Agreed. *gcloud app create* <https://cloud.google.com/sdk/gcloud/reference/app/deploy> under the hood essentially invokes *app.create* <https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps/create> which requires very wide reaching *https://www.googleapis.com/auth/cloud-platform *scope. I've submitted some feedback to the documentation suggesting that app creation requirements be mentioned on the Access Control article <https://cloud.google.com/appengine/docs/java/access-control#predefined_roles_comparison_matrix> as it does relate to App Engine actions while requiring permissions outside the App Engine.
On Thursday, February 16, 2017 at 11:09:56 AM UTC-5, Dave Chen wrote: > > Hi Nick, thanks very much for confirming what we had seen. Looking at the > Access Control article it was not apparent that Project Owner was required > for the first step. > Best, > -dave > > > On Monday, February 13, 2017 at 11:24:56 AM UTC-5, Dave Chen wrote: >> >> Simple question: I'm trying to setup a new project with a user to >> administer and deploy AppEngine applications. Ideally the user will have as >> limited an IAM role as possible. My first try is to give the user >> - Project Editor >> - AppEngine.admin >> >> But when running ``gcloud app create`` the return is "insufficient >> permissions". I've not been able to find this described in the >> documentation--can someone please lend a hand? >> Thanks! >> -dave >> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/43088278-c256-496b-9936-cacc883796a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
