Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [google-iam]

40 questions
4
votes
2 answers

GCP: Can I list permissions assigned to custom role using gcloud?

Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud? I can find how to list the roles, but not the permissions associated with a given role.
Scott Queen
  • 43
  • 1
  • 3
4
votes
2 answers

Why doesn't Cloud Build service account show up in gcloud list command?

When I look at the Console IAM dashboard for my project I can see the line item for my Cloud Build Service Account: https://console.cloud.google.com/iam-admin/iam Member …
mbigras
  • 289
  • 1
  • 3
  • 11
3
votes
1 answer

Using conditions in GCP role assignment to prevent users from inviting other users and managing only service accounts

I recently read about conditions in GCP and how one can use them to add logic to a role. I would like to give a user a role to assign roles to service accounts. But if I do that, the user will also be able to invite other users to the project and…
Alex Elshamouty
  • 41
  • 2
2
votes
2 answers

How do you assign storage permissions to a group of GCP service accounts?

How does one assign Google Cloud Storage bucket permissions to a group of users? There's no bucket-level permissions that can be specified in roles, and there's no way to create a group as far as I can tell. There appears to be a way to create a…
Charlie
  • 181
  • 7
2
votes
1 answer

GCP - which role a permission belongs?

I cant understand why use of IAM is so hard to comprehend. For example I am trying to create a schedule for a VM instance. When I add instance to a schedule I got: Compute Engine System service account…
Boppity Bop
  • 752
  • 3
  • 11
  • 34
1
vote
1 answer

Cannot login to Google Cloud Virtual Machine with IAM and two factor through SSH

After I have created a Virtual Machine that runs latest Ubuntu LTS I want to connect to it using SSH. When I login to it I get this screen: I get a new code from g.co/sc When I enter that code into the SSH-in-browser the same screen appears…
Europa
  • 113
  • 3
1
vote
1 answer

Transfer 200GB from client using Google Cloud

I have a client who wishes to transfer 200GB of sensitive data to us. I would like them to upload this data to a GCloud bucket. What is the best way to set up an external user to have access to a single new bucket and be able to upload?
Omroth
  • 207
  • 2
  • 7
1
vote
1 answer

How to grant access for a Google Cloud Service Account to have all the same permissions as a another Service Account?

So I have a Google Cloud Service Account one sa-1@myproject.iam.gserviceaccount.com that has access to roles A and B. There is Service Account two sa-2@myproject.iam.gserviceaccount.com which I need to have access to roles A, B, and C. How do I get…
engineer-x
  • 111
  • 2
1
vote
1 answer

Display Existing Policy Bindings for GCP Service Account

I'm setting up a service account to access a CloudSQL DB from GKE. I've created both the GSA and the KSA, and have executed the command to associate the two (gcloud iam service-accounts add-iam-policy-binding...). How do I inspect the bindings to…
Lowell Boone
  • 13
  • 1
  • 3
1
vote
1 answer

Unable to access GCS Object with storage.objects.get

I have a bucket with uniform permissions (no object level ACLs) and my account has the Owner role on the project which should give full access to all resources. I have even tried adding Storage Admin / Storage Object Admin / Legacy Object Owner…
jtbry
  • 31
  • 3
1
vote
1 answer

Velero installation failing from a VM host in GCP

I am trying to install velero on a GKE Cluster from a GCP Compute Engine Host using below steps https://github.com/vmware-tanzu/velero-plugin-for-gcp I am installing velero from the VM host using below command velero install --provider gcp…
Zama Ques
  • 523
  • 1
  • 9
  • 24
1
vote
1 answer

Require multiple group membership in Google cloud resource permission

Is it possible to set up an access permission on GCP resource that requires multiple roles/permissions/groups membership? Basically, have a logical AND for permissions. IAM "conditions" feature provides means for basic role assignment requirement,…
Yotamz
  • 111
  • 1
1
vote
1 answer

Google Cloud IAM roles on specific Cloud Functions

I have a project that with a number of Cloud Functions deployed and I want to allow users to only administer certain functions, ensuring that they are not able to overwrite certain existing functions. Is it possible to set permissions on a per…
Max888
  • 111
  • 3
0
votes
3 answers

GCP User added in IAM cannot see project

I have a project in Google Cloud that I'm trying to add an "editor" to (I will remain the sole project owner). I have added this person using their gmail address in the IAM permissions but the project does not show up in their projects list when…
Zac Soden
  • 1
  • 1
  • 1
0
votes
2 answers

GCP Service Account roles do not work correctly

When granting roles to my service account, those roles do not give me the permissions they say they do. I am using Terraform. I have created a new service account like so: gcloud iam service-accounts create terraform \ --display-name "Terraform…
outrunthewolf
  • 89
  • 1
  • 7
1
2 3