4

Is there any way to list the permissions associated with a (custom) role in Google Cloud Platform IAM using gcloud? I can find how to list the roles, but not the permissions associated with a given role.

Improve this question

2 Answers 2

Reset to default
7

You can list the permissions associated with a role using this command. Replace the role name with your custom role name.

gcloud iam roles describe roles/editor

Documentation: gcloud iam roles describe

Improve this answer
5
  • This does not seem to work with the custom roles. The error is as follows ERROR: (gcloud.beta.iam.roles.describe) Invalid value for [ROLE_ID]: The role id that starts with 'roles/' only stands for curated role. Should not specify the project or organization for curated roles
    – noob
    Jul 28, 2021 at 8:25
  • @noob - What command are you running? The command in my answer is correct. If you mean that you created a custom role, then use the custom role name instead of roles/editor
    – John Hanley
    Jul 28, 2021 at 8:29
  • This is the command I am using - gcloud iam roles describe roles/CustomRole --project=my-project this works for the curated roles, but not for the custom roles for me.
    – noob
    Jul 28, 2021 at 8:32
  • 2
    @Remove roles/ and use the custom role name. You will need to look up the role ID and use the last part as in MyCustomRole43. In my answer roles/editor is the role name, the roles portion is not part of a custom role except when specifying the full role ID. You will also need to specify the project for custom roles as they are project specific. All of this is documented.
    – John Hanley
    Jul 28, 2021 at 8:39
  • Thanks, removing the roles/ prefix worked.
    – noob
    Jul 28, 2021 at 9:16
1

for predefined role: gcloud iam roles describe roles/[roleid]

for custom role: gcloud iam roles describe [roleid] --project=[projectid]

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .