Custom Roles
To create custom roles on Google Workforce, complete the following:
-
In the Google Workforce configuration interface, go to Admin Console > Admin Roles.
-
Select Create Role.
-
Enter the Name and Description for the role.
To create custom roles on GCP, complete the following:
-
Go to GCP Console > Roles.
-
Select Create Role.
-
Enter the Title and Description for the role.
The following table lists the minimum requirements for Service Account Scopes and Custom Roles applied on Impersonate User for the respective connector operations.
Connector Operation |
Service Account Scopes |
Impersonate User |
---|---|---|
Test Connection |
G-Suite
GCP
|
G-Suite
GCP
|
Refresh Account |
||
Account Aggregation |
||
Partitioning Aggregation |
||
Role related operations (Aggregate Role, Create Account/Enable/Disable/Change Password/Add and Remove) with Role |
|
Super Admin |
Group Aggregation |
G-Suite
GCP
|
G-Suite
GCP
|
Delete group |
|
|
Create and Update Group |
G-Suite
GCP
|
G-Suite
GCP
|
Create Account without Entitlement(s) |
G-Suite
GCP
|
G-Suite
GCP
|
Enable, Disable and Delete Account |
||
Update Account attribute(s) (For accounts without entitlement) |
||
Change Password |
||
Create Account with Entitlement(s) |
G-Suite
GCP
|
G-Suite
GCP
|
Add/Remove Entitlements |
||
Update Account attribute(s) (For accounts with entitlement) |
||
Delta Aggregation for Account |
G-Suite
GCP
|
G-Suite
GCP
|
Delta Aggregation for Group |
G-Suite
GCP
|
G-Suite
GCP
|
Delete Data Transfer |
|
|
Delegated Admins |
|
|
Aggregation for Folder and Project |
GCP
|
GCP
|
Aggregation for IAM Role |
GCP
|
GCP
|
Create/Update/Delete IAM Roles |
GCP
|
GCP
|
Aggregation for IAM Resource Permission |
GCP
|
GCP
|
To manage all operations on domain as Account type in GCP |
G-Suite
|
G-Suite
|