Stay organized with collections
Save and categorize content based on your preferences.
Some Google Cloud resources have built-in
identities. These identities let the resources act
like principals. As a result, resources with built-in identities
can do the following:
The following table lists the resource types that have built-in identities. It
also lists the accepted formats for the resource's principal identifier. Use one
of the accepted formats for the principal identifier in your allow policies to
grant roles to the resource.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Resource types with built-in identities\n\nSome Google Cloud resources have [built-in\nidentities](/iam/docs/built-in-resource-identities). These identities let the resources act\nlike [principals](/iam/docs/principals-overview). As a result, resources with built-in identities\ncan do the following:\n\n- Be [granted IAM roles](/iam/docs/granting-changing-revoking-access) using the resource's principal identifier\n- Access other resources without using [service agents](/iam/docs/service-account-types#service-agents)\n\nPrincipal identifiers for single resources\n------------------------------------------\n\nThe following table lists the resource types that have built-in identities. It\nalso lists the accepted formats for the resource's principal identifier. Use one\nof the accepted formats for the principal identifier in your allow policies to\ngrant roles to the resource.\n\nPrincipal identifiers for sets of resources\n-------------------------------------------\n\nUse the following formats in your allow policies to grant roles to sets of\nresources with built-in identities:\n| **Note:** These principal sets don't include resources that don't have built-in identities."]]
