Type "**iam & admin**" in the search bar and and click on the **IAM** option

**What is IAM?**\
\
**IAM (Identity and Access Management)** is a Google Cloud service that helps you manage and control access to your cloud resources. It allows you to define and enforce who can access specific resources, what actions they can perform, and under what conditions. IAM uses roles and permissions to grant or restrict access, ensuring that users and services have the appropriate level of access to resources based on their roles and responsibilities.

On the left bar click on the **Roles** option

**What are Roles?**\
\
**Roles** in Google Cloud IAM are sets of permissions that define what actions users or services can perform on resources. There are primitive roles (like Viewer, Editor, and Owner), predefined roles for specific services, and custom roles that you create with tailored permissions to suit your needs. Roles help manage and control access to resources efficiently.

**Roles** wizard will open, click on the the **Filter** search bar, and type **roles/viewer** then select the **roles/viewer** option

**What is roles/viewer filter?**\
\
The **roles/viewer** filter in Google Cloud IAM refers to a predefined role that grants read-only access to resources. Users with this role can view resources and their configurations but cannot modify them. It is used to restrict permissions to viewing data without making any changes.

**Viewer** wizard will open, here you can view the Description and assigned permissions for the roles/viewer role

To create a **Custom Role**, click on the **CREATE ROLE** button on the top left side

**Create Role** wizard will open, give the Name as - "**My Custom Role**"

Scroll to the **ID** section and type "**MyCustomRole**"

Scroll to the **Role launch stage** section and select the option **Alpha**

**Note:** You can select the option as per your requirement.

**What is Role launch section Alpha?** \
\
**Role launch section Alpha** typically refers to an early development or preview phase for new IAM roles or features in Google Cloud. During this alpha phase, the roles or features are being tested and refined, and are often available to a limited set of users or organizations. Feedback from this phase helps improve the final release before it becomes generally available.

**Add permissions** wizard will open, tick the check boxes of the Permissions you want to add for this role.

**Note:** For this demo, we will be adding **accessapproval.request.approve** and **accessapproval.requests.dismiss** permissions

Scroll the page and click on the **CREATE** button

You can view that "MY Custom Role" has been successfully created and added in the Roles list

Congratulations! on completing this lab and Playing with IAM Roles - Predefined, Basic and Custom Roles

Google Cloud

This guide offers a comprehensive overview of IAM roles, including predefined, basic, and custom roles, making it essential for anyone looking to enhance their understanding and management of access control in cloud environments.