Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.
Questions tagged [google-cloud-iam]
671 questions
118
votes
4 answers
How do I list the roles associated with a gcp service account?
In the google cloud gui console I went to "IAM & admin" > "Service accounts" and created a service account named "my-service-account" with the viewer role.
I then ran this command:
gcloud iam service-accounts get-iam-policy…
red888
- 27,709
- 55
- 204
- 392
39
votes
1 answer
How to Update Roles of Existing Service Accounts - Google Cloud Console
I am using the Google Cloud Console for this purpose. When I create a service account, I can assign specific roles. But after I create it, I don't see an option to Update Roles of Service Accounts.
I tried to edit the service account, and still no…
Keet Sugathadasa
- 11,595
- 6
- 65
- 80
31
votes
2 answers
How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account?
I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is…
sdfsdf
- 5,052
- 9
- 42
- 75
29
votes
7 answers
How do I list all IAM users for my Google Cloud Project
I'd like to be able to list all users and service account associated with my projects (preferably using the gcloud CLI tool, but happy to make an API call if needs be).
I can easily list all the service accounts associated with a project using this,…
Graham Polley
- 14,393
- 4
- 44
- 80
28
votes
4 answers
Unable to assign iam.serviceAccounts.signBlob permission
TLDR; I'm having trouble assigning an IAM permission to a service account.
I'm building a test that involves minting custom tokens with firebase Auth. When I hit:
const token = await admin.auth().createCustomToken('test', {
isAdmin: true,
…
tristansokol
- 4,054
- 2
- 17
- 32
28
votes
3 answers
Your application has authenticated using end user credentials from the Google Cloud SDK which are not supported by the translate.googleapis.com
After reading similar questions, such as:
i am using gcp service account but when calling dialogue flow api its giving error :
and
Why is Google Cloud API trying to connect as an end-user?
and applying the suggested solutions I am still getting the…
Alex Mi
- 1,409
- 2
- 21
- 35
26
votes
5 answers
gcloud - ERROR: (gcloud.app.deploy) Permissions error fetching application
I am trying to deploy node js app on google cloud but getting following error -
Step #1: ERROR: (gcloud.app.deploy) Permissions error fetching application [apps
/mytest-240512]. Please make sure you are using the correct project ID and that
you have…
Sachin Vairagi
- 4,894
- 4
- 35
- 61
26
votes
20 answers
Can't push image to google container registry - Caller does not have permission 'storage.buckets.get'
I am working on a bitbucket pipeline for pushing image to gc container registry.
I have created a service account with Storage Admin role. (bitbucket-authorization@mgcp-xxxx.iam.gserviceaccount.com)
gcloud auth activate-service-account --key-file…
Tania Petsouka
- 1,388
- 1
- 9
- 20
22
votes
5 answers
Google Cloud Platform Service Account is Unable to Access Project
I encounter the following warning:
WARNING: You do not appear to have access to project [$PROJECT] or it does not exist.
after running the following commands locally:
Activate and set a service account:
gcloud auth activate-service-account…
bryan
- 8,879
- 18
- 83
- 166
21
votes
3 answers
How do I grant a specific permission to a Cloud IAM service account using the gcloud CLI?
I know that I can do it via the UI (Cloud Console), and that I can also assign a role. Although, how do I grant a single permission easily?
For example, I was pushing an image to Google Container Registry with a newly created service account, and I…
stkvtflw
- 12,092
- 26
- 78
- 155
18
votes
4 answers
Dataflow setting Controller Service Account
I try to set up controller service account for Dataflow. In my dataflow options I have:
options.setGcpCredential(GoogleCredentials.fromStream(
new FileInputStream("key.json")).createScoped(someArrays));…
Magda Kiwi
- 501
- 1
- 3
- 15
16
votes
8 answers
GCP Cloud Function - ERROR fetching storage source during build/deploy
Running into problems building deploying functions. When trying to programmatically deploy the function I get the following output in builder logs (ERRORS).
2020-10-20T02:22:12.155866856Z starting build "1fc13f51-28b6-4052-9a79-d5d0bef9ed5c"
I…
bruce
- 209
- 2
- 8
15
votes
3 answers
Authorize Google Cloud Platform Service Account to Access Only One Google Cloud Storage Bucket
I have created a Google Cloud Platform service account, $GCP_SERVICE_ACCOUNT, with the Storage Admin (roles/storage.admin) role.
Now I wish to restrict this account so that it can only access a specific Google Cloud Storage (GCS) Bucket…
i_am_cris
- 557
- 1
- 5
- 19
14
votes
3 answers
SOLUTION: google cloud sdk issue: 'callers must accept terms of service'
Known issue:
Installing google-cloud-sdk (linux package or from tarball) has a quirk where you cannot create projects from the command line before accepting the terms of service.
Steps to reproduce:
Download sdk, untar, move folder to home…
BitShift
- 977
- 2
- 9
- 28
14
votes
1 answer
GCP Cloud Build fails with permissions error even though correct role is granted
I setup a Cloud Build Trigger in my GCP project in order to deploy a Cloud Function from a Cloud Source Repository via a .yaml file. Everything seems to have been setup correctly and permissions granted according to the official documentation, but…
starmandeluxe
- 2,443
- 3
- 27
- 44