Solved: In IAM what is the current name for "Compute Share... - Page 2

Larry2 · 11-28-2024 06:28 PM

The Shared VPC documentation says that setting up the Host VPC requires "Compute Shared VPC Admin" or compute.xpnAdmin permissions. When using AIM Grant Access form, the Select a Role filter says No Matches when I search for either of those terms.

What is the correct IAM Role to assign for Host VPC Administrators?

Note: I found one "Solved" question but it references the same terms that don't appear in IAM.

https://www.googlecloudcommunity.com/gc/Data-Analytics/The-caller-does-not-have-permission-Cloud-Com...

Larry2

SOLVED! The "Compute Shared VPC Admin" role can only be assigned at the FOLDER or ORG level, not at the Project level. (whine: it'd be nice if that was noted somewhere in IAM or the VPC docs. The Shared VPC doc kinda almost says this but it's not particularly clear that this is NOT a Project Role)

I found this solution buried in stackoverflow responses. THANK YOU Stackoverflow!

https://stackoverflow.com/questions/66700942/googleapi-error-403-required-compute-organizations-enab...

View solution in original post

Larry2

In an idealer world I suggest the following Use Cases:

UC1
- from a Project, open IAM Grant Access and "Assign Role" Filter
- start typing something like "Compute Shared VPC Admin"
- Filter results include "Compute Shared VPC Admin" in RED with hover text indicating "Only assignable to an Organization or Folder"
UC2
- enter a Filter like "compute/xpnAdmin"
- Filter results include Roles that include compute/xpnAdmin
- Again, RED (or similar) if the role exists but is not usable in the current context

View solution in original post

In IAM what is the current name for "Compute Shared VPC Admin"