This page summarizes general requirements for deploying artifacts to Google Cloud runtime environments.
There are two forms of access control to consider:
- IAM permissions
- Identity and Access Management permissions determine the users, service accounts and other identities that can access resources. You grant Artifact Registry permissions to identities that can access repositories.
- Access scopes
- Access scopes determine the default OAuth scopes for requests made through the gcloud CLI and client libraries on a VM instance. As a result, access scopes can further limit access to API methods when authenticating with application default credentials.
Google Cloud runtime environments are preconfigured with access to repositories in the same project. You must configure or modify permissions yourself if:
- You are using a service account in one project to access Artifact Registry in a different project
- You are using a service account with read-only access to storage, but you want the service account to both upload and download artifacts
- You are using a custom service account to interact with Artifact Registry.
For service-specific requirements, refer to the following information: