Configuring Access Control

This page explains how to use Cloud IAM (Identity and Access Management) in Cloud Platform Console to configure permissions for your project's team members and service accounts.

You can use access control to add team members to your project and to grant them permissions to create, view, and cancel builds. Container Builder uses Google Cloud Identity and Access Management (IAM) for access control. Users require the necessary Cloud IAM permissions to call Container Builder API methods.

You can use the Cloud Platform Console to set up access control. You can also use the gcloud command-line tool, the Cloud IAM API, and Java, which rely on the role/ model rather than the role titles used in the Cloud Platform Console.

To learn more, see Granting, Changing, and Revoking Access to Project Members in the Cloud IAM documentation.

Permissions

The table below lists the permissions required for each API method:

API Method Required Permission Role Title
create cloudbuild.builds.create Cloud Container Builder Editor
cancel cloudbuild.builds.update Cloud Container Builder Editor
get cloudbuild.builds.get Cloud Container Builder Editor, Cloud Container Builder Viewer
list cloudbuild.builds.list Cloud Container Builder Editor, Cloud Container Builder Viewer

Roles

The table below lists the Container Builder IAM roles and their permissions:

Role Role Title includes permissions:
role/cloudbuild.builds.viewer Cloud Container Builder Viewer cloudbuild.builds.get
cloudbuild.builds.list
role/cloudbuild.builds.editor Cloud Container Builder Editor All of the above, and:
cloudbuild.builds.create
cloudbuild.builds.update

The table below lists the primitive roles that existed prior to Cloud IAM, and the Container Builder IAM roles that they include.

Role Role Title includes role
role/viewer Viewer role/cloudbuild.builds.viewer
role/editor or role/owner Editor or Owner role/cloudbuild.builds.editor

Access Control via the Google Cloud Platform Console

You can use the Cloud Platform Console to manage access control for Container Builder.

To set access controls for a new team member or service account:

  1. Open the Identity and Access Management page in the Google Cloud Platform Console.
  2. Select your project, and click Continue.
  3. Click Add.
  4. Enter the team member's or service account's email address.
  5. Select the desired Role Title from the drop-down menu. Container Builder roles are found under Container Builder.
  6. Click Add.

What's next

Send feedback about...

Cloud Container Builder