Our requirement is to create a storage reviewer role for compute resource, who reviews the work of a Compute Storage Admin. To start with, we can take the predefined role of roles/compute.storageAdmin as a base and fine-tune the permissions for the reviewer role:
- Log in to the console and launch the Google Cloud Shell:
- Let's find out the permissions assigned to the roles/compute.storageAdmin from its metadata:
$ gcloud beta iam roles describe roles/compute.storageAdmindescription: Full control of Compute Engine storage resources.etag: AA==includedPermissions:- compute.diskTypes.get- compute.diskTypes.list- compute.disks.create- compute.disks.createSnapshot- compute.disks.delete- compute.disks.get- compute.disks.getIamPolicy ...