Grant users repository access

This page describes how to grant repository-level roles to users, groups, and service accounts in the Secure Source Manager web interface.

For information on which roles to grant for a certain use-case, see Repository role management.

Required roles

To get the permissions that you need to grant users repository-level roles, ask your administrator to grant you the following IAM roles:

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

For information on granting Secure Source Manager roles, see Access control with IAM and Grant users instance access.

Grant users repository-level roles

Users, groups, and service accounts must be granted the Instance Accessor role (roles/securesourcemanager.instanceAccessor) or Instance Repository Creator role (roles.securesourcemanager.instanceRepositoryCreator) before they can be granted repository roles. For information on granting instance roles, see Grant or revoke instance roles with Secure Source Manager API.

If you're authenticating to Secure Source Manager using a third-party identity provider and Workforce Identity Federation, then principals must be added to your workforce identity pool, and granted at least the Instance Accessor role (roles/securesourcemanager.instanceAccessor). For information about managing workforce identity pools, see Manage workforce identity pools and providers.

You can use the Secure Source Manager API or the Secure Source Manager web interface to grant users, groups, and service accounts repository-level roles. For more information, see Access control with IAM.

To grant users or service accounts repository-level roles using the web interface:

  1. To access the Secure Source Manager instance through its web interface, copy the following URL into your browser address bar.

    INSTANCE_ID-PROJECT_NUMBER.LOCATION.sourcemanager.dev

    Replace the following:

    • INSTANCE_ID with the instance name.
    • PROJECT_NUMBER with the instance's Google Cloud project number. For information on identifying projects, see Identifying projects.
    • LOCATION with the instance's region.

  2. From the My repositories page, Select your repository.
  3. Click the Permissions tab.
  4. In the People and permissions section, click Add users.
  5. In the Add principal field, enter the email of the user or service account you want to grant the role to.
  6. In the Assign a role menu, select the role to assign.
  7. Click Save.

To add additional roles click the edit Edit icon and add the roles using the Assign a role menu.

What's next