Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Permissions for creating OAuth credentials in Google Cloud

Tags:

permissions

google-app-engine

google-cloud-platform

Using IAM, I am trying to allow certain users to access API's and allow them to create OAuth client credentials. Is there a predefined role for allowing this? I don't want to use the role of project editor, because I'm trying to allow access to only the necessary services.

It's when the user is in their project, and they go to "APIs and Services" > Credentials, the user receives this error: You don't have permission to view API keys, OAuth clients, and service account keys.

Roles/Permissions: -App Engine Admin -Cloud Functions Developer -Cloud Datastore Owner -Service Account Admin -Source Repository Administrator -Storage Admin

like image 349
bryce Avatar asked Apr 16 '18 15:04

bryce

1 Answers

So I believe I've come across the solution. After failing to find a predefined role or any answers online, I started to delve into creating custom roles. If anyone has issues with this in the future, here is what I have done.

I went to Project Settings > Roles > Create Role. I then created 2 custom Roles, here are all the permissions I assigned to them:

"Custom API"

  • container.apiServices.create
  • container.apiServices.delete
  • container.apiServices.get
  • container.apiServices.list
  • container.apiServices.update
  • container.apiServices.updateStatus
  • serviceusage.apiKeys.create
  • serviceusage.apiKeys.delete
  • serviceusage.apiKeys.get
  • serviceusage.apiKeys.getProjectForKey
  • serviceusage.apiKeys.list
  • serviceusage.apiKeys.regenerate
  • serviceusage.apiKeys.revert
  • serviceusage.apiKeys.update

"Custom Client Auth"

  • clientauthconfig.brands.create
  • clientauthconfig.brands.delete
  • clientauthconfig.brands.get
  • clientauthconfig.brands.list
  • clientauthconfig.brands.update
  • clientauthconfig.clients.create
  • clientauthconfig.clients.createSecret
  • clientauthconfig.clients.delete
  • clientauthconfig.clients.get
  • clientauthconfig.clients.getWithSecret
  • clientauthconfig.clients.list
  • clientauthconfig.clients.listWithSecrets
  • clientauthconfig.clients.undelete
  • clientauthconfig.clients.update

*Note that at the time of writing, these individual permissions are in a "testing" state, and may not work as intended.

like image 165
bryce Avatar answered Nov 07 '22 01:11

bryce
Sign in to Comment

Related questions

Firebase user returns null metadata for already signed up users
Display data from firebase to HTML table
Kubernetes Dashboard "is forbidden" all over the site
Put entity consistently slow on Python Cloud Datastore
Angular2Firebase query by multiple values whereIN
I don't have access to custom claims from firestore security rules
Triggering a build for a specific git commit via gcloud commandline tool
Firebase Cloud Firestore can not load data
Google Datastore Composite index issue
Firebase Cloud Function to resize image on firestore create
Error on Google Assistant while no error on Dialogflow
400 Error while reading data using pandas to_gbq to create a table in Google BigQuery
Google Cloud Function and Service Account
Where is the Spark UI on Google Dataproc?
Your application has authenticated using end user credentials from the Google Cloud SDK which are not supported by the translate.googleapis.com
Send notification to only one user in firebase [closed]
Unable to Create Google Cloud Console Project
RESTFul Service Framework for AppEngine
Google App Engine: appcfg.py rollback
FCM Vs GCM? Why we need to migrate from GCM to FCM [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!