GCPcloud~20 mins

Roles (basic, predefined, custom) in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Creating and Assigning GCP Roles: Basic, Predefined, and Custom

📖 Scenario: You are managing access control in a Google Cloud Platform (GCP) project. You want to understand how to create and assign different types of roles: basic roles, predefined roles, and custom roles.This project will guide you step-by-step to create a custom role, assign a basic role, and assign a predefined role to a user in your GCP project.

🎯 Goal: Build a simple GCP IAM configuration that includes:A variable holding the project ID.A variable holding the user email to assign roles.A custom role definition with specific permissions.Assignments of a basic role, a predefined role, and the custom role to the user.

📋 What You'll Learn

Create a variable called project_id with the exact value "my-gcp-project".

Create a variable called user_email with the exact value "user@example.com".

Define a custom role called customRole with the title "Custom Viewer" and the permission "storage.buckets.get".

Assign the basic role roles/viewer to the user.

Assign the predefined role roles/storage.objectViewer to the user.

Assign the custom role customRole to the user.

💡 Why This Matters

🌍 Real World

Managing access control in GCP projects is essential for security and proper resource management. This project simulates how to define and assign roles to users.

💼 Career

Cloud engineers and administrators often create and assign roles to control who can do what in cloud environments. Understanding roles is key to secure cloud infrastructure.

Progress0 / 4 steps

Set up project and user variables

Create a variable called project_id and set it to "my-gcp-project". Also create a variable called user_email and set it to "user@example.com".

GCP

# Create variables project_id and user_email
# Your code here

Need a hint?

Use simple variable assignments with exact string values.

Define a custom role

Define a dictionary called customRole with keys title set to "Custom Viewer" and permissions set to a list containing "storage.buckets.get".

GCP

project_id = "my-gcp-project"
user_email = "user@example.com"
# Define the customRole dictionary here
# Your code here

Need a hint?

Use a dictionary with exact keys and values as specified.

Assign basic and predefined roles to the user

Create a list called role_assignments containing three dictionaries. The first dictionary assigns the basic role roles/viewer to user_email. The second dictionary assigns the predefined role roles/storage.objectViewer to user_email. The third dictionary will be added in the next step.

GCP

project_id = "my-gcp-project"
user_email = "user@example.com"
customRole = {
    "title": "Custom Viewer",
    "permissions": ["storage.buckets.get"]
}
# Create role_assignments list with basic and predefined roles assigned to user_email
# Your code here

Need a hint?

Use a list of dictionaries with exact keys role and member. Use f-strings for member values.

Add custom role assignment to the user

Add a third dictionary to the role_assignments list that assigns the custom role customRole to user_email. Use the role name "projects/my-gcp-project/roles/customRole" exactly.

GCP

project_id = "my-gcp-project"
user_email = "user@example.com"
customRole = {
    "title": "Custom Viewer",
    "permissions": ["storage.buckets.get"]
}
role_assignments = [
    {"role": "roles/viewer", "member": f"user:{user_email}"},
    {"role": "roles/storage.objectViewer", "member": f"user:{user_email}"}
]
# Add custom role assignment dictionary to role_assignments list
# Your code here

Need a hint?

Append the custom role assignment dictionary exactly as shown.