Predefined Roles in GCP: What They Are and How to Use Them
predefined roles are sets of permissions created and maintained by Google to help users assign specific access rights easily. They provide fine-grained control over resources without needing to create custom roles from scratch.How It Works
Think of predefined roles in GCP like ready-made job descriptions for cloud resources. Instead of writing your own list of tasks (permissions) for each person, Google offers standard roles that fit common jobs, such as viewing data, managing storage, or administering networks.
When you assign a predefined role to someone, you give them exactly the permissions needed for that role’s tasks—no more, no less. This helps keep your cloud environment safe and organized, just like giving a key that only opens certain doors in a building.
Example
This example shows how to assign the predefined role roles/storage.objectViewer to a user using the gcloud command-line tool. This role allows the user to view objects in Cloud Storage buckets.
gcloud projects add-iam-policy-binding my-project-id \ --member='user:alice@example.com' \ --role='roles/storage.objectViewer'
When to Use
Use predefined roles when you want to quickly assign common sets of permissions without creating your own roles. They are ideal for standard tasks like viewing logs, managing virtual machines, or accessing storage.
For example, if you want a team member to only read data from a storage bucket but not change it, assign the roles/storage.objectViewer predefined role. This saves time and reduces mistakes compared to manually setting each permission.
Key Points
- Predefined roles are created and maintained by Google for common cloud tasks.
- They provide fine-grained permissions tailored to specific jobs.
- Using predefined roles helps keep permissions secure and simple to manage.
- You can assign predefined roles via the GCP Console, CLI, or APIs.
- If predefined roles don’t fit your needs, you can create custom roles.