Create an access level for Access Context Manager

Learn how to create an access level for Access Context Manager by using the Google Cloud console.

To complete this quickstart, you must have the accesscontextmanager.policies.create permission, which requires the Access Context Manager Admin role at the organization level. For more information, see Access control with IAM.


To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me


Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Access Context Manager and the Cloud Resource Manager APIs.

    Enable the APIs

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Access Context Manager and the Cloud Resource Manager APIs.

    Enable the APIs

Set permissions

  1. At the top of the Google Cloud console, click the project selector, and then select your organization.

  2. Go to the IAM page.

    Go to IAM

  3. Click Grant access.

  4. In the Add principals pane, do the following:

    1. For New principals, enter your user email.

    2. For Select a role, select Access Context Manager, and then select Access Context Manager Admin.

    3. Click Save.

Create an access level

This quickstart provides sample values to create an example basic access level. To create an access level specific to your environment, see Creating a basic access level.

  1. In the Google Cloud console, go to the Access Context Manager page.

    Go to Access Context Manager

    If you are prompted, select a project.

  2. Click Create access level.

  3. In the New access level pane, do the following:

    1. In the Access level title field, enter quickstart-access-level.

    2. In the Conditions section, expand IP subnetworks, and then enter 203.0.113.0/24.

    3. Click Save.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete the access level

There are no costs associated with creating access levels. However, if you want to delete an access level, follow these steps:

  1. In the row for the access level you want to delete, click the trigger actions menu (), and then click Delete.

  2. To confirm, click Delete.

What's next