'Creating a custom IAM role via subtraction

Right now in Google Cloud most members of my team are project "Editor". I would like them to be able to view and edit most resources in Google Cloud.

However the one thing I don't want is for them to be able to deploy new versions of Cloud Functions. That should only be done by our CI bot.

Is there a way to create a custom IAM role which is "Editor but minus <permission x>"?

google-cloud-platformgoogle-cloud-functionsgoogle-iamgoogle-cloud-iam


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project