Playing with IAM Roles - Predefined, Basic and Custom Roles | Scribe

Playing with IAM Roles - Predefined, Basic and Custom Roles

  • Hafeez Baig |
  • 15 steps |
  • 56 seconds
  • Google CloudGoogle Cloud
1
Sign in to the **Google Cloud Console**
2
Type "**iam & admin**" in the search bar and and click on the **IAM** option
information ordinal icon
**What is IAM?**\ \ **IAM (Identity and Access Management)** is a Google Cloud service that helps you manage and control access to your cloud resources. It allows you to define and enforce who can access specific resources, what actions they can perform, and under what conditions. IAM uses roles and permissions to grant or restrict access, ensuring that users and services have the appropriate level of access to resources based on their roles and responsibilities.
3
On the left bar click on the **Roles** option
information ordinal icon
**What are Roles?**\ \ **Roles** in Google Cloud IAM are sets of permissions that define what actions users or services can perform on resources. There are primitive roles (like Viewer, Editor, and Owner), predefined roles for specific services, and custom roles that you create with tailored permissions to suit your needs. Roles help manage and control access to resources efficiently.
4
**Roles** wizard will open, click on the the **Filter** search bar, and type **roles/viewer** then select the **roles/viewer** option
information ordinal icon
**What is roles/viewer filter?**\ \ The **roles/viewer** filter in Google Cloud IAM refers to a predefined role that grants read-only access to resources. Users with this role can view resources and their configurations but cannot modify them. It is used to restrict permissions to viewing data without making any changes.
5
Click on the Title **Viewer**
6
**Viewer** wizard will open, here you can view the Description and assigned permissions for the roles/viewer role
7
To create a **Custom Role**, click on the **CREATE ROLE** button on the top left side
8
**Create Role** wizard will open, give the Name as - "**My Custom Role**"
9
Scroll to the **ID** section and type "**MyCustomRole**"
10
Scroll to the **Role launch stage** section and select the option **Alpha** **Note:** You can select the option as per your requirement.
information ordinal icon
**What is Role launch section Alpha?** \ \ **Role launch section Alpha** typically refers to an early development or preview phase for new IAM roles or features in Google Cloud. During this alpha phase, the roles or features are being tested and refined, and are often available to a limited set of users or organizations. Feedback from this phase helps improve the final release before it becomes generally available.
11
Click on the **ADD PERMISSIONS** button
12
**Add permissions** wizard will open, tick the check boxes of the Permissions you want to add for this role. **Note:** For this demo, we will be adding **accessapproval.request.approve** and **accessapproval.requests.dismiss** permissions
13
Click on the **ADD** button
14
Scroll the page and click on the **CREATE** button
15
You can view that "MY Custom Role" has been successfully created and added in the Roles list
information ordinal icon
Congratulations! on completing this lab and Playing with IAM Roles - Predefined, Basic and Custom Roles