0
0
GCPcloud~10 mins

Custom roles creation in GCP - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Custom roles creation
Define role permissions
Create role with name & description
Submit role creation request
GCP validates permissions
Role created and stored
Role available for assignment
This flow shows how you define permissions, create a custom role, submit it to GCP, and then the role becomes available for use.
Execution Sample
GCP
gcloud iam roles create customRoleName \
  --project=my-project \
  --title="Custom Role" \
  --description="Role with specific permissions" \
  --permissions=storage.buckets.get,storage.objects.list \
  --stage=GA
This command creates a custom role in a GCP project with specific storage permissions.
Process Table
StepActionInput/CommandGCP ResponseResult
1Define role name and permissionscustomRoleName, storage.buckets.get, storage.objects.listN/ARole details prepared
2Run gcloud create role commandgcloud iam roles create customRoleName --project=my-project --permissions=storage.buckets.get,storage.objects.listValidates permissionsPermissions checked
3GCP validates permissionsPermissions listPermissions validProceed to create role
4Role creation request sentRole detailsRole created successfullyRole stored in project
5Role availabilityN/ARole listed in project rolesRole ready for assignment
6ExitN/AN/AProcess complete
💡 Role created and available for assignment in the project
Status Tracker
VariableStartAfter Step 1After Step 2After Step 4Final
roleNameundefinedcustomRoleNamecustomRoleNamecustomRoleNamecustomRoleName
permissionsundefinedstorage.buckets.get, storage.objects.liststorage.buckets.get, storage.objects.liststorage.buckets.get, storage.objects.liststorage.buckets.get, storage.objects.list
roleStatusundefineddefinedvalidatedcreatedavailable
Key Moments - 3 Insights
Why do we need to validate permissions before creating the role?
GCP checks if the permissions you list are valid and allowed. This prevents creating roles with invalid or unsupported permissions, as shown in step 3 of the execution_table.
Can we create a role without specifying a project?
No, custom roles are created within a specific project or organization. The project flag is required to know where to store the role, as seen in step 2.
What happens if the permissions list is empty?
GCP will reject the role creation because a role must have at least one permission. This would fail validation in step 3.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the roleStatus after step 2?
Avalidated
Bundefined
Cdefined
Dcreated
💡 Hint
Check variable_tracker row for roleStatus after Step 2
At which step does GCP confirm the permissions are valid?
AStep 1
BStep 2
CStep 3
DStep 4
💡 Hint
Look at execution_table row describing permission validation
If you omit the --project flag, what will happen?
ARole will be created in default project
BGCP will reject the command
CRole will be created globally
DPermissions will be ignored
💡 Hint
Refer to key_moments about project requirement and step 2 in execution_table
Concept Snapshot
Custom roles let you bundle specific permissions.
Use gcloud iam roles create with role name, permissions, and project.
GCP validates permissions before creating the role.
Role is stored in the project and ready to assign.
Always specify project and valid permissions.
Full Transcript
Creating a custom role in GCP involves defining the role name and permissions, then running a gcloud command to create it in a specific project. GCP checks the permissions to ensure they are valid. Once validated, the role is created and stored in the project. The role then becomes available for assignment to users or service accounts. This process ensures you only create roles with valid permissions and within the correct project scope.