Cloud Identity and Access Management (Cloud IAM) offers the ability to create customized IAM roles. You can create custom IAM roles and assign the role one or more permissions. Then, you can grant the new role to your collaborators. Use custom roles to create an access control model that maps directly to your needs, alongside the available predefined roles offered by Google.
To learn which permissions are required for each method, see the Compute Engine API reference documentation:
This document does not describe how to create a custom role. For in-depth information about custom roles and step-by-step instructions for creating a custom role, see Creating and managing custom roles.
Before you begin
- If you want to use the command-line examples in this guide:
- If you want to use the API examples in this guide, set up API access.
- Read the Cloud IAM documentation.
Google Cloud Console permission
To use the Google Cloud Console to access Compute Engine resources, you must have a role that contains the following permission on the project: