I have G Suite account, say example.com and I add a new user called [email protected]. Now this user logs into GCP (Google Cloud Platform) console and he has access to all resources under example.com organization. No roles have been assigned to this user using Cloud IAM and no specific policies are defined.
It is expected that [email protected] by default doesn't have any access to resources under GCP till some role is assigned
domain
. All email addresses in that domain inherit the permissions of the domain member. The domain member is similar to a group member. – John Hanley