Trying to create a Project in the Google cloud platform. However, I am unable to due to not having permission to create projects in this location.
I currently have no projected created. So when I try to add myself or another user to the Google IAM & Admin page, it will not allow me because it says I do not have any projects to select.
Is there another way to enable Organization Administrator and Project Creator for Google IAM?
In order to create a Project you should have the proper permissions, mentioned in Creating a project:
To create a project, you must have the ´resourcemanager.projects.create´ permission. This permission is included in the Project Creator ´roles/resourcemanager.projectCreator´ role, which is granted by default to the entire domain of a new organization and to free trial users. For information on how to grant individuals the role and limit organization-wide access, see the Managing Default Organization Roles page.
Given this, you should ask your Organization administrator to grant your user this Role.
You can create a project through the gCloud SDK:
To create a new project, use the gcloud projects create command:
gcloud projects create PROJECT_ID
Where ´PROJECT_ID´ is the ID for the project you want to create. A project ID must start with a lowercase letter, and can contain only ASCII letters, digits, and hyphens, and must be between 6 and 30 characters.
To create a project with an organization or a folder as parent, use the --organization or --folder flags. As a resource can only have one parent, only one of these flags can be used:
gcloud projects create PROJECT_ID --organization=ORGANIZATION_ID
gcloud projects create PROJECT_ID --folder=FOLDER_ID
Related
Is it possible to provide a reduced set of permissions to allow a user permission to add other users to a project without being a full blown administrator? Adding a user as a Project Admin provides to more access which is a huge security issue.
You could add user as contributor or Project Valid Users with limited access. Please see Project-level groups
Contributors: Has permissions to contribute fully to the project code base and work item tracking. The main permissions they don't have are those that manage or administer resources.
Project Valid Users: Has permissions to access and view project information.
Besides, you could also create a custom group to grant or restrict permissions in project setting >> permission >> new group. Then, change permission for the group.
I want to create a user via gcloud tools in terminal not using the user interface.
I can create a service account using gcloud tools like this: gcloud iam service-accounts create my-service-account --display-name="My Service Account" and give it permissions like this gcloud projects add-iam-policy-binding project-name --member="serviceAccount:my-service-account#project-name.iam.gserviceaccount.com" --role="roles/editor"
I can't find the way to do this for a user instead of a service account. The closest I could find was to run: gcloud projects add-iam-policy-binding my-project --member="user:person#gmail.com" --role="roles/editor" which results in the error ERROR: Policy modification failed because the user does not exist. If I create the user manually in the user interface then adding roles works.
How do I create the user via gcloud? This is what it looks like in the user interface..
Turns out gcloud projects add-iam-policy-binding my-project --member="user:person#gmail.com" --role="roles/editor" does 'add' the user.
Re: Kolban's comment. There might be a misunderstanding since I don't want to create a gmail user I just want to do the equivalent of adding them (+ADD button above) and type into the "new principals" textbox and add a role. Above code works.
The Add Button in the permissions pages (IAM) does not result in the creation of a new user (i.e. it does not ADD a user). Instead, what the add means is that we are adding permissions to the authority of the user. Clicking add allows us to name an existing identity and also the role we wish to add to the user.
The equivalent gcloud command would be gcloud projects add-iam-policy-binding that is currently documented in the GCP documentation here.
I'am recently installed Azure DevOps Server 2019 in on-premises server.
However, i'am so confused : How i can set the security and the user permission in the server, such as : Deny user to view author project in the same collection , create custom group not in the azure devops default groups ...
I ask for idea to implement that
Thank you
According to Azure DevOps permission setting, most groups and almost all permissions, Deny trumps Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user will not be able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
Deny user to view author project in the same collection.
Assume you were talking about team project. In your scenario, the simplest way is not add that user to your team project. People without team project collection admin permission will not be able to see those projects which they are not added in.
If you already add users in the team project and want the user not be able to see some info such as repo/build/work items in the project .
You need to evidently deny those users for viewing some project repositories/builds/ work items.
As how to create group, you could directly click New Group in the right top corner of the page from Project Settings-- Permission
More details about how are permissions and groups defined, suggest you go through our official doc here-- About permissions and groups
Besides, you could also manage user permission with the help of command line. The tfssecurity command line tool allows us to manage permissions for Azure DevOps groups and users. We could use it in a PowerShell script to grant access to projects that already exists.
Who has access to open pod terminals through the openshift web console? What permissions need to be given for this?
Any user that has edit or admin role in the project which the application is running in, can create a terminal session for pods running in that project.
oc adm policy add-role-to-user edit <collaborator>
The purpose of the different roles you can grant are:
admin - A project manager. The user will have rights to view any resource in the project and modify any resource in the project except for quota. A user with this role for a project will be able to delete the project.
edit - A user that can modify most objects in a project, but does not have the power to view or modify roles or bindings. A user with this role can create and delete applications in the project.
view - A user who cannot make any modifications, but can see most objects in a project.
A user with view role cannot create a terminal session as that would mean they could modify things.
I am currently part of several organizations, which I have been previously invited to. I would like to create a new organization solely for myself. According to the documentation (https://www.ng.bluemix.net/docs/admin/index.html#orgmng) I should be able to go to 'Manage Organizations' and click 'Create an organization', but I do not have this option. How should I go about creating an organization?
For the public version of Bluemix Trial accounts can only create one organisation (which is created the first time you log in). If you add credit card details and move to a "PayGo" account then you are able to create multiple organisations.
On the dedicated or local deployments of Bluemix all admins are given the permissions to create their own organisations.
Only account owners with Pay-As-You-Go accounts can create an organization. You can create an organization by completing the following steps:
Using Bluemix Web GUI:
Click Account > Manage Organizations page.
Click Add a New Org.
Enter the org name.
Click Add.
Using Bluemix admin CLI
- cf ba create-organization <organization> <manager>
Where
<organization>: The name or GUID of the Bluemix org to add.
<manager>: The user name of the manager for the org.