0
0
GcpConceptBeginner · 3 min read

Custom Role in GCP: Definition, Example, and Use Cases

A custom role in GCP is a user-defined set of permissions tailored to specific needs, unlike predefined roles that have fixed permissions. It lets you control exactly what actions users or services can perform on your Google Cloud resources.
⚙️

How It Works

Think of a custom role like creating your own job description for someone in your team. Instead of using a standard job description that might include tasks they don't need to do, you pick only the tasks relevant to their work. In GCP, this means you select specific permissions from a large list to build a role that fits your exact security and operational needs.

When you create a custom role, you choose permissions such as reading data, writing data, or managing resources. Then, you assign this role to users or service accounts. This way, they get only the access they need, which helps keep your cloud environment safe and organized.

💻

Example

This example shows how to create a simple custom role using the gcloud command-line tool. The role allows viewing and listing storage buckets but not modifying them.

bash
gcloud iam roles create CustomStorageViewer \
  --project=my-project-id \
  --title="Custom Storage Viewer" \
  --description="Can view and list storage buckets" \
  --permissions=storage.buckets.get,storage.buckets.list \
  --stage=GA
Output
Created role [projects/my-project-id/roles/CustomStorageViewer].
🎯

When to Use

Use custom roles when predefined roles give too much or too little access. For example, if you want a user to only read storage buckets but not delete or create them, a custom role lets you pick just those permissions.

Custom roles are helpful in organizations with strict security rules or unique workflows. They ensure users have the right access without risking accidental changes or data leaks.

Key Points

  • Custom roles let you tailor permissions to specific needs.
  • They improve security by limiting access to only what is necessary.
  • You create and manage custom roles using the GCP Console, gcloud CLI, or APIs.
  • Custom roles can be assigned to users, groups, or service accounts.

Key Takeaways

Custom roles in GCP let you define precise permissions tailored to your needs.
They help improve security by limiting user access to only necessary actions.
You create custom roles using GCP Console, CLI, or APIs.
Assign custom roles to users or services to control their cloud resource access.

Related by keyword

What is a GCP Project: Definition and Usage ExplainedGetting StartedWhat is Instance Group in GCP: Explanation and ExampleCompute EngineWhat is Instance Template in GCP: Definition and UsageCompute EngineWhat is Spot VM in GCP: Definition and UsageCompute EngineWhat is Cloud Functions in GCP: Simple Explanation and Use CasesCloud Functions

Up next

What is GCP Used For: Key Uses of Google Cloud PlatformWhat is Google Cloud Platform: Overview and Use CasesHow to Auto Scale in GCP: Setup and Best PracticesHow to Choose Machine Type in GCP: Simple Guide

More in IAM

How to Assign Roles in GCP: Step-by-Step GuideHow to Create a Service Account in GCP: Step-by-Step GuideHow to Manage Permissions in GCP: Simple GuideHow to Use Workload Identity in GCP: Simple Guide