Steps to Set Up IAM Role (Using IAM Console)
- Enter the google cloud console.
- Select Navigation menu > IAM & Admin > IAM. You are now in the “IAM & Admin” console.
- Click the +GRANT ACCESS / ADD button at the top of the page
- Paste the name of the user you want to grant the role to.
- In the Select a role field, hover over Basic from the drop-down menu to select the needed role.
- Click save.
Steps to set up IAM role (Using command line interface) :
- Check available permissions in your project.
gcloud iam list-testable-permission
- Use this command to create yaml file which will contain description of IAM roles and permission.
nano <<file_name>>.yaml
- Above wil allow you to enter data into yaml file. Enter description in following format.
title: “[ROLE-TITLE]”
description: “[ROLE_DESCRIPTION]”
stage: “[LAUNCH_STAGE]” //such as ALPHA, BETA, or GA
includedPermissions:
– [PERMISSION 1]
– [PERMISSION 2]
Save the above using CTRL+X and close it using CTRL+Y, then ENTER.
- Finally, create the role by using the given command
gcloud iam roles create <<role_name>> –project <<project_name>> –file <<file_name>>.yaml
How to Use Cloud Identity and Access Management (IAM) For Access Control on GCP?
IAM defines “who can do what on which resource”. Cloud IAM (Identity Access Management) offers a standardized set of functions and integrates access management for Google Cloud services into a single solution. You can create and manage permissions for Google Cloud resources using the Identity and Access Management (IAM) service provided by Google Cloud. The appropriate tools are provided by Cloud IAM to efficiently and highly automate the management of resource rights. Users do not receive permissions directly from you, you give them roles instead, that combine one or more permissions. You can use this to relate jobs and groups within your organization to specific job responsibilities. Users only have access to the information they require to do their tasks, and administrators can easily give default permissions to huge groups of users.
Contact Us