google-cloud-iam

来源： https://stackoverflow.com/questions/59770167/you-need-permissions-for-this-action-required-permissions-resourcemanager-pr

来源： https://stackoverflow.com/questions/63911573/gcp-terraform-removed-all-policies-how-can-i-revert

来源： https://stackoverflow.com/questions/63911573/gcp-terraform-removed-all-policies-how-can-i-revert

来源： https://stackoverflow.com/questions/63911573/gcp-terraform-removed-all-policies-how-can-i-revert

问题 We are developing a program that uses Google spreadsheets as the input. The values of the spreadsheet is read, processed and a result is showed in a webpage. When an user sign up we clone a spreadsheet from a template using a service account. The template has some scripts we want to use to help the user to introduce the values on the spreadsheet. But the scripts seems to have as the owner the service account, and according to Google scripts belonging to service accounts can not be executed.

问题 We are developing a program that uses Google spreadsheets as the input. The values of the spreadsheet is read, processed and a result is showed in a webpage. When an user sign up we clone a spreadsheet from a template using a service account. The template has some scripts we want to use to help the user to introduce the values on the spreadsheet. But the scripts seems to have as the owner the service account, and according to Google scripts belonging to service accounts can not be executed.

问题 Using Google Cloud, there exists a BigQuery View table that queries two projects. However, on the project where the view is located, we wish to run a query against it from Airflow/Composer. Currently it fails with a 403. AFAIK it will use the default composer service account - however it doesn't have access to the 2nd project used in the sql of the view. How do I give composer's service account access to the second project? 回答1: Think about a service account like a user account: you have a

问题 I am trying to use the Google Cloud Storage JSON API to retrieve files from a bucket using http calls. I am curling from a Container in GCE within the same project as the storage bucket, and the service account has read access to the bucket Here is the pattern of the requests: https://storage.googleapis.com/{bucket}/{object} According to the API console, I don't need anything particular as the service account provides Application Default Credentials. However, I keep having this: Anonymous

问题 I am working on a bitbucket pipeline for pushing image to gc container registry. I have created a service account with Storage Admin role. (bitbucket-authorization@mgcp-xxxx.iam.gserviceaccount.com) gcloud auth activate-service-account --key-file key.json gcloud config set project mgcp-xxxx gcloud auth configure-docker --quiet docker push eu.gcr.io/mgcp-xxxx/image-name Although that the login is successful, i get: Token exchange failed for project 'mgcp-xxxx'. Caller does not have permission

问题 When setting up the OS Login on one GCE instance I get a Permission denied message for a new user of the project. As per the Google Cloud documentation on OS Login, I've set metadata to enable-oslogin TRUE , and the permission for the user in the instance to roles/compute.osLogin , as there's no further Organization or service account required in this test case. Firewall rules are OK too. I've enabled the role Project Editor and it works, but I don't want the user to be an Editor nor a Viewer