Stack Overflow
Stack Overflow

Questions tagged [google-cloud-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

376 questions
0
votes
2 answers

Issue Deleting Google Compute Account through API using Python

I was able to piece together a Python script to interact with the Google API Library using information from here and here. The code below is working and I'm able to list all accounts within a particular Project. See below: Code: import os from…
Eric P
  • 121
  • 2
  • 6
0
votes
1 answer

Unable to grant datastore permissions in Google Cloud Console

When managing roles in Google Cloud IAM, all datastore.* permissions (such as datastore.entities.{create, list, get}) show up as greyed out with a yellow exclamation badge with a tool tip explaining "cannot assign permission." I'm assuming this is…
Trey
  • 10,300
  • 1
  • 20
  • 21
0
votes
1 answer

Service account can create PubSub subscriptions but can't read from them

I've created a service account I intend to use in our development environment, and since its credentials are checked into source control, I want to lock down its access to the bare minimum. When spinning up new hosts, our app creates a new PubSub…
Brentonium
  • 1
  • 1
0
votes
1 answer

Provide Access to view "Enabled APIs & Services" dashboard

I am not able to find any way to grant access to view the "Enabled APIs & Services" dashboard page. My co-worker does not have access but I can't find any roles or documentation that suggest what access is needed to view this page. See attached…
reese0106
  • 1,881
  • 2
  • 14
  • 38
0
votes
0 answers

How to implement IoT with GCP: What are the limits of both cloud projects and service accounts per project? To what number can they be increased?

In short: What are the limits of both cloud projects and service accounts per project? How can they be increased? Is the architecture a good idea at all? I am developing an IoT application with tens of thousands of planned devices in the field,…
a13x6au3r
  • 1
  • 1
-1
votes
1 answer

Is it possible to permission specific resources to specific users on Google Cloud?

Is it possible to permission specific resources to specific users? Example: I want John Doe to only be able to modify one specific cluster, but not any other clusters. I want Jane Doe to be able to write to certain buckets but not all buckets.
Mark Wagner
  • 161
  • 1
  • 6
-1
votes
1 answer

Simulate behavior analogous to "sts assume role" for GCP for setting up a global authentication in local environment

I believe I have hit a dead end but i would like some validation from an expert. I started to learn GCP this week and I am trying to achieve something that I was previously able to achieve with the AWS cloud platform. Please bare with me as I know…
Taha Khan
  • 64
  • 8
-1
votes
1 answer

Cloud IAM conditions - How to limit instanceAdmin to a specific instance name only

I have a project with three VMs. I'm trying to create a condition at the project level that should limit instanceAdmin role to a single instance only, based on its name. I previously tried to to grant the policy at the instance level, but nothing…
outmoo
  • 1
  • 2
-1
votes
1 answer

Google Cloud: best practice for developer workstations authentication

The question is specifically about the case where developers need to access GCP from their workstations (Firestore, Stackdriver, KMS...). In Google Cloud documentation, it is usually stated: Developer workstation: Authenticating by using a service…
Nikola Mihajlović
  • 1,777
  • 15
  • 19
-1
votes
2 answers

What's the correct format of private_key when using it as an environment variable?

I am trying to use private_key for some GCP service nodejs client libraries, e.g. @google-cloud/pubsub, @google-cloud/trace-agent I got private_key from service account credential json file like this: I am trying to use it as an environment…
slideshowp2
  • 38,463
  • 29
  • 127
  • 255
-1
votes
1 answer

Managed Service Provider on Google Cloud Platform

If a Managed Service Provider (MSP) wants to monitor existing GCP projects of a client that are associated to a client billing account ( meaning the client is directly paying to Google for it ) , how can the MSP start monitoring those ? What are the…
DynaObject LLC
  • 5
  • 3
-1
votes
1 answer

Inhibit project creation outside Cloud Identity organization

I've a Cloud Identity Org mapped to a Google Cloud Platform Org. The IAM policy on GCP Org is the following: "Admins" can create project and make administrative ops "Devs" can browse In GCP Org is all ok, but I've seen that a "Devs" user can…
Davide Belloni
  • 11
  • 4
-1
votes
1 answer

What permission do I need on a service account to allow pushing docker images to the container registry?

I'm using a service account to authenticate with the gcloud utillity. I'm trying to push a docker image with the command of: gcloud docker -- push eu.gcr.io/abcxyz/example:latest but get an error of: denied: Unable to create the repository, please…
Chris Stryczynski
  • 19,899
  • 28
  • 104
  • 198
-2
votes
1 answer

GCP IAM management screen. Is this a bug or my misunderstanding?

You can see Table A of permissions in GCP's IAM and Administration > IAM page. Table A has an item called Analyzed Permissions (Extra / Total). You can see more detailed Table B for that role by clicking on a value such as 2/4 of this item. Normally…
invalid
  • 577
  • 6
  • 19
-2
votes
1 answer

How can I grant individual permissions for user in IAM for Bigquery using python

I want to give below IAM permission for the user. Permission: BigQuery Job User Browser I know How I can set through windows UI but I want to set this IAM permission through a python script?
Pradeep Bhutare
  • 25
  • 6
1 2 3
25
26