IAM permissions
The following page discusses the Identity and Access Management (IAM) permissions required to perform actions within the Cloud Storage portion of the Google Cloud console. IAM permissions are bundled together to make roles, and you grant roles to users and groups. See the Google documentation on IAM Roles for more information.
Granting permissions
Certain permissions are necessary to use the Google Cloud console:
To grant Cloud Access Management the required permissions to your organization:
- Go to IAM & Admin > Roles.
- Select + CREATE ROLE.
- Enter a title, description, and a unique ID.
- Select + ADD PERMISSIONS and add the following permissions:
orgpolicy.policy.get
resourcemanager.projects.get
secretmanager.versions.access
storage.buckets.get
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
- Select CREATE to create the role with these permissions.
- Select IAM & Admin > IAM.
- Select ADD.
- Search for or paste the service account email in New principals.
- Select the newly created role in the dropdown menu and select SAVE.