Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.
Questions tagged [google-cloud-iam]
671 questions
5
votes
2 answers
(Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]
On GCP, I'm trying to enable "Identity and Access Management (IAM) API" with this Terraform code below:
provider "google" {
credentials = file("myCredentials.json")
project = "myproject-173831"
region = "asia-northeast1"
}
resource…
Super Kai - Kazuya Ito
- 22,221
- 10
- 124
- 129
5
votes
1 answer
Can't create role for service account because it is "not supported for this resource"
I have the following script I'd like to execute to create my service account and give it a Cloud Build Service Account role.
# create service account for github actions
gcloud iam service-accounts create github-actions --display-name="Github…
xetra11
- 7,671
- 14
- 84
- 159
5
votes
3 answers
GCP: what are the permissions of viewer role has?
I'm looking into roles in GCP. I have a use case to read everything in GCP. So when I looked at the viewer role, docs say it is a read-only role but it seems it has a lot of restrictions. what are the exact permissions of a viewer role?
Praveen kumar
- 225
- 1
- 6
- 18
5
votes
2 answers
Service Account does not have storage.objects.get access to the Google Cloud Storage object
I have set up a new Firestore environment, and when attempting to upload and then read data from storage via cloud functions, I get the following error:
project_id@appspot.gserviceaccount.com does not have storage.objects.get access to the Google…
Jm3s
- 556
- 2
- 12
- 24
5
votes
1 answer
How can a Google Cloud API Gateway endpoint deliver data from a Cloud Storage file?
I'm in the process of building a large API that will use Google Cloud API Gateway to route various endpoints to different services – some may be serverless Cloud Functions, others will be served by a Rails app in our Kubernetes clusters, and so…
ScottM
- 7,108
- 1
- 25
- 42
5
votes
3 answers
Getting error while allowing accounts and roles in Terraform for GCP
I am trying to allocate the roles to the user in the Terraform file in a GCP project, but I am getting the below error :
Error: Request "Create IAM Members roles/compute.networkAdmin user:someone@google.com for "project \"vibrant-mantis-296207\"""…
user14965554
5
votes
1 answer
I can't deploy Firebase functions because I don't have "Service Account User" Role
I'm trying to deploy Firebase Functions like so:
firebase deploy --only functions
However, I'm getting the following error:
Error: Missing permissions required for functions deploy. You must have permission iam.serviceAccounts.ActAs on service…
Fred
- 381
- 5
- 17
5
votes
1 answer
Cannot impersonate GCP ServiceAccount even after granting "Service Account Token Creator" role
I have 2 ServiceAccounts in my Google Cloud Platform (GCP) Project
owner
executor
The owner ServiceAccount has 1 project-wide role attached to it:
"Owner" - for the project
The executor ServiceAccount has ONLY 2 specific roles attached to it (as…
Rakib
- 12,376
- 16
- 77
- 113
5
votes
1 answer
How to set Google Cloud application credentials for a Service Account
The following command allows you to set your default credentials:
gcloud auth application-default login
It opens up a window (unless you use --no-launch-browser) and allows you to connect your account. It creates a local json file that contains…
Jonny5
- 1,390
- 1
- 15
- 41
5
votes
3 answers
Google BigQuery: grant service account permissions to create jobs in only some specific datasets
Problem: I have a project in BigQuery where all my data is stored. Within this project I created multiple datasets containing different views. Now I want to use different service accounts to query the different datasets containing different views…
dnnshssm
- 1,057
- 6
- 17
5
votes
1 answer
How to list, find, or search iam policies across services (APIs), resource types, and projects in google cloud platform (GCP)?
In Google Cloud Platform (GCP), you can only get the IAM policy for a specific resource by calling getIamPolicy (get-iam-policy in gcloud).
Is there a way to list, search, list, search, or find IAM policies across resources, services, or…
Circy
- 1,058
- 11
- 15
5
votes
2 answers
How to properly authorize request to Google Cloud Storage API?
I am trying to use the Google Cloud Storage JSON API to retrieve files from a bucket using http calls.
I am curling from a Container in GCE within the same project as the storage bucket, and the service account has read access to the bucket
Here is…
znat
- 13,144
- 17
- 71
- 106
5
votes
4 answers
Google Cloud Translation API The request is missing a valid API key
I'm trying to use the Google Cloud Translation API in my application but whenever I try to translate something it comes up with this missing valid API error.
I've done the quickstart steps and that didn't work.
I've tried the steps in the client…
Xiao Ning Er
- 83
- 1
- 1
- 6
5
votes
1 answer
Temporarly switch to high privileged Role with Google Cloud Platform IAM
I am switching many of my projects over to Google Cloud Platform (GCP), but I traditionally have more experience with AWS.
In AWS, using IAM, I can grant my users a low privileged Role and configure a higher privileged Role to allow to assume…
François Proulx
- 51
- 1
4
votes
1 answer
google cloud run Failed to trigger build: Permission 'cloudbuild.builds.create' denied
I am trying to setup a trigger to deploy a repository (synced from Bitbucket), to Cloud Run when master branch is pushed.
The trigger is giving me the following warning:
Failed to trigger build: Permission 'cloudbuild.builds.create' denied on…
Finglish
- 9,692
- 14
- 70
- 114