Questions tagged [google-iam]
38 questions
3
votes
1 answer
Using conditions in GCP role assignment to prevent users from inviting other users and managing only service accounts
I recently read about conditions in GCP and how one can use them to add logic to a role. I would like to give a user a role to assign roles to service accounts. But if I do that, the user will also be able to invite other users to the project and…
Alex Elshamouty
- 41
- 1
2
votes
2 answers
How do you assign storage permissions to a group of GCP service accounts?
How does one assign Google Cloud Storage bucket permissions to a group of users?
There's no bucket-level permissions that can be specified in roles, and there's no way to create a group as far as I can tell.
There appears to be a way to create a…
Charlie
- 171
- 7
2
votes
1 answer
GCP - which role a permission belongs?
I cant understand why use of IAM is so hard to comprehend.
For example I am trying to create a schedule for a VM instance. When I add instance to a schedule I got:
Compute Engine System service account…
Boppity Bop
- 722
- 3
- 11
- 29
2
votes
1 answer
GCP: Can I list permissions assigned to custom role using gcloud?
Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud? I can find how to list the roles, but not the permissions associated with a given role.
Scott Queen
- 23
- 3
2
votes
1 answer
Why doesn't Cloud Build service account show up in gcloud list command?
When I look at the Console IAM dashboard for my project I can see the line item for my Cloud Build Service Account:
https://console.cloud.google.com/iam-admin/iam
Member …
mbigras
- 259
- 1
- 3
- 11
1
vote
1 answer
Display Existing Policy Bindings for GCP Service Account
I'm setting up a service account to access a CloudSQL DB from GKE. I've created both the GSA and the KSA, and have executed the command to associate the two (gcloud iam service-accounts add-iam-policy-binding...). How do I inspect the bindings to…
Lowell Boone
- 13
- 2
1
vote
1 answer
Require multiple group membership in Google cloud resource permission
Is it possible to set up an access permission on GCP resource that requires multiple roles/permissions/groups membership? Basically, have a logical AND for permissions.
IAM "conditions" feature provides means for basic role assignment requirement,…
Yotamz
- 111
- 1
1
vote
1 answer
Google Cloud IAM roles on specific Cloud Functions
I have a project that with a number of Cloud Functions deployed and I want to allow users to only administer certain functions, ensuring that they are not able to overwrite certain existing functions. Is it possible to set permissions on a per…
Max888
- 111
- 2
0
votes
3 answers
GCP User added in IAM cannot see project
I have a project in Google Cloud that I'm trying to add an "editor" to (I will remain the sole project owner). I have added this person using their gmail address in the IAM permissions but the project does not show up in their projects list when…
Zac Soden
- 1
- 1
- 1
0
votes
2 answers
GCP Service Account roles do not work correctly
When granting roles to my service account, those roles do not give me the permissions they say they do.
I am using Terraform. I have created a new service account like so:
gcloud iam service-accounts create terraform \
--display-name "Terraform…
outrunthewolf
- 89
- 7
0
votes
1 answer
New with Organization node and permissions on GCP
I am working with GCP within my university's CS program. My university does have an organizational node which our IT department is not using and has given me permission to use it for my class. I have given my students the following roles: Security…
0
votes
1 answer
prompt user to provide necessary IAM config to GCP resources
I'm brand new to Google Cloud Platform, and we are working on a strategy to provision software for non-technical users.
Is it possible to prompt a user with a familiar Oauth-like, one-click request for permissions/privileges that will give our…
g000m
- 3
- 2
0
votes
1 answer
Required GCP IAM permissions for accessing/managing Google Maps/Places API
I searched through the roles in the IAM role management and was unable to find roles to access and manage APIs & Service in GCP so that I can give a person access to specific API Services only.
How can I achieve that?
Cheers & Thanks
cjost
- 1
0
votes
1 answer
GCP Oslogin error
I have enabled os-login for an instance by setting the metadata value as 'enable-oslogin=TRUE'. Even after setting the IAM roles as Organization admin and Owner of the project the issue persists as shown in the link GCP ssh error.
Please guide me to…
Sasirekha
- 1
- 2
0
votes
2 answers
Service account does not have storage.buckets.create access
I have created a Service Account for Terraform. Apart of our process is to create some storage buckets and maintain them through Terraform.
However, when we run terraform apply we get the following error:
google_storage_bucket.state_bucket:…
Andrew Ellis
- 423
- 1
- 5
- 14