Stay organized with collections
Save and categorize content based on your preferences.
Your GDC Sandbox instance is populated with several accounts. One of
them is the Platform Admin account, with the email address
fop-platform-admin@example.com.
This page describes how to configure this account with the necessary
permissions for creating projects and performing other administration
tasks.
Set up Platform Admin permissions
The following steps will set up your administrator account with the roles
necessary to manage projects, users, storage, and other resources.
You can set up your administrator account using the GDC console,
or the command line tool gdcloud.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Set up the Platform Admin account\n\nYour GDC Sandbox instance is populated with several accounts. One of\nthem is the Platform Admin account, with the email address\n`fop-platform-admin@example.com`.\nThis page describes how to configure this account with the necessary\npermissions for creating projects and performing other administration\ntasks.\n\nSet up Platform Admin permissions\n---------------------------------\n\nThe following steps will set up your administrator account with the roles\nnecessary to manage projects, users, storage, and other resources.\n| **Warning:** don't remove the Platform Admin account `fop-platform-admin@example.com`, or remove the `Organization IAM Admin` role from this account. This will lock out the instance.\n\nYou can set up your administrator account using the GDC console,\nor the command line tool `gdcloud`. \n\n### GDC console\n\n1. Navigate to your GDC console as described In [Connect to your instance](/distributed-cloud/sandbox/latest/connect).\n2. Select **Access**.\n3. Select **fop-platform-admin@example.com** and click **Edit Roles**.\n4. Click **Add Another Role** to add more roles.\n\n 1. To provide the Platform Admin with the necessary rights to create projects and perform other administrative tasks, add the following roles:\n - Org Network Policy Admin\n - Organization IAM Admin\n - Bucket Admin\n - Organization DB Admin\n - Org Network Policy Admin\n - Project Creator\n - User Cluster Admin\n - AI Platform Admin\n - Organization Grafana Viewer\n 2. To provide the Platform Admin with the necessary rights to create and test specific services, add roles specific to those services.\n 3. Click **Save**.\n5. Click **Submit**.\n\n### gdcloud\n\n1. Navigate to your GDC console as described in [Connect to your instance](/distributed-cloud/sandbox/latest/connect).\n2. Download and install the gdcloud CLI on the machine with access to your instance. See [Download the gdcloud CLI](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-download).\n3. Open a terminal window on a machine with access to your instance.\n - If you chose to use a remote desktop client to connect to your gateway, open a terminal in the Linux GUI on your gateway.\n - If you are connecting through an `sshuttle` tunnel, open a terminal on your own machine.\n4. Set the default GDC organization, `org-1`. For more\n details on GDC organizations, see\n [Organization](/distributed-cloud/hosted/docs/latest/gdch/overview#organization).\n\n gdcloud config set core/organization_console_url \\\n https://console.org-1.zone1.google.gdch.test\n\n5. Retrieve the certificates to authorize your sign in operation:\n\n echo -n | openssl s_client -showcerts -connect \\\n console.org-1.zone1.google.gdch.test:443 | \\\n sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \\\n \u003e /tmp/org-1-web-tls-ca.cert\n\n6. Authenticate and sign into your GDC Sandbox\n environment. A browser window opens.\n\n gdcloud auth login --login-config-cert=/tmp/org-1-web-tls-ca.cert\n\n7. To continue your operations using the gdcloud CLI, close the browser.\n\n8. Optional: To continue your sign in through the browser, follow steps\n three to five in the GDC console tab."]]