Google Identity Access and Management (IAM) offers the ability to create customized IAM roles. You can create custom IAM roles and assign the role one or more permissions. Then, you can grant the newly-created role to your collaborators. Use custom roles to create an access control model that maps directly to your needs, alongside the available predefined roles offered by Google.
You can find out which permissions are required for each method in the Compute Engine API reference documentation:
This document does not describe how to create a custom role. You can find in-depth information about custom roles and step-by-step instructions to create custom a role, in Creating and Managing Custom Roles.
Before you begin
- Read the Google Cloud IAM documentation.
Cloud Platform Console permission
To use the Google Cloud Platform Console to access Compute Engine resources, you must have a role that contains the following permission on the project: