Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud? I can find how to list the roles, but not the permissions associated with a given role.
Asked
Active
Viewed 2,069 times
2
Scott Queen
- 23
- 3
1 Answers
3
You can list the permissions associated with a role using this command. Replace the role name with your custom role name.
gcloud iam roles describe roles/editor
Documentation: gcloud iam roles describe
John Hanley
- 4,287
- 1
- 9
- 20
-
This does not seem to work with the custom roles. The error is as follows `ERROR: (gcloud.beta.iam.roles.describe) Invalid value for [ROLE_ID]: The role id that starts with 'roles/' only stands for curated role. Should not specify the project or organization for curated roles` – noob Jul 28 '21 at 08:25
-
@noob - What command are you running? The command in my answer is correct. If you mean that you created a custom role, then use the custom role name instead of `roles/editor` – John Hanley Jul 28 '21 at 08:29
-
This is the command I am using - `gcloud iam roles describe roles/CustomRole --project=my-project` this works for the curated roles, but not for the custom roles for me. – noob Jul 28 '21 at 08:32
-
2@Remove `roles/` and use the custom role name. You will need to look up the role ID and use the last part as in **MyCustomRole43**. In my answer `roles/editor` is the role name, the `roles` portion is not part of a custom role except when specifying the full role ID. You will also need to specify the project for custom roles as they are project specific. All of this is documented. – John Hanley Jul 28 '21 at 08:39
-
Thanks, removing the `roles/` prefix worked. – noob Jul 28 '21 at 09:16