IAM Lecture

https://linuxacademy.com/cp/courses/lesson/course/1256/lesson/2/completed/1/module/139

The example at (12:25) implies that predefined roles can be given to users at a resource-level, not just a project-level. If this were true, this would imply that you could give a user 'instance-admin' role for a specific instance within a project without giving the user this role for other instances in that project. Is this the correct intepretation? If so, how do I accomplish this in the GCP console?


  • post-author-pic
    Matthew U
    09-04-2018

    'Resource' in this case would be to Compute Engine/Cloud Storage/VPC/etc as opposed to the same permissions across the entire project.

  • post-author-pic
    Zul K I
    09-05-2018

    Not all GCP roles can be applied at 'resource' level. In fact - for most roles - the lowest level a role can be applied at is 'project'.

    For example, compute.instanceAdmin role can only be applied at org/folder/project levels while pubsub.editor role can be applied at org/folder/project/topic levels.

    More info here: https://cloud.google.com/iam/docs/understanding-roles#compute_engine_roles

  • post-author-pic
    Aamar H
    12-29-2018

    you need to cover custom roles for this topic..

  • post-author-pic
    Matthew U
    12-29-2018

     @aamarh  Custom roles are covered in the part 2 course. At the time custom roles were in beta, but the same concepts still apply. You can find the lesson here: https://linuxacademy.com/cp/courses/lesson/course/1327/lesson/2/module/143

  • post-author-pic
    Aamar H
    12-30-2018

    thanks Matt, going over them now in p2 - 

Looking For Team Training?

Learn More