Overview
Game Servers uses Identity and Access Management (IAM) for access control.
In Game Servers, access control can be configured at the project, realm, cluster, deployment, or config level. For example, you can grant access to all clusters within a project to a group of developers.
For a detailed description of IAM and its features, see the IAM documentation. In particular, see the section on managing IAM policies.
Every Game Services API method requires the caller to have the necessary permissions. See Permissions and Roles for more information.
Permissions
This section summarizes the Game Servers permissions that IAM supports.
Required permissions
The following tables list the IAM permissions that are associated with Game Servers.
Realms method | Required permissions |
---|---|
realms.create |
gameservices.realms.create on the parent Google Cloud project. |
realms.delete |
gameservices.realms.delete on the requested realm. |
realms.get |
gameservices.realms.get on the parent realm. |
realms.list |
gameservices.realms.list on the parent Google Cloud project. |
realms.patch |
gameservices.realms.update on the requested realm. |
realms.previewUpdate |
gameservices.realms.get on the requested realm. |
Clusters method | Required permissions |
---|---|
realms.gameServerClusters.create |
gameservices.gameServerClusters.create on the parent realm. |
realms.gameServerClusters.delete |
gameservices.gameServerClusters.delete on the requested cluster. |
realms.gameServerClusters.list |
gameservices.gameServerClusters.list on the parent realm. |
realms.gameServerClusters.get |
gameservices.gameServerClusters.get on the requested cluster. |
realms.gameServerClusters.patch |
gameservices.gameServerClusters.update on the requested cluster. |
realms.gameServerClusters.previewCreate |
gameservices.gameServerClusters.get on the requested cluster. |
realms.gameServerClusters.previewDelete |
gameservices.gameServerClusters.get on the requested cluster. |
realms.gameServerClusters.previewUpdate |
gameservices.gameServerClusters.get on the requested cluster. |
Deployment method | Required permissions |
---|---|
gameServerDeployments.create |
gameservices.gameServerDeployments.create on the parent Google Cloud project. |
gameServerDeployments.delete |
gameservices.gameServerDeployments.delete on the requested deployment. |
gameServerDeployments.fetchDeploymentState |
gameservices.gameServerDeployments.get on the requested deployment. |
gameServerDeployments.get |
gameservices.gameServerDeployments.get on the requested deployment. |
gameServerDeployments.getRollout |
gameservices.gameServerDeployments.get on the requested deployment. |
gameServerDeployments.list |
gameservices.gameServerDeployments.list on the parent Google Cloud project. |
gameServerDeployments.patch |
gameservices.gameServerDeployments.update on the requested deployment. |
gameServerDeployments.previewRollout |
gameservices.gameServerDeployments.get on the requested deployment. |
gameServerDeployments.updateRollout |
gameservices.gameServerDeployments.rollout on the requested deployment. |
Config method | Required permissions |
---|---|
gameServerDeployments.configs.create |
gameservices.gameServerConfigs.create on the parent deployment. |
gameServerDeployments.configs.delete |
gameservices.gameServerConfigs.delete on the requested config. |
gameServerDeployments.configs.get |
gameservices.gameServerConfigs.get on the requested config. |
gameServerDeployments.configs.list |
gameservices.gameServerConfigs.list on the parent deployement. |
Roles
The following table lists the Game Servers IAM roles, including the permissions associated with each role:
Game Servers role | Permissions |
---|---|
roles/gameservices.viewer |
|
roles/gameservices.admin |
All roles/gameservices.viewer permissions, and:
|
The roles roles/owner
, roles/editor
, and roles/viewer
include permissions
for other Google Cloud services as well. For more information about roles, see
Understanding roles.
Custom roles
If the predefined IAM roles don't meet your needs, you can define custom roles
with permissions that you specify. To support this, IAM offers
custom roles.
When you create custom roles for Game Servers, make sure that you
include both resourcemanager.projects.get
and resourcemanager.projects.list
so that the role has permission to query project resources. Otherwise, the
Google Cloud console won't function correctly for Game Servers.