Highest Voted 'google-iam' Questions - Server Fault Stack Exchange

0

votes

1 answer

Mapping an IAM role to a Cloud Identity organizational unit

In the GCP IAM console, I can add either the entire organization (the domain of example.com) or individual users to Roles. However, I have the users setup in GSuite/Cloud Identity and organized into OUs that I'd like to use. Is there a way to map…

google-cloud-platform google-iam google-cloud-identity

asked Oct 02 '20 at 20:50

David Hergert

115
6

0

votes

1 answer

Access denied (SA doesn't have storage.objects.create access) when trying to upload using a preSigned url to google cloud storage

Having issues trying to allow a client to upload a file via a presigned url. Error received AccessDenied Access…

google-cloud-platform google-cloud-storage service-accounts google-iam

asked Sep 20 '20 at 17:25

James

1
1
1
1

0

votes

1 answer

QueryTestablePermissions response doesn't include "AcessContextManager.*" permissions

Based on this documentation : https://cloud.google.com/iam/docs/custom-roles-permissions-support There are several permissions with prefix : AccessContextManager. But After I ran the API : QueryTestablePermission, it doesn't include those list. Also…

permissions google-iam

asked Sep 14 '20 at 06:24

purnadika

101
4

0

votes

1 answer

Compute OS Admin Login role doesn't make user sudoer

I have a user with the Compute OS Admin Login role, but when I log in using ssh, this user is not a sudoer. I've tried to restart the instance, but still the same. I've tried with enable_oslogin:TRUE both at the instance level and at the project…

ssh google-cloud-platform google-compute-engine sudo google-iam

asked Aug 21 '20 at 02:44

Rhangaun

179
1
15

0

votes

1 answer

Can a service account access all APIs?

For an api-key, one can define which APIs can be accessed with that api-key, but for service accounts, you seemingly can't. I thought maybe I could create a new role that only allows access to the vision API, but there is no permission for that. How…

google-cloud-platform service-accounts google-iam

asked May 04 '20 at 13:11

ASA

119
1
4

0

votes

1 answer

How do I determine the least privilege permissions for a service account applying Terraform plans?

EDIT: Since I can't "trigger" Recommender to make this calculation, and I can't get at the source dataset, is there an automated way of finding the IAM permissions a service account would need to apply a Terraform plan? The original question was…

google-cloud-platform terraform google-iam

asked Apr 07 '20 at 17:37

Larry B.

109
3

-1

votes

2 answers

Allow multiple service accounts to access multiple storage buckets

I have some devices, and each will be handled to the customers. I need each device to have read-access to some Google Cloud storage buckets. I would like each of device (or at least each customer) to have a different service account so I can…

google-cloud-platform google-cloud-storage google-iam

asked Apr 26 '21 at 10:24

Hugal31

99
3

-2

votes

1 answer

How do I enable only a single Cloud SQL DB for a GCP service account?

I have a service account that should only have access to a single instance of Cloud SQL. In GCP, I've been trying to create a role with conditional access to the instance. The instance name of the DB is test-sandboxy, and I've taken a screenshot of…

google-cloud-platform google-cloud-sql google-iam

asked Apr 15 '21 at 20:33

CallMeNorm

129
4

Questions tagged [google-iam]