[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# Set up the Platform Admin account\n\nYour GDC Sandbox instance is populated with several accounts. One of\nthem is the Platform Admin account, with the email address\n`fop-platform-admin@example.com`.\nThis page describes how to configure this account with the necessary\npermissions for creating projects and performing other administration\ntasks.\n\nSet up Platform Admin permissions\n---------------------------------\n\nThe following steps will set up your administrator account with the roles\nnecessary to manage projects, users, storage, and other resources.\n| **Warning:** don't remove the Platform Admin account `fop-platform-admin@example.com`, or remove the `Organization IAM Admin` role from this account. This will lock out the instance.\n\nYou can set up your administrator account using the GDC console,\nor the command line tool `gdcloud`. \n\n### GDC console\n\n1. Navigate to your GDC console as described In [Connect to your instance](/distributed-cloud/sandbox/latest/connect).\n2. Select **Access**.\n3. Select **fop-platform-admin@example.com** and click **Edit Roles**.\n4. Click **Add Another Role** to add more roles.\n\n 1. To provide the Platform Admin with the necessary rights to create projects and perform other administrative tasks, add the following roles:\n - Org Network Policy Admin\n - Organization IAM Admin\n - Bucket Admin\n - Organization DB Admin\n - Org Network Policy Admin\n - Project Creator\n - User Cluster Admin\n - AI Platform Admin\n - Organization Grafana Viewer\n 2. To provide the Platform Admin with the necessary rights to create and test specific services, add roles specific to those services.\n 3. Click **Save**.\n5. Click **Submit**.\n\n### gdcloud\n\n1. Navigate to your GDC console as described in [Connect to your instance](/distributed-cloud/sandbox/latest/connect).\n2. Download and install the gdcloud CLI on the machine with access to your instance. See [Download the gdcloud CLI](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-download).\n3. Open a terminal window on a machine with access to your instance.\n - If you chose to use a remote desktop client to connect to your gateway, open a terminal in the Linux GUI on your gateway.\n - If you are connecting through an `sshuttle` tunnel, open a terminal on your own machine.\n4. Set the default GDC organization, `org-1`. For more\n details on GDC organizations, see\n [Organization](/distributed-cloud/hosted/docs/latest/gdch/overview#organization).\n\n gdcloud config set core/organization_console_url \\\n https://console.org-1.zone1.google.gdch.test\n\n5. Retrieve the certificates to authorize your sign in operation:\n\n echo -n | openssl s_client -showcerts -connect \\\n console.org-1.zone1.google.gdch.test:443 | \\\n sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \\\n \u003e /tmp/org-1-web-tls-ca.cert\n\n6. Authenticate and sign into your GDC Sandbox\n environment. A browser window opens.\n\n gdcloud auth login --login-config-cert=/tmp/org-1-web-tls-ca.cert\n\n7. To continue your operations using the gdcloud CLI, close the browser.\n\n8. Optional: To continue your sign in through the browser, follow steps\n three to five in the GDC console tab."]]