0
0
GcpHow-ToBeginner · 3 min read

How to Assign Roles in GCP: Step-by-Step Guide

To assign a role in GCP, use the gcloud projects add-iam-policy-binding command or the GCP Console IAM page to grant a specific role to a member. This controls what actions the member can perform on your GCP resources.
📐

Syntax

The basic syntax to assign a role using the gcloud CLI is:

  • gcloud projects add-iam-policy-binding [PROJECT_ID]: Specifies the project where the role is assigned.
  • --member=[MEMBER]: Defines who gets the role, e.g., a user or service account.
  • --role=[ROLE]: The role to assign, like roles/viewer or roles/editor.
bash
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member='MEMBER' \
  --role='ROLE'
💻

Example

This example assigns the Viewer role to a user on a project using the gcloud CLI.

bash
gcloud projects add-iam-policy-binding my-sample-project \
  --member='user:alice@example.com' \
  --role='roles/viewer'
Output
Updated IAM policy for project [my-sample-project].
⚠️

Common Pitfalls

Common mistakes when assigning roles include:

  • Using incorrect member format (e.g., missing user: prefix).
  • Assigning overly broad roles like roles/editor when a more limited role is sufficient.
  • Not having the necessary permissions to change IAM policies.
  • Forgetting to specify the correct project ID.
bash
### Wrong: Missing user prefix
# gcloud projects add-iam-policy-binding my-sample-project \
#   --member='alice@example.com' \
#   --role='roles/viewer'

### Right:
gcloud projects add-iam-policy-binding my-sample-project \
  --member='user:alice@example.com' \
  --role='roles/viewer'
📊

Quick Reference

Remember these tips when assigning roles in GCP:

  • Always specify the member type: user:, serviceAccount:, group:, or domain:.
  • Use the principle of least privilege by assigning only needed roles.
  • Check your permissions before modifying IAM policies.
  • Use the GCP Console IAM page for a visual way to assign roles.

Key Takeaways

Use the gcloud CLI or GCP Console to assign roles to members in a project.
Always specify the member type prefix like user: or serviceAccount: correctly.
Assign only the minimum role needed to follow least privilege security.
Ensure you have permission to update IAM policies before assigning roles.
Double-check the project ID and role name to avoid errors.

Related by keyword

How to Configure gcloud CLI in GCP: Step-by-Step GuideGetting StartedHow to Create a GCP Account: Step-by-Step GuideGetting StartedHow to Create a Project in GCP: Step-by-Step GuideGetting StartedHow to Install gcloud CLI in GCP: Step-by-Step GuideGetting StartedHow to Create an Image in GCP: Step-by-Step GuideCompute Engine

Up next

What is GCP Used For: Key Uses of Google Cloud PlatformWhat is Google Cloud Platform: Overview and Use CasesHow to Auto Scale in GCP: Setup and Best PracticesHow to Choose Machine Type in GCP: Simple Guide

More in IAM

How to Create a Service Account in GCP: Step-by-Step GuideHow to Manage Permissions in GCP: Simple GuideHow to Use Workload Identity in GCP: Simple GuidePrinciple of Least Privilege in GCP: What It Means and How to Use It