Stack Overflow
Stack Overflow

Questions tagged [google-cloud-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

376 questions
6
votes
1 answer

Permission 'cloudkms.cryptoKeyVersions.useToDecrypt' denied for resource ...key

I am building an http endpoint with Google Cloud Functions. I have an encrypted secret stored as a file that is loaded and decrypted in the function as a way to prevent my secret from being stored in the code. Usually I dynamically load something…
tristansokol
  • 3,836
  • 1
  • 14
  • 30
6
votes
2 answers

SOLUTION: google cloud sdk issue: 'callers must accept terms of service'

Known issue: Installing google-cloud-sdk (linux package or from tarball) has a quirk where you cannot create projects from the command line before accepting the terms of service. Steps to reproduce: Download sdk, untar, move folder to home…
BitShift
  • 671
  • 5
  • 21
5
votes
2 answers

You need permissions for this action. Required permission(s): resourcemanager.projects.setIamPolicy

I checked the IAM & admin in the GCP console UI. I have two roles: (Company name) Project Owner and Editor. The member is my company email address. But when I try to edit(the edit button) other people's roles and permissions, I got below…
slideshowp2
  • 38,463
  • 29
  • 127
  • 255
5
votes
1 answer

Enable APIs using serviceusage API with a service account

I want to create an automatic deployment of GCP for clients. In order to do that, I have opened a page for them to login with google, and then enabled the IAM API and the Service Usage API. Then I have created a service account that I want to use…
Elvira Gandelman
  • 189
  • 4
  • 14
5
votes
2 answers

gcloud compute ssh with local key & project restrictions

We have a user that is allowed to SSH into an VM on the Google Cloud Platform. His key is added to the VM and he can SSH using gcloud compute ssh name-of-vm However connecting in this way will always have gcloud try to update project wide meta data…
Tom Lous
  • 2,489
  • 1
  • 16
  • 40
5
votes
2 answers

Google Managed Services (BigQuery,Cloud Storage etc) via a VPC/VPN

We are planning to use Big Query and Cloud Storage but have questions regarding access via VPN/VPC. As Big Query, GCS are managed services is it correct to assume that it is not possible to restrict access to project level buckets and data sets to…
K2J
  • 2,303
  • 4
  • 23
  • 33
5
votes
4 answers

Google cloud storage listing files in bucket requires permission for project owner

I'm currently using web UI to browse the files in one of the buckets and I happen to be the project owner as well. However I get a permission error You need the storage.objects.list permission to list objects in this bucket. Ask a project or…
opensourcegeek
  • 4,319
  • 5
  • 33
  • 60
5
votes
2 answers

Google Cloud Service Account with 'roles/container.admin'

I am trying to create a Service Account with 'roles/container.admin' and i get an error saying that the role is not supported for this resource. $ gcloud iam service-accounts add-iam-policy-binding sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com…
Victor Rosales
  • 71
  • 3
5
votes
1 answer

Can I restrict access to a Google Cloud SQL instance to specific service account?

I have multiple environments in Google Compute Engine (dev, staging, and production), each with its own Google Cloud SQL instance. The instances connect via Cloud SQL Proxy and authenticate with a credential file that is tied to a service account. I…
Craig Finch
  • 635
  • 5
  • 15
4
votes
1 answer

Cannot impersonate GCP ServiceAccount even after granting "Service Account Token Creator" role

I have 2 ServiceAccounts in my Google Cloud Platform (GCP) Project owner executor The owner ServiceAccount has 1 project-wide role attached to it: "Owner" - for the project The executor ServiceAccount has ONLY 2 specific roles attached to it (as…
Rakib
  • 9,946
  • 11
  • 59
  • 93
4
votes
1 answer

Create an alias for a Google Service Account Email?

I've shared a Google Sheet with my Google Service account email, which looks something like: myappname-service@myappname-266229.iam.gserviceaccount.com This permits my application to access that Google Sheet. I'd like to be able to share the Google…
Richard
  • 45
  • 6
4
votes
1 answer

The caller does not have permission when attempting to use Google Cloud Storage within Cloud Run

I'm attempting to get a Node project setup on Google Cloud Run with Cloud Storage. I am running into an authentication issue when using a created Service Account. When creating the service account I did successfully download the JSON token and got…
John Chipps-Harding
  • 121
  • 3
4
votes
2 answers

How to get all roles/permissions that a service account have for a project and organization in GCP through API

I have a service account which belongs to a project. It have some roles/permissions set at the project level as well as some roles/permissions set at organization level. I need to get list of all permissions/roles that the service account is…
Johnny Cage
  • 41
  • 1
  • 3
4
votes
2 answers

Limiting access of a GCP Cloud IAM custom role only to a bucket

AWS provides a way through its IAM policies to limit access from a particular user/role to a specific named resource. For example the following permission: { "Sid": "ThirdStatement", "Effect": "Allow", "Action": [ …
pkaramol
  • 9,548
  • 14
  • 80
  • 167
4
votes
2 answers

Can't delete a Google Cloud Project

I have an old Google Cloud Project that i just can't delete. When I do it via website i get an "Project Service Unknown error Tracking number: 342342354345345345" When i do it via CLI with command: gcloud projects delete "PROJECT" I get an…
FilipM
  • 43
  • 4
1
2
3
25 26