Inventory: GCP: View all resources a group can access

Run an IAM Assessment first

Make sure you’ve connected P0 to GCP and run at least one IAM Assessment for your organization. This populates P0 with all principals, grants, privileges, and resources.

Open the Inventory page
In P0, go to Inventory.

Set “from” to your project
Above the search box is the From control. Click it and pick your project.

Set “show” to your Resource
Above the search box is the Show control. Click it and pick Resources this makes the results table list resource nodes (projects, buckets, etc.) instead of principals or grants.

Click graph to change to visualization
this will change from table to visualization, for better understanding of your identity has access to.

Switch to Resources to see group‑based access

• Change Show from Principals to Resources.

• Use the same Where query, but extend it to follow grants and land on resources:

  identity:type:"group" grant:principalType:"group" resource:

  This walks from each user into their groups, then into each group’s IAM grants, and finally to every GCP resource those grants bind.

  Filter or refine as needed:
  To focus on projects only, replace the final line with resource:type:"project".
  To see only used privileges, add usage:used