Reputation: 31
How can I add a role to a GCP Service Account
Using the GPC .NET C# API, I am able to successfully create a Service Account for my GCP Project. How can I add Roles to my new Service Account? Presumably this is done through SetIamPolicy however the examples only show setting the Roles for Projects.
Upvotes: 2
Views: 4249
Answers (2)
Reputation: 31
Actually, I needed to set the permissions for a Service Account, not a User. So the correct CLI would be:
gcloud projects add-iam-policy-binding \
[email protected] \
--member='serviceAccount:[email protected]' \
--role='roles/editor'
And this led me to the solution for my .NET project -- so thanks! In the binding API, the member must be prefixed with "serviceAccount:", just like the CLI. So, the full member name for the Binding used in SetPolicy would be:
var member = "serviceAccount:" + "[email protected]";
See here for a more complete example.
Upvotes: 1
Reputation: 49
If you want to grant new Roles to your GCP Service Account(s) you can do it via the Console by following these steps:
Go to your IAM Dashboard in your GCP Project. Here you will find all your accounts: users and service accounts.
Search for the Service Account you want to modify. At the very right of that line you will see a Pencil Icon, click on it. A new panel will show up.
Click on ADD ANOTHER ROLE and select the roles you want to grant to that account. You can add more than one, but you will need to click
ADD ANOTHER ROLEevery time.Click on Save and your Service Account will be ready.
It can take up to 2 minutes to be fully reflected but in the best case, the changes are done immediately.
Another option is to use the command gcloud projects add-iam-policy-binding which allows you to do these changes via the Cloud SDK. A quick example:
gcloud projects add-iam-policy-binding example-project-id-1 \
--member='user:[email protected]' \
--role='roles/editor'
That command will grant the Editor Role to the account [email protected]. You would need to modify that command to set the Service Account and the Roles you want to grant.
This might require more steps on your end as you need to make sure that the syntax for the service account and Roles. The fastest way to use Cloud SDK is via a Cloud Shell session.
Upvotes: 4
Related Questions
- Can't add Storage Admin role to GCP service account
- How can I add roles to service account in GCP?
- Service Account does not exists on GCP
- How to add a custom role to service account using gcloud
- How can I allow a user to become an actor of a service account in Google Cloud Platform (GCP)?
- How to add GCP role to the grantable list?
- Google Cloud Platform (GCP): How to give additional roles to service account?
- How to add GCP IAM roles to Service Account
- How to use GCP Service Account User Role to create resource?
- Adding service account to Cloud Function on GCP