Stack Overflow
Stack Overflow

Questions tagged [google-cloud-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

671 questions
7
votes
2 answers

Firebase hosting deploy with serviceaccount fails with 403

I'm trying to deploy a Firebase hosted project with a Service Account (that I created myself, not one provided by Google/Firebase as default) via a pipeline (Gitlab, but that shouldn't matter for this issue). When I run the following command locally…
Robin Trietsch
  • 1,662
  • 2
  • 19
  • 31
7
votes
3 answers

How to get all roles/permissions that a service account have for a project and organization in GCP through API

I have a service account which belongs to a project. It have some roles/permissions set at the project level as well as some roles/permissions set at organization level. I need to get list of all permissions/roles that the service account is…
Johnny Cage
  • 71
  • 1
  • 3
7
votes
1 answer

you do not have permission to create projects in this location

SOLVED: In Google cloud platform I need to create a new project to create a new oauth credential for an app. But it will not let me create any more projects under my organisation. It says I do not have permission to create projects in this…
snake
  • 732
  • 1
  • 6
  • 11
7
votes
2 answers

Permission 'cloudkms.cryptoKeyVersions.useToDecrypt' denied for resource ...key

I am building an http endpoint with Google Cloud Functions. I have an encrypted secret stored as a file that is loaded and decrypted in the function as a way to prevent my secret from being stored in the code. Usually I dynamically load something…
tristansokol
  • 4,054
  • 2
  • 17
  • 32
7
votes
3 answers

gcloud compute ssh with local key & project restrictions

We have a user that is allowed to SSH into an VM on the Google Cloud Platform. His key is added to the VM and he can SSH using gcloud compute ssh name-of-vm However connecting in this way will always have gcloud try to update project wide meta data…
Tom Lous
  • 2,819
  • 2
  • 25
  • 46
7
votes
2 answers

Permissions error when running a script in a Google spreadsheet

We are developing a program that uses Google spreadsheets as the input. The values of the spreadsheet is read, processed and a result is showed in a webpage. When an user sign up we clone a spreadsheet from a template using a service account. The…
razonasistemas
  • 371
  • 1
  • 4
  • 11
6
votes
1 answer

What is the location argument of GCP workload identity pools

According to the documentation: an example of creating an identity pool would be gcloud iam workload-identity-pools create my-workload-identity-pool --location="global" --display-name="My workload pool" --description="My workload pool description"…
David Michael Gang
  • 7,107
  • 8
  • 53
  • 98
6
votes
3 answers

Connecting to Cloud SQL using an IAM user

I'm failing to test the ability to use an IAM user in Google Cloud's PostgreSQL offering. Here's my thinking process: I've set respective flag on my PostgreSQL instance on Google Cloud: $ gcloud sql instances describe [MY_DB_INSTANCE] --format json…
oldhomemovie
  • 14,621
  • 13
  • 64
  • 99
6
votes
1 answer

Create an alias for a Google Service Account Email?

I've shared a Google Sheet with my Google Service account email, which looks something like: myappname-service@myappname-266229.iam.gserviceaccount.com This permits my application to access that Google Sheet. I'd like to be able to share the Google…
Richard
  • 215
  • 1
  • 9
6
votes
1 answer

Restricting user access for VM in gcp

Assume two users, A and B have full access to a GCP project. User A creates a VM. Once this is done , it appears user B can login into the VM and also has sudo access to the VM. we used enable-oslogin metadata but we have issue where user a and b…
mo mo
  • 61
  • 3
6
votes
1 answer

How do you attach a service account to a gke deployment/servic like you can an ECS service?

Im coming from AWS not sure how to do this with gcp. Previously I asked a more general question about service accounts, this is specific to gke. In AWS I can create an ECS service role. I attach policies to that role to give it the access it needs.…
red888
  • 27,709
  • 55
  • 204
  • 392
6
votes
4 answers

Google cloud storage listing files in bucket requires permission for project owner

I'm currently using web UI to browse the files in one of the buckets and I happen to be the project owner as well. However I get a permission error You need the storage.objects.list permission to list objects in this bucket. Ask a project or…
opensourcegeek
  • 5,552
  • 7
  • 43
  • 64
6
votes
1 answer

Create GCP project without organization

I have a G Suite account. GCP created an organization automatically when I logged-in with the G Suite super admin. When I'm trying to create a project in the console, the organization is automatically chosen, even when I'm trying to choose 'No…
pablo
  • 2,719
  • 11
  • 49
  • 67
5
votes
3 answers

How to give Google Cloud Eventarc correct permission so it can trigger a cloud function?

I have succesfully deployed a 2nd generation cloud function with a storage trigger per the google tutorial. The Cloud Function works when I run a test command in the shell. But if I try for real by uploading a file to my bucket the could function is…
jola
  • 977
  • 2
  • 10
  • 31
5
votes
2 answers

Organization Admin somehow doesn't have access to create a folder in GCP?

I'm pretty sure this is an actual bug with GCP at the moment. I'm the Organization Admin for the GCP organization (I've quadruple checked this, and that I'm signed in with the correct account). But when I go to Manage Resources, And try to create a…
Jul
  • 375
  • 5
  • 18
1 2
3
44 45