Stack Overflow
Stack Overflow

Questions tagged [google-cloud-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

376 questions
60
votes
3 answers

How do I list the roles associated with a gcp service account?

In the google cloud gui console I went to "IAM & admin" > "Service accounts" and created a service account named "my-service-account" with the viewer role. I then ran this command: gcloud iam service-accounts get-iam-policy…
red888
  • 18,164
  • 26
  • 123
  • 237
21
votes
5 answers

How do I list all IAM users for my Google Cloud Project

I'd like to be able to list all users and service account associated with my projects (preferably using the gcloud CLI tool, but happy to make an API call if needs be). I can easily list all the service accounts associated with a project using this,…
Graham Polley
  • 12,512
  • 3
  • 32
  • 64
16
votes
4 answers

gcloud - ERROR: (gcloud.app.deploy) Permissions error fetching application

I am trying to deploy node js app on google cloud but getting following error - Step #1: ERROR: (gcloud.app.deploy) Permissions error fetching application [apps /mytest-240512]. Please make sure you are using the correct project ID and that you have…
Sachin Vairagi
  • 3,493
  • 3
  • 24
  • 47
15
votes
12 answers

Can't push image to google container registry - Caller does not have permission 'storage.buckets.get'

I am working on a bitbucket pipeline for pushing image to gc container registry. I have created a service account with Storage Admin role. (bitbucket-authorization@mgcp-xxxx.iam.gserviceaccount.com) gcloud auth activate-service-account --key-file…
Tania Petsouka
  • 1,078
  • 1
  • 7
  • 16
14
votes
7 answers

GCP Cloud Function - ERROR fetching storage source during build/deploy

Running into problems building deploying functions. When trying to programmatically deploy the function I get the following output in builder logs (ERRORS). 2020-10-20T02:22:12.155866856Z starting build "1fc13f51-28b6-4052-9a79-d5d0bef9ed5c" I…
bruce
  • 169
  • 6
14
votes
4 answers

Google Cloud Platform: WARNING: You do not appear to have access to project [project] or it does not exist

I run the following commands: gcloud auth activate-service-account --key-file key.json gcloud config set project my-project For some reason I am getting this error: WARNING: You do not appear to have access to project [project] or it does not…
bryan
  • 7,656
  • 12
  • 65
  • 136
14
votes
3 answers

Dataflow setting Controller Service Account

I try to set up controller service account for Dataflow. In my dataflow options I have: options.setGcpCredential(GoogleCredentials.fromStream( new FileInputStream("key.json")).createScoped(someArrays));…
Magda Kiwi
  • 383
  • 2
  • 12
13
votes
3 answers

Your application has authenticated using end user credentials from the Google Cloud SDK which are not supported by the translate.googleapis.com

After reading similar questions, such as: i am using gcp service account but when calling dialogue flow api its giving error : and Why is Google Cloud API trying to connect as an end-user? and applying the suggested solutions I am still getting the…
Alex Mi
  • 926
  • 2
  • 8
  • 25
11
votes
2 answers

Unable to assign iam.serviceAccounts.signBlob permission

TLDR; I'm having trouble assigning an IAM permission to a service account. I'm building a test that involves minting custom tokens with firebase Auth. When I hit: const token = await admin.auth().createCustomToken('test', { isAdmin: true, …
tristansokol
  • 3,836
  • 1
  • 14
  • 30
10
votes
1 answer

How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account?

I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is…
sdfsdf
  • 3,149
  • 3
  • 25
  • 52
7
votes
1 answer

GCP Cloud Build fails with permissions error even though correct role is granted

I setup a Cloud Build Trigger in my GCP project in order to deploy a Cloud Function from a Cloud Source Repository via a .yaml file. Everything seems to have been setup correctly and permissions granted according to the official documentation, but…
starmandeluxe
  • 2,029
  • 3
  • 22
  • 39
7
votes
0 answers

Permissions error when running a script in a Google spreadsheet

We are developing a program that uses Google spreadsheets as the input. The values of the spreadsheet is read, processed and a result is showed in a webpage. When an user sign up we clone a spreadsheet from a template using a service account. The…
razonasistemas
  • 349
  • 1
  • 4
  • 8
6
votes
2 answers

Firebase hosting deploy with serviceaccount fails with 403

I'm trying to deploy a Firebase hosted project with a Service Account (that I created myself, not one provided by Google/Firebase as default) via a pipeline (Gitlab, but that shouldn't matter for this issue). When I run the following command locally…
Robin Trietsch
  • 1,310
  • 1
  • 13
  • 28
6
votes
1 answer

Restricting user access for VM in gcp

Assume two users, A and B have full access to a GCP project. User A creates a VM. Once this is done , it appears user B can login into the VM and also has sudo access to the VM. we used enable-oslogin metadata but we have issue where user a and b…
mo mo
  • 61
  • 2
6
votes
2 answers

How do I give a GCP service account storage.buckets.list access with read only access?

I'm trying to do gsutil ls however that results in: ubuntu@ip:~$ gsutil ls AccessDeniedException: 403 xxxxxxxxxxxx@xxxxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.list access to project xxxxxxxxxxxxxxx. Can I give this permission…
Chris Stryczynski
  • 19,899
  • 28
  • 104
  • 198
1
2 3
25 26