Search code examples
google-cloud-platformgoogle-iam

Assigning role to Group in GCP causing Role does not exist in the resource's hierarchy

I am trying to assign below role to group in Gcp

Role : - Service Consumer

role id: - roles/servicemanagement.serviceConsumer

Command:- gcloud projects add-iam-policy-binding Project_id --member=group:group1 --role=roles/servicemanagement.serviceConsumer

Error : -

ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.

ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Role (roles/servicemanagement.serviceConsumer) does not exist in the resource's hierarchy.

Solution

  • It appears the the service management roles are only applicable to Cloud Endpoints services:

    gcloud endpoints services add-iam-policy-binding ${SERVICE} \
--member:group:${GROUP_EMAIL} \
--role=roles/servicemanagement.serviceConsumer

    See: https://cloud.google.com/service-infrastructure/docs/service-management/access-control#managing_access_using_cloud_sdk

    NOTE (Google) Groups values should be an email address of the form name@somewhere.com.