0
0
GCPcloud~10 mins

Roles (basic, predefined, custom) in GCP - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Roles (basic, predefined, custom)
Start: Need to control access
Choose Role Type
Basic
Assign Permissions
Grant Role to User/Group
Access Controlled
This flow shows how you start with access control needs, choose a role type (basic, predefined, or custom), assign permissions, and then grant the role to users or groups to control access.
Execution Sample
GCP
gcloud projects add-iam-policy-binding my-project \
  --member='user:alice@example.com' \
  --role='roles/viewer'
This command assigns the basic Viewer role to user Alice on the project.
Process Table
StepActionRole TypePermissions AssignedResult
1Identify access needN/AN/ADecide who needs access and what
2Choose role typeBasicView, Edit, Owner setsSimple broad roles
3Assign roleBasicroles/viewerRead-only access granted
4Grant role to userBasicroles/viewerUser alice@example.com can view resources
5Choose role typePredefinedSpecific permissions for serviceMore precise control
6Assign rolePredefinedroles/storage.objectAdminManage storage objects
7Grant role to groupPredefinedroles/storage.objectAdminGroup can manage storage objects
8Choose role typeCustomUser-defined permissionsTailored access
9Create custom roleCustompermissions: compute.instances.start, compute.instances.stopCustom role created
10Grant role to userCustomCustom roleUser can start/stop instances
11EndN/AN/AAccess controlled as needed
💡 All roles assigned and granted to users/groups to control access
Status Tracker
VariableStartAfter Step 3After Step 6After Step 9Final
Role TypeNoneBasicPredefinedCustomCustom
PermissionsNoneView onlyStorage object adminStart/Stop instancesStart/Stop instances
Assigned ToNoneUser alice@example.comGroup storage-adminsUser bob@example.comUser bob@example.com
Key Moments - 3 Insights
Why choose a predefined role instead of a basic role?
Predefined roles give more precise permissions for specific services, unlike basic roles which are broad. See execution_table rows 5-7.
What is the benefit of a custom role?
Custom roles let you pick exact permissions needed, avoiding extra access. See execution_table rows 8-10.
Can a user have multiple roles?
Yes, users can have multiple roles combined to grant needed permissions. This is implied by assigning different roles in execution_table.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what permissions does the basic role 'roles/viewer' grant at step 3?
AFull control over all resources
BManage storage objects
CRead-only access to resources
DStart and stop compute instances
💡 Hint
Check the 'Permissions Assigned' column at step 3 in the execution_table
At which step is a custom role created with specific permissions?
AStep 6
BStep 9
CStep 3
DStep 10
💡 Hint
Look for 'Create custom role' action in the execution_table
If you want to give a group permission to manage storage objects, which role type and step should you refer to?
APredefined role at step 7
BBasic role at step 3
CCustom role at step 9
DBasic role at step 6
💡 Hint
Check the 'Assign role' and 'Grant role to group' actions in the execution_table
Concept Snapshot
Roles control access in GCP.
Basic roles: broad sets like Viewer, Editor, Owner.
Predefined roles: specific to services with fine permissions.
Custom roles: user-defined permissions for tailored access.
Assign roles to users/groups to grant access.
Full Transcript
This visual execution shows how GCP roles control access. First, you identify who needs access and what. Then you pick a role type: basic for broad access, predefined for service-specific permissions, or custom for exact permissions you choose. You assign the role and grant it to users or groups. The execution table traces steps assigning roles like Viewer, Storage Object Admin, and a custom role for starting/stopping instances. Variables track role types, permissions, and assignees. Key moments clarify why to pick predefined or custom roles. The quiz tests understanding of role permissions and assignment steps.