Questions tagged [google-iam]
40 questions
0
votes
1 answer
how do i list all the perms of a pre defined role?
I see this crap in lots of google docs:
They are doing a terrible job with documentation here.
I want to create a custom role. custom roles dont support adding predefined roles and dont support wildcard permissions. I NEED to know ALL the perms of…
red888
- 4,183
- 18
- 64
- 111
0
votes
1 answer
Google Cloud IAM Instance granular access
Is there any way on Google Cloud IAM roles setup to give access/visibility to some VM Instances of the project and not to the whole of them?
Ideally just to the ones that the user creates and not to the rest. As far as I tried roles apply to all of…
Imnl
- 103
- 3
0
votes
1 answer
Mapping an IAM role to a Cloud Identity organizational unit
In the GCP IAM console, I can add either the entire organization (the domain of example.com) or individual users to Roles. However, I have the users setup in GSuite/Cloud Identity and organized into OUs that I'd like to use.
Is there a way to map…
David Hergert
- 115
- 6
0
votes
1 answer
Access denied (SA doesn't have storage.objects.create access) when trying to upload using a preSigned url to google cloud storage
Having issues trying to allow a client to upload a file via a presigned url.
Error received
Access…
AccessDenied
James
- 1
- 1
- 1
- 1
0
votes
1 answer
QueryTestablePermissions response doesn't include "AcessContextManager.*" permissions
Based on this documentation : https://cloud.google.com/iam/docs/custom-roles-permissions-support
There are several permissions with prefix : AccessContextManager. But After I ran the API : QueryTestablePermission, it doesn't include those list.
Also…
purnadika
- 101
- 4
0
votes
1 answer
Compute OS Admin Login role doesn't make user sudoer
I have a user with the Compute OS Admin Login role, but when I log in using ssh, this user is not a sudoer. I've tried to restart the instance, but still the same. I've tried with enable_oslogin:TRUE both at the instance level and at the project…
Rhangaun
- 189
- 1
- 15
0
votes
1 answer
Can a service account access all APIs?
For an api-key, one can define which APIs can be accessed with that api-key, but for service accounts, you seemingly can't. I thought maybe I could create a new role that only allows access to the vision API, but there is no permission for that.
How…
ASA
- 129
- 1
- 4
0
votes
1 answer
How do I determine the least privilege permissions for a service account applying Terraform plans?
EDIT: Since I can't "trigger" Recommender to make this calculation, and I can't get at the source dataset, is there an automated way of finding the IAM permissions a service account would need to apply a Terraform plan? The original question was…
Larry B.
- 109
- 3
-1
votes
2 answers
Allow multiple service accounts to access multiple storage buckets
I have some devices, and each will be handled to the customers. I need each device to have read-access to some Google Cloud storage buckets. I would like each of device (or at least each customer) to have a different service account so I can…
Hugal31
- 99
- 3
-2
votes
1 answer
How do I enable only a single Cloud SQL DB for a GCP service account?
I have a service account that should only have access to a single instance of Cloud SQL. In GCP, I've been trying to create a role with conditional access to the instance.
The instance name of the DB is test-sandboxy, and I've taken a screenshot of…
CallMeNorm
- 129
- 4