Least privilege principle in GCP - Time & Space Complexity

We want to understand how the time it takes to manage permissions grows as we add more users or resources in Google Cloud.

Specifically, how does applying the least privilege principle affect the number of permission checks and updates?

Analyze the time complexity of assigning roles with least privilege to multiple users.

// Pseudocode for assigning least privilege roles
for user in users_list:
  for resource in resources_list:
    assign_minimum_role(user, resource)

This sequence assigns the minimum required role to each user for each resource they need access to.

Identify the API calls, resource provisioning, data transfers that repeat.

• Primary operation: Assigning a role to a user for a resource (API call to update IAM policy)
• How many times: Once for each user-resource pair

As the number of users or resources grows, the total assignments grow by multiplying these counts.

Input Size (n users x m resources)	Approx. API Calls/Operations
10 users x 10 resources	100
100 users x 100 resources	10,000
1000 users x 1000 resources	1,000,000

Pattern observation: The number of operations grows quickly as both users and resources increase, multiplying together.

Time Complexity: O(n x m)

This means the time to assign least privilege roles grows proportionally to the number of users times the number of resources.

[X] Wrong: "Assigning roles once per user is enough, regardless of how many resources they access."

[OK] Correct: Each resource may need a different role, so permissions must be assigned per user-resource pair, not just per user.

Understanding how permission assignments scale helps you design secure and efficient access controls in cloud projects, a valuable skill in real-world cloud management.

"What if we grouped resources and assigned roles per group instead of per resource? How would the time complexity change?"