gcloud iam list-testable-permissions //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
gcloud iam roles describe [ROLE_NAME]
gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
-
create yaml
nano role-definition.yaml
title: "Role Editor" description: "Edit access for App Versions" stage: "ALPHA" includedPermissions: - appengine.versions.create - appengine.versions.delete
-
Execute
gcloud iam roles create editor --project $DEVSHELL_PROJECT_ID \ --file role-definition.yaml
gcloud iam roles create viewer --project $DEVSHELL_PROJECT_ID \
--title "Role Viewer" --description "Custom role description." \
--permissions compute.instances.get,compute.instances.list --stage ALPHA
gcloud iam roles list --project $DEVSHELL_PROJECT_ID
gcloud iam roles list
-
Current role
gcloud iam roles describe [ROLE_ID] --project $DEVSHELL_PROJECT_ID
-
Buat yaml
nano new-role-definition.yaml
-
Add more role
description: Edit access for App Versions etag: BwVxIBjfN3M= includedPermissions: - appengine.versions.create - appengine.versions.delete - storage.buckets.get - storage.buckets.list name: projects/[PROJECT_ID]/roles/editor stage: ALPHA title: Role Editor
-
Update role
gcloud iam roles update [ROLE_ID] --project $DEVSHELL_PROJECT_ID \ --file new-role-definition.yaml
gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID \
--add-permissions storage.buckets.get,storage.buckets.list
gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID \
--stage DISABLED
gcloud iam roles delete viewer --project $DEVSHELL_PROJECT_ID
gcloud iam roles undelete viewer --project $DEVSHELL_PROJECT_ID