Roles and permissions

By default, when you create a new project, your Google account is set as the owner of the project with full permissions and access across all the project's resources and billing. In the roles section of the IAM page, https://console.cloud.google.com/iam-admin/roles/, you can add people to your project and define the role for that person. You can also create new custom roles on a service-by-service basis or allocate predefined roles organized by the services.

1. Go to the IAM page and select the project you just created, if it's not already selected: https://console.cloud.google.com/iam-admin/iam/project. You should see your Google account email as the owner of the project.
2. To add a new person to the project:
   1. Click on + ADD.
   2. Input the person's Google account email (it has to correspond to an active Google account).
   3. Select all the roles for that person, as shown in the following screenshot:

The role menu is organized by services and administrative domain (billing, logging, and monitoring), and for each service, by level of access. Although this differs depending on the service, you can roughly choose between four types of roles:

• Admin: Full control over the resources
• Client: Connectivity access
• Editor/creator: Full control except for user management, SSL certificates, and deleting instances
• Viewer: Read-only access

You can also create new custom made roles from the roles IAM page at https://console.cloud.google.com/iam-admin/roles/project?project=packt-gcp.

As you allocate new resources to your project, the platform creates the adequate and required roles and permissions between the services. You can view and manage these access permissions and associated roles from the info panel on the right of the manage resource page or the IAM page for the given project. Google does a great job of generating the right access levels, which makes the platform-user's life easier.