[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# Manage identity and access\n\nBy default, GDC Sandbox comes with a\npre-configured, fake OpenID Connect (OIDC) identity provider and a user\naccount to test your workflow lifecycles. For details on identity providers, see\n[Connect to an identity provider](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/connect-identity).\n\nThe first page upon accessing the GDC console is the fake OIDC\nProvider, and you can return there at any time by selecting **Logout**\nin the banner. From this screen, you can select any user account in your\ninstance and sign in as that user.\n\nFor all tasks you perform in GDC Sandbox, you can use the default\nplatform administrator account, associated with the email\n`fop-platform-admin@example.com`. You can select this account when you\nsign into the GDC console, assign yourself roles and permissions,\nand manage your projects.\n\nWhile you are signed on to the instance using this account, you can create\nadditional users. The [project creation](/distributed-cloud/sandbox/latest/create-project)\ninstructions on a later page describe how to add new users as part of\nthe project setup process.\n\nThe fake OIDC identity provider simplifies the GDC Sandbox experience.\nSome differences between this provider and a real one:\n\n- This provider does not check for passwords or other authentication. Any user who can [connect](/distributed-cloud/sandbox/latest/connect) to the instance can select any of the existing accounts managed by the fake OIDC identity provider, and sign into the instance using that account.\n- The accounts managed by this provider don't have a direct connection to the Google Cloud accounts of the users who have access to your instance. You can create fake OIDC provider accounts with the same username as your team members who are using the instance, and this may be a useful convention, but the system does not enforce that specific individuals use specific accounts in the instance. Anyone who can connect to the instance can choose any account to sign in.\n- These accounts also don't have any connection to the \"gateway accounts\" that are used when you [connect](/distributed-cloud/sandbox/latest//connect) to the gateway VM from your personal computer.\n\nDon't remove the Platform Admin account `fop-platform-admin@example.com`,\nor remove the Organization IAM Admin role from that account.\n\nRoles and permissions\n---------------------\n\nFor each operation you test on a service, you must have the required roles and\npermissions. For a list of all available required roles, see\n[Role definitions](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/role-definitions).\n\nYou can grant the necessary roles to yourself using the default user account\nGDC Sandbox provides you. Before granting a yourself a role\nto test a service, you must have the Project IAM Admin (`project-iam-admin`)\nrole. To grant yourself a role,\n[install `gdcloud`](/distributed-cloud/sandbox/latest/gdcloud) if you plan to use the command line,\nand review the GDC console and gdcloud CLI instructions in\n[Set up role bindings](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/set-up-role-bindings#set-up-role-bindings).\nReplace all instances of \u003cvar translate=\"no\"\u003eUSER_EMAIL\u003c/var\u003e with\n`fop-platform-admin@example.com`.\n\nTo see a list of all roles you've assigned to yourself, do the following:\n\n1. In the Console menu, click **org-1 \\\u003e Select project**.\n2. Click your preferred project.\n3. In the **Projects** page, you see a list of all assigned roles by the default user email."]]