Create an access level for Access Context Manager
Learn how to create an access level for Access Context Manager by using the Google Cloud console.
To complete this quickstart, you must have the
accesscontextmanager.policies.create
permission, which requires the
Access Context Manager Admin role at the organization level. For more
information, see Access control with IAM.
To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Access Context Manager and the Cloud Resource Manager APIs.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Access Context Manager and the Cloud Resource Manager APIs.
Set permissions
At the top of the Google Cloud console, click the
project selector, and then select your organization.Go to the IAM page.
Click
Grant access.In the Add principals pane, do the following:
For New principals, enter your user email.
For Select a role, select Access Context Manager, and then select Access Context Manager Admin.
Click Save.
Create an access level
This quickstart provides sample values to create an example basic access level. To create an access level specific to your environment, see Creating a basic access level.
In the Google Cloud console, go to the Access Context Manager page.
If you are prompted, select a project.
Click Create access level.
In the New access level pane, do the following:
In the Access level title field, enter
quickstart-access-level
.In the Conditions section, expand IP subnetworks, and then enter
203.0.113.0/24
.Click Save.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
Delete the project
The easiest way to eliminate billing is to delete the project that you created for the tutorial.
To delete the project:
- In the Google Cloud console, go to the Manage resources page.
- In the project list, select the project that you want to delete, and then click Delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
Delete the access level
There are no costs associated with creating access levels. However, if you want to delete an access level, follow these steps:
In the row for the access level you want to delete, click the trigger actions menu (
), and then click Delete.To confirm, click Delete.
What's next
Read an overview of Access Context Manager.
To add more attributes to your access level, see Access Level attributes.