In today's cloud-centric world, organizations are increasingly adopting composite application architectures. These architectures combine public cloud provider capabilities, homegrown software components, off-the-shelf software, and external SaaS services. While this approach offers agility, it also presents a challenge: managing access risk across numerous services. To address this, we propose a standardized approach to secure access across cloud-based application with a focus on Google Cloud Platform (GCP) hosted customer-managed services. We extend machine identities by introducing a new centralized authorization engine to provide granular control.