Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [google-iam]

38 questions
3
votes
1 answer

Using conditions in GCP role assignment to prevent users from inviting other users and managing only service accounts

I recently read about conditions in GCP and how one can use them to add logic to a role. I would like to give a user a role to assign roles to service accounts. But if I do that, the user will also be able to invite other users to the project and…
Alex Elshamouty
  • 41
  • 1
2
votes
2 answers

How do you assign storage permissions to a group of GCP service accounts?

How does one assign Google Cloud Storage bucket permissions to a group of users? There's no bucket-level permissions that can be specified in roles, and there's no way to create a group as far as I can tell. There appears to be a way to create a…
Charlie
  • 171
  • 7
2
votes
1 answer

GCP - which role a permission belongs?

I cant understand why use of IAM is so hard to comprehend. For example I am trying to create a schedule for a VM instance. When I add instance to a schedule I got: Compute Engine System service account…
Boppity Bop
  • 722
  • 3
  • 11
  • 29
2
votes
1 answer

GCP: Can I list permissions assigned to custom role using gcloud?

Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud? I can find how to list the roles, but not the permissions associated with a given role.
Scott Queen
  • 23
  • 3
2
votes
1 answer

Why doesn't Cloud Build service account show up in gcloud list command?

When I look at the Console IAM dashboard for my project I can see the line item for my Cloud Build Service Account: https://console.cloud.google.com/iam-admin/iam Member …
mbigras
  • 259
  • 1
  • 3
  • 11
1
vote
1 answer

Display Existing Policy Bindings for GCP Service Account

I'm setting up a service account to access a CloudSQL DB from GKE. I've created both the GSA and the KSA, and have executed the command to associate the two (gcloud iam service-accounts add-iam-policy-binding...). How do I inspect the bindings to…
Lowell Boone
  • 13
  • 2
1
vote
1 answer

Require multiple group membership in Google cloud resource permission

Is it possible to set up an access permission on GCP resource that requires multiple roles/permissions/groups membership? Basically, have a logical AND for permissions. IAM "conditions" feature provides means for basic role assignment requirement,…
Yotamz
  • 111
  • 1
1
vote
1 answer

Google Cloud IAM roles on specific Cloud Functions

I have a project that with a number of Cloud Functions deployed and I want to allow users to only administer certain functions, ensuring that they are not able to overwrite certain existing functions. Is it possible to set permissions on a per…
Max888
  • 111
  • 2
0
votes
3 answers

GCP User added in IAM cannot see project

I have a project in Google Cloud that I'm trying to add an "editor" to (I will remain the sole project owner). I have added this person using their gmail address in the IAM permissions but the project does not show up in their projects list when…
Zac Soden
  • 1
  • 1
  • 1
0
votes
2 answers

GCP Service Account roles do not work correctly

When granting roles to my service account, those roles do not give me the permissions they say they do. I am using Terraform. I have created a new service account like so: gcloud iam service-accounts create terraform \ --display-name "Terraform…
outrunthewolf
  • 89
  • 7
0
votes
1 answer

New with Organization node and permissions on GCP

I am working with GCP within my university's CS program. My university does have an organizational node which our IT department is not using and has given me permission to use it for my class. I have given my students the following roles: Security…
Cathy Bareiss
  • 1
0
votes
1 answer

prompt user to provide necessary IAM config to GCP resources

I'm brand new to Google Cloud Platform, and we are working on a strategy to provision software for non-technical users. Is it possible to prompt a user with a familiar Oauth-like, one-click request for permissions/privileges that will give our…
g000m
  • 3
  • 2
0
votes
1 answer

Required GCP IAM permissions for accessing/managing Google Maps/Places API

I searched through the roles in the IAM role management and was unable to find roles to access and manage APIs & Service in GCP so that I can give a person access to specific API Services only. How can I achieve that? Cheers & Thanks
cjost
  • 1
0
votes
1 answer

GCP Oslogin error

I have enabled os-login for an instance by setting the metadata value as 'enable-oslogin=TRUE'. Even after setting the IAM roles as Organization admin and Owner of the project the issue persists as shown in the link GCP ssh error. Please guide me to…
Sasirekha
  • 1
  • 2
0
votes
2 answers

Service account does not have storage.buckets.create access

I have created a Service Account for Terraform. Apart of our process is to create some storage buckets and maintain them through Terraform. However, when we run terraform apply we get the following error: google_storage_bucket.state_bucket:…
Andrew Ellis
  • 423
  • 1
  • 5
  • 14
1
2 3