Skip to Main Content
DoiT logo
Status Shipped
Pillar Core Platform
Categories Cloud Connect
Created by Guest
Created on Apr 29, 2021

CMP access setup - Verify that a user has proper org-level GCP permissions

GCP users are often confused that having Owner role in their GCP org grants them full access to the org while it only grants access to org's projects and in fact Security Admin role is required to perform steps listed in the CMP setup guide [1]. I suggest to either explicitly state in the [1] guide that Security Admin role is required to suggest to run the one-liner as I conjured below (there is no way to test permissions with gcloud): curl -s -XPOST -H "Content-Type: application/json; charset=utf-8" -H "Authorization: Bearer $(gcloud auth print-access-token)"$ORG:testIamPermissions -d '{ "permissions": [ "resourcemanager.organizations.setIamPolicy" ]}' |grep -v '{}' >/dev/null || ( echo -e "\nError: Please make sure your user has Security Admin role in your GCP Organization\n"; exit 1 ) && echo 'All good' [1]
  • Attach files