Grant roles using client libraries
Learn how to get started with the IAM methods from the Resource Manager API in your favorite programming language.
To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:
Before you begin
Create a Google Cloud project
For this quickstart, you need a new Google Cloud project.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Enable the Resource Manager API:
gcloud services enable cloudresourcemanager.googleapis.com
-
Create local authentication credentials for your user account:
gcloud auth application-default login
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/resourcemanager.projectIamAdmin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:[email protected]
. - Replace
ROLE
with each individual role.
- Replace
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Enable the Resource Manager API:
gcloud services enable cloudresourcemanager.googleapis.com
-
Create local authentication credentials for your user account:
gcloud auth application-default login
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/resourcemanager.projectIamAdmin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:[email protected]
. - Replace
ROLE
with each individual role.
- Replace
Install the client library
C#
For more on setting up your C# development environment, refer to the C# Development Environment Setup Guide.
install-package Google.Apis.Iam.v1 install-package Google.Apis.CloudResourceManager.v1
Go
go get golang.org/x/oauth2/google go get google.golang.org/api/cloudresourcemanager/v1
Java
For more on setting up your Java development environment, refer to the Java Development Environment Setup Guide.
If you are using Maven, add this to yourpom.xml
file.
Python
For more on setting up your Python development environment, refer to the Python Development Environment Setup Guide.
pip install --upgrade google-api-python-client google-auth google-auth-httplib2
Read, modify, and write an allow policy
The code snippet in this quickstart does the following:
- Initializes the Resource Manager service, which manages Google Cloud projects.
- Reads the allow policy for your project.
- Modifies the allow policy by granting the Log Writer role
(
roles/logging.logWriter
) to your Google Account. - Writes the updated allow policy.
- Prints all the principals that have the Log Writer role
(
roles/logging.logWriter
) at the project level. - Revokes the Log Writer role.
Replace the following values before running the code snippet:
your-project
: The ID of your project.your-member
: The email address for your user account. For example,user:[email protected]
.
C#
To learn how to install and use the client library for Resource Manager, see Resource Manager client libraries. For more information, see the Resource Manager C# API reference documentation.
To authenticate to Resource Manager, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Go
To learn how to install and use the client library for Resource Manager, see Resource Manager client libraries. For more information, see the Resource Manager Go API reference documentation.
To authenticate to Resource Manager, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
To learn how to install and use the client library for Resource Manager, see Resource Manager client libraries. For more information, see the Resource Manager Java API reference documentation.
To authenticate to Resource Manager, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
To learn how to install and use the client library for Resource Manager, see Resource Manager client libraries. For more information, see the Resource Manager Python API reference documentation.
To authenticate to Resource Manager, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Congratulations! You used the IAM methods in the Resource Manager API to modify access for a project.
How did it go?
Clean up
-
Optional: Revoke the authentication credentials that you created, and delete the local credential file.
gcloud auth application-default revoke
-
Optional: Revoke credentials from the gcloud CLI.
gcloud auth revoke
What's next
- Read about how IAM works.
- Learn more about granting, changing, and revoking access.
- Troubleshoot access issues with the Policy Troubleshooter.