[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Security overview\n\nWhen an application sends a request to an attached cluster through\nConnect, it must pass through three security checkpoints.\n\n1. The request first goes to the Google Cloud API\n *connectgateway.googleapis.com* API, which verifies that the caller is\n authorized to use that API.\n\n2. If authorized, the request is then passed to the connect gateway\n for Google Cloud IAM authorization.\n\n3. If this succeeds, the request is passed to the connect gateway\n to the cluster's kube-api server for RBAC authorization.\n\nIf all of these checks are successful, then the cluster's kube-apiserver will\nserve the request.\n\nSee\n[Grant IAM roles to users](/anthos/multicluster-management/gateway/setup#grant_iam_roles_to_users)\nfor instructions on granting IAM roles to cluster users with the Connect\nGateway."]]