Access control in Google Cloud Platform is controlled using Cloud Identity and Access Management (Cloud IAM). Cloud IAM allows you to set permissions specifying who has what kind of access to which resources in your project.
Google Cloud Source Repositories uses IAM for access control. You can use IAM to add team members to your project and to grant them permissions to create, view, and update repositories.
This page explains describes the IAM permissions and roles that apply to Cloud Source Repositories.
With IAM, every action on a repository in Cloud Source Repositories requires that the account initiating the action has the appropriate permissions. You do not grant specific permissions to an account. Instead, you grant a role that contains the appropriate set of permissions.
The following table describes the permissions available in Cloud Source Repositories.
||List repositories within the project.|
||Create a new repository within the project.|
||Clone, fetch, browse on the web.|
||Push new changes to the repository.|
||Change the repository configuration.|
||Read/view the IAM policy of a repository.|
||Change the IAM policy of a repository.|
||Read/view the GCP project configuration.|
||Change the GCP project configuration.|
You assign permissions to accounts through the use of roles. The following table lists the roles available for Cloud Source Repositories.
||Source Repository Reader|
||Source Repository Writer|
||Source Repository Administrator|
Roles and permissions matrix
Use the table below to select the appropriate role for an account, based on the types of actions you want that account to perform.
|Clone, fetch and browse repositories|
|Update repository configurations|
|View IAM policies|
|Set IAM policies|
|View GCP project configurations|
|Update GCP project configurations|
In addition to the predefined roles, Cloud Source Repositories also supports custom roles. For more information, see Creating and Managing Custom Roles in the Cloud IAM documentation.
Granting member access
In Google Cloud IAM, you grant access to members. There are multiple types of members. For a complete list, see Concepts related to identity.
For specific steps on granting member access, see Granting, Changing, and Revoking Access to Resources.
You cannot make a GCP repository public. As a result, Cloud Source Repositories does not support the following member types: