No1Lives4Ever
Reputation: 6893
Google Cloud Datastore and service accounts: limit access permissions
Background
I have a Google Cloud Project with:
- Datastore (Firebase mode)
- 2 Service accounts
I have two application that using those service accounts. Each application is using different kind (kind1 and kind2).
I looking for a way to limit the access of:
- Service account 1 to
kind1only - Service account 2 to
kind2only
Questions
- How to do it?
- Is this possible to define permission, like
readonlyorwriteonly? So, even if service account have permission to specific kind, still he can do limited operation on this kind?
Upvotes: 1
Views: 1098
Answers (1)
Methkal Khalawi
Reputation: 2477
There is no such permissions or roles in GCP to limit access to datastore per kind. Your only way to do this is to control it on your backend application service(Nodejs, Python ...etc).
Consult the full permission list for datastore here[1]
[1]https://cloud.google.com/datastore/docs/access/iam#iam_roles
Upvotes: 2
Related Questions
- Authorize Google Cloud Platform Service Account to Access Only One Google Cloud Storage Bucket
- How to give service account only access to one bucket (Google Cloud)?
- How to limit service account access in G Suite?
- How to limit Service Account to only be able to access Google Drive?
- GCS limit bucket access to an existing service account
- Service accounts permissions
- Making a Cloud Storage bucket accessible only by a certain service account
- Google cloud service account permissions to CloudSQL
- How do I restrict a Google service account?
- Google Cloud Storage authentication: restrict permissions without creating additional Google Accounts