See which Roles contain a GCLOUD Permisson

Question

I'd like to see wich Roles in iam yield a certain permission. In other words, for a given permission (like billing.accounts.updateUsageExportSpec) I want to know a list of Roles, that satisfy this permission.

score 1 · Answer 1 · answered Sep 24 '19 at 13:57

1

Looks like only the roles/billing.admin: https://cloud.google.com/iam/docs/understanding-roles#billing-roles

answered Sep 24 '19 at 13:57

erk

131
2

score 0 · Answer 2 · answered Sep 25 '19 at 18:40

If under unix, with gcloud SDK you can execute the following script:

export expected_permission=billing.accounts.updateUsageExportSpec

for role in $(gcloud iam roles list --format='value(NAME)');                                     
do permissions=$(gcloud iam roles describe $role --format='value(includedPermissions)')
if [[ $permissions =~ $expected_permission  ]]; then echo "-------------------------------------------------" &&  echo $role && echo "-------------------------------------------------"; fi
done

Either way, there's this reference in official docs where permission/roles mapping can be shown

See which Roles contain a GCLOUD Permisson

2 Answers2