Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud
? I can find how to list the roles, but not the permissions associated with a given role.
2 Answers
You can list the permissions associated with a role using this command. Replace the role name with your custom role name.
gcloud iam roles describe roles/editor
Documentation: gcloud iam roles describe
-
This does not seem to work with the custom roles. The error is as follows
ERROR: (gcloud.beta.iam.roles.describe) Invalid value for [ROLE_ID]: The role id that starts with 'roles/' only stands for curated role. Should not specify the project or organization for curated roles
– noobJul 28, 2021 at 8:25 -
@noob - What command are you running? The command in my answer is correct. If you mean that you created a custom role, then use the custom role name instead of
roles/editor
Jul 28, 2021 at 8:29 -
This is the command I am using -
gcloud iam roles describe roles/CustomRole --project=my-project
this works for the curated roles, but not for the custom roles for me.– noobJul 28, 2021 at 8:32 -
2@Remove
roles/
and use the custom role name. You will need to look up the role ID and use the last part as in MyCustomRole43. In my answerroles/editor
is the role name, theroles
portion is not part of a custom role except when specifying the full role ID. You will also need to specify the project for custom roles as they are project specific. All of this is documented. Jul 28, 2021 at 8:39 -
for predefined role:
gcloud iam roles describe roles/[roleid]
for custom role:
gcloud iam roles describe [roleid] --project=[projectid]