Google Cloud Platform
Compute Engine

Adding Project Team Members

You can give other users access to Google Compute Engine by adding them to your project. The level of access a user has depends on which role the user has been added with.

You might also be interested in controlling ssh access using User Accounts.


Managing your project's users

Add a user to your project using the Google Cloud Platform Console. When you add a user to your Google Compute Engine project, it gives the user some amount of access to Google Compute Engine resources in that project, determined by the roles such as viewer, editor, or owner. For example, if you add a user as an owner, they will be able to add and modify Google Compute Engine resources in the project, connect to the project's instances using SSH, and change the project's membership.

To add or delete users, or to change their permissions:

  1. Go to the Permissions page in the console.
  2. To add a new team member, click the Add Member button.
  3. To delete a team member, check the box next to their account and click Remove.
  4. To change a user's permissions, select a different role in the Permission column.

You can choose from these three user roles:

Cloud Platform Console Role Permissions
Can View Provides READ access:
  • Can see the state of your instances.
  • Can list and get any resource type.
Can Edit Provides "Can View" access, plus:
  • Can modify any resource type.
  • On standard images released after March 22, 2012, can ssh into the project's instances.
Is Owner Provides "Can Edit" access, plus:
  • Can change membership of the project.

Giving users SSH access to your instances

You can authorize users to access your instances by adding them with Can Edit or Is Owner roles to your project. As described above, this also lets users access all resources within the project.

Alternatively, you can create a User Account for the user, which gives ssh access but prevents access to other parts of the project.