Reputation: 31
How give Cloud Shell only access in GCP
I want to grant access to a GCP account which limits the ability to create resources via the console UI and cloud shell must be used for any resource creation.
Upvotes: 1
Views: 1243
Answers (2)
Reputation: 81356
Cloud Shell uses the identity logged into Google Accounts for authorization. To use different permissions (roles) requires using different identities. Google Cloud IAM does not differentiate between a user using the GUI and a user using Cloud Shell.
Upvotes: 0
Reputation: 4443
There is no way to restrict users from making changes or creating / deleting resources using GCP's cloud console and allow full access using command line at the same time.
However - solution offered by @dany L seems a good one - restricting actual user's access to "viewer" role and granting him ability to impersonate a single service account seems a viable workarond.
Upvotes: 1
Related Questions
- GCP cloud sheel error: No credentialed accounts
- Can you stop Google Cloud Shell prompting for "Authorise Cloud Shell" when running gcloud commands?
- GCP - OS Login works through the Console SSH browser but not through Cloud Shell
- GCP open firewall only to cloud shell
- customizing environments in Google cloud shell
- How to setup properly Google Cloud Shell?
- How to specify user directory when connecting to the Google Cloud Engine instance?
- Limit access to Google Cloud Platform Console
- The access scope of Cloud Shell
- Google Cloud permissions