GSP190 —— IAM Custom Roles Table of Contents (🔎 Click to expand/collapse) GSP190 —— IAM Custom Roles Overview IAM Custom Roles Create a Custom Role Update a Custom Role Disable a Custom Role Delete a Custom Role Overview IAM Custom Roles Cloud IAM provides the ability to create customized Cloud IAM roles. We can create a custom Cloud IAM role and then grant that role to users. Represent form: <service>.<resource>.<verb>. Permissions usually, but not always, correspond 1:1 with REST methods. Custom roles can only be used to grant permissions in policies for the same project or organization that owns the roles or resources under them. Create a Custom Role To create a custom role, a caller must possess iam.roles.create permission. Use the gcloud iam roles create command to create new custom roles. By providing a YAML file that contains the role definition By using flags to specify the role definition. $ gcloud iam roles create <role-id> \ --project=<project-id> \ --file=<yaml-file-path> Update a Custom Role Disable a Custom Role Delete a Custom Role