, Cloud Console

Frameworks

Zero Trust Architecture, Role-Based Access Control (RBAC)

Standards

NIST CSF (PR.AC – Access Control, PR.DS – Data Security), ISO 27001 (Annex A.9 – Access Control, A.8 – Asset Management), Cloud Security Best Practices