Hi Team,
I want to restrict the visibility of all the Instances and InstanceGroups
for the particular user by assigning IAM custom role a user.
I was trying to below IAM permissions and condition but all Instances and
InstanceGroups are visible tothe User when I am assigning the custom role
to a user. could someone please assist on this scenario. Thanks in advance!!
*IAM condition:*
*{ "expression": "resource.type == \"compute.googleapis.com/Instance\"
&&\nresource.name.startsWith(\"projects/sixth-emissary-308304/zones/us-central1-a/instances/docker-\")",
"title": "test-con", "description": "test" }*
or tried this one as well.
{ "expression": "resource.type ==
\"cloudresourcemanager.googleapis.com/Project\"
&&\nresource.name.startsWith(\"instance-group\")", "title":
"test-condition", "description": "" }
*Custom-role and permissions:*
- compute.autoscalers.list
- compute.disks.create
- compute.disks.delete
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.list
- compute.instanceGroupManagers.update
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instanceGroups.use
- compute.instanceTemplates.useReadOnly
- compute.instances.create
- compute.instances.list
- compute.instances.setMetadata
- compute.regions.list
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- iam.serviceAccounts.actAs
- iam.serviceAccounts.get
- iam.serviceAccounts.getIamPolicy
- iam.serviceAccounts.list
- iam.serviceAccounts.setIamPolicy
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-appengine+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/7484cac8-bddc-46ca-a5c0-b052715a88b2n%40googlegroups.com.
