1

What I want: I have a project on the Google Cloud Platform. I have a service in that project that needs access to my DNS records.

What my issue is: From the relevant Google Cloud DNS doc about permissions (source), I note that there seems to exists /roles/dns.admin and /roles/dns.reader roles that are exactly what I am interested in to set for my service. Albeit, accessing the "IAM" page of my project and looking through the "Role(s)" dropdown options, these two DNS-related roles are no where to be found.

What my question is: Is this a documentation inconsistency? Is there another way to set this role than through the "IAM" page UI?

Thanks

Alexandre Sobolevski
  • 21
  • 2
  • The documentation is fine, nevertheless, the feature is not available yet. It should be released soon. Unfortunately I do not think there is currently a workaround. – Carlos Feb 02 '17 at 19:32

1 Answers1

1

From Cloud Platform Support:

This is a known issue, and our engineering team has already been made aware of its existence. With that being said, there is currently no known time for the resolution of this issue. As a workaround, may I suggest creating custom roles for your project. You can create a custom role called DNS Admin and then assign only DNS related permissions to that role.

Alexandre Sobolevski
  • 21
  • 2
  • 1
    This open issue can be followed [here](https://code.google.com/p/google-compute-engine/issues/detail?id=550) – Carlos Feb 06 '17 at 20:27
  • 1
    Just an additional comment for the community, it is possible that Custom Roles is not yet [available](http://stackoverflow.com/questions/42138491/restrict-delete-gce-instance-permission) for all the projects. – Carlos Feb 10 '17 at 15:04