How to do it...

Our requirement is to create a storage reviewer role for compute resource, who reviews the work of a Compute Storage Admin. To start with, we can take the predefined role of roles/compute.storageAdmin as a base and fine-tune the permissions for the reviewer role:

  1. Log in to the console and launch the Google Cloud Shell:
  2. Let's find out the permissions assigned to the roles/compute.storageAdmin from its metadata:
$ gcloud beta iam roles describe roles/compute.storageAdmindescription: Full control of Compute Engine storage resources.etag: AA==includedPermissions:- compute.diskTypes.get- compute.diskTypes.list- compute.disks.create- compute.disks.createSnapshot- compute.disks.delete- compute.disks.get- compute.disks.getIamPolicy ...

Get Google Cloud Platform Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.