In this guide, you learn how to share a catalog with users in your organization.
After you assign solutions to a catalog, you must share the catalog to a Google Cloud resource, such as a project, folder, or organization. Users who have access to the resource can then view and launch the catalog's solutions. When users browse Private Catalog, they only see solutions from catalogs that have been shared with them.
Before you begin
- You must have the Catalog Admin
roles/cloudprivatecatalogproducer.admin) OR Catalog Manager (
roles/cloudprivatecatalogproducer.manager) role for the Google Cloud project where Private Catalog is enabled, and the folder, project, or organization where you're sharing the catalog. If you don't have either role, contact your Organization Administrator to request access.
Grant the following Identity and Access Management (IAM) roles to users who will use the shared catalog:
- Catalog Consumer
roles/cloudprivatecatalog.consumer) OR the IAM Viewer (
roles/viewer) role for the relevant organization, project, or folder. Most users access Private Catalog using the IAM Viewer role.
- If your catalog contains DM-based solutions, the Deployment Manager
roles/deploymentmanager.editor) role for the project where your users deploy the solution.
For steps on granting IAM roles, see Granting, changing, and revoking access to resources. For details on Private Catalog's IAM roles and permissions, see Access control.
- Catalog Consumer (
Sharing a catalog
Make sure to share the catalog to a resource that your users can access. End users can only see catalogs that are shared to a Google Cloud organization, folder, or project that they have access to.
If you're sharing a catalog with a new project, users are prompted to enable the Private Catalog API when launching a solution. If launching a DM-based solution to a new project, they are also prompted to enable the Cloud Deployment Manager API.
To share a catalog:
- In the Cloud Console, go to the Private Catalog Admin page.
Go to the Private Catalog Admin page
- Click Select to choose the Google Cloud project.
- Go to the Catalogs page.
- From the list of catalogs, click the catalog name.
On the Catalog Details page, click SHARE.
Select a folder, organization, or project that you want to share the catalog with, and then click Select.
Users who have access to the shared catalog can now view and launch its solutions.
Unsharing a catalog
When you unshare a catalog, users who had access to the catalog can no longer view or deploy its solutions. Unsharing a catalog doesn't affect your users' existing deployments.
To unshare a catalog:
- On the Catalog Details page, go to the SHARING tab.
- In the Shared with table, click UNSHARE for any organization, folder, or project from which you want to unshare the catalog.
- Click CONFIRM.
Your catalog is no longer shared with the resource.