Get startedGet started for free

Demo: Custom roles

1. Demo: Custom roles

This demo shows you how to create a custom role in Google Cloud. The goal is to create an Instance Operator role that allows some users to start and stop Compute Engine virtual machines but not reconfigure them. So here I am in the GCP console, and I'm going to click the Navigation menu to go to IAM & Admin, and specifically actually want to go to Roles. And here you can see all the different roles are available. Now, I could select one of these roles and create a role from that selection and then either remove or assign more permissions. You can see over here the permissions that are assigned to a role. Or I can just create a role from scratch. So let me go do that, I'm going to click "Create role" and I'm going to give it a name. I'm going to call this the Instance Operator. There's also an ID to that. And that must be unique and cannot be changed. There is a launch stage selection, Alpha, Beta, General Availability, and Disabled. This is essentially just a launch stage, so you want to make sure that you start small, tested Alpha, and then roll it out at some point so that other users know that they can leverage that availability. So what I'm going to do now is click "Add permissions" because currently there are no assigned permissions given that I started from scratch. So let's go in here. And now we have over 2,000 different permissions, so we obviously want to filter for that just a little bit and specifically I'm interested in the permissions for compute instances. So let me type compute dot instances dot and hit "Enter". And now I'm down to 44. So I want to select a couple different ones from here, I'm interested in "Get", I want to be able to get the different instances. I want to be able to list all of the instances as well as reset them and resume. Resume is if an instance was suspended, which is equivalent to if it's in sleep or in standby mode. I also want to start and stop, and suspend. So I can go click "Add" now and I can see the permissions that I just assigned. So I can get, list, reset, resume, start, stop, and suspend. And from here, I can now click "Create". It's created that and I can click on it here, I can review that, I have an ID, and I have a launch stage, and these are my permissions. That's how easy it is to create a custom role in Google Cloud. Alternatively, you could have started with the Instance Admin role as a base and removed the permissions that you don't want the role to have. Now remember that custom roles are not maintained by Google. That means that when new permissions, features, or services are added to Google Cloud, your custom roles will not be updated automatically.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.