Access Control

You can set access control using roles at the project level. Assign a role to a project member or service account to determine the level of access to your Google Cloud Platform project and its resources. By default, all Google Cloud Platform projects come with a single user: the original project creator. No other users have access to the project, and therefore, access to functions, until a user is added as a project team member.

Access control for users

To give users the ability to create and manage your functions, you can add users as team members to your project and grant them permissions using Identity and Access Management (IAM) roles. Cloud Functions currently only supports primitive roles.

Primitive IAM roles

For Cloud Functions, a project member's role also controls the permissible actions in the gcloud beta functions commands that are used to deploy and manage applications. Each Primitive IAM role is listed with its permission, as follows:

Role Google Cloud Platform Permissions
Owner All viewer and editor privileges, plus the ability to view deployed source code, invite users, change user roles, and delete an application. Has admin privileges to all resources in the project.
Editor View function information and edit function settings. Has admin privileges to all resources in the project.
Viewer View function information. Has admin privileges to all resources in the project.

Using service accounts

Functions have the Editor role on the project at runtime. Reducing the permissions of the service account representing the identity of the function is not supported.

To learn more about service accounts, please read the Service Accounts documentation.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Functions Documentation