Google launched a new cloud security feature today that allows its cloud customers to set up custom access policies for different user accounts, only allowing access to particular aspects of specific services.

For example, one account could be set up to only view cloud storage buckets, plus list the database tables in Google’s BigQuery service. That may not seem like much, but it’s important for only giving accounts access that they need, which can help reduce risk in a security breach. Google previously offered a large set of prebuilt security roles for different situations, but this new feature lets companies create their own.

This new feature helps developers create service accounts in Google’s cloud that give automated software agents the ability to access multiple services while still retaining few privileges to access or modify what they shouldn’t be able to.

Above: A Google animation shows how its custom access roles work.

Image Credit: Google

It’s also important for compliance purposes — regulations may require people inside a company to be able to audit particular pieces of information but not modify content, or to prevent someone’s access to that information depending on their role.

Google Cloud is focused on making its offerings appeal more to enterprise customers, in a move to compete with Amazon Web Services, Microsoft Azure, and other players in the market. These sorts of finer-grained security controls, while not the flashiest announcements in the world, help solve requirements that enterprise IT leaders need to have fulfilled.

To help customers get started, Google published a list of supported access permissions for its cloud services, as well as a set of best practices for getting started with custom roles. These capabilities are available free of charge, though they’re not of much use without other paid services running inside Google Cloud.