This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unclear why I can't add sheets/drive permission for a custom role

Posted on 02-04-2025 12:54 AM
gcloudfng
New Member
Reply posted on --/--/---- --:-- AM

I'm encountering a problem creating a custom role in "IAM & Admin / Roles / Create role" with the intention of granting a service account access to Google Drive and Google Sheets.

Steps I've taken:

  • Created a Google Cloud project.
    Did not use an organization
    Enabled the Google Drive API and Google Sheets API.
    Verified both APIs are enabled
    Created Service Account
    Created Custom Role
    Successfully assigned "storage.objects.create" permission to role
    I checked Organization policies, and it's the 12 that the account started with.
    None of them look like they should impact this

  • Navigated to "IAM & Admin / Roles / Create role. (really edit)"
    Clicked "+ Add Permissions."
    Filtered by "sheet" nothing shows up
    Paged through a crazy number of permissions, didn't see anything that looks like it would be the permission I'm looking for.

  • Navigated to "IAM & Admin/Service Accounts/Service Account/Permissions"
    Clicked on "View By Roles"
    Only "Owner" Hierarchy shows up with Owner account under it.
    Expected to see my service account and custom role
    Clicked on "Grant Access"
    Under "Add Principals" Tried to find custom role, didn't find it
    Entered my service account pseudo email that the system created based off name I gave it
    Clicked on "+ ADD ANOTHER ROLE"
    Large filterable list came up.
    Searched for custom role, sheets, drive, and scrolled through entire list
    Nothing worked

  • Navigated to "APIs & Services/Enabled APIs and Services/+ Enable APIS AND SERVICES /
    Searched "Sheets" under "Welcome to the API Library"
    Clicked on "Google Sheets API"
    Verified "Enabled"
    Clicked on "Manage"
    Clicked on "Credentials"
    Verified that my service account is listed under "Credentials compatible with this API"
    Clicked on pencil next to my service account
    Clicked on "Permissions"
    Found myself back on "IAM & Admin/Service Accounts/Service Account/Permissions"

Problem:

When attempting to add permissions related to Google Drive and Google Sheets (e.g., drive.files.create, sheets.spreadsheets.create), the "+ Add permission" filter on the custom role I've created for a service account returns no results. I've tried filtering using prefixes like "drive.", "sheets.", "drive.files", and "sheets.spreadsheets", and still, no matching permissions are found.

APIs are enabled: The Google Drive and Google Sheets APIs have been enabled for this project for over 48 hours.

Account Details:

  • My account's "Role launch stage" is "Alpha."(?)
    I'm the account owner, but I'm unsure if this "Alpha" status is preventing me from accessing the necessary IAM permissions. To prevent confusion, I didn't specify an organization to avoid having to deal with some sort of hierarchy permission problem.

Questions:

  • Is this "Alpha" status restricting access to certain IAM permissions?
    Is there any verification process required to remove this limitation?

Thanks in advance, and apologies if I posted this in the wrong place.

0 2 268
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
jamespatrickm
Staff
Reply posted on --/--/---- --:-- AM

Hi @gcloudfng,

Welcome to Google Cloud Community!

Thank you for sharing the detailed steps you’ve taken. It seems that you’ve exhausted all the steps and the “Alpha” stage typically should not hinder you assigning permissions in my experience. Although there might be some API restrictions tied to it or some other issue that I am not aware of as the Alpha launch stage means that the role is still being developed or tested.

It appears that a more thorough investigation of your project is necessary. I highly recommend that you reach out to our 1:1 support for a deep dive on this issue. Please see our Cloud Customer Care documentation.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Posted on --/--/---- --:-- AM
femstac
New Member
Reply posted on --/--/---- --:-- AM

@gcloudfng , hi, were you able to solve this problem?

If so, how did you do it. 

0 Likes
Top Labels in this Space
Top Solution Authors
View all