Creating and Assigning Custom Roles

Follow the below steps to create custom roles on Google Workspace:

In the Google Workspace configuration interface, go to Admin Console > Menu > Account > Admin roles.
Select Create new role.
Enter the Name and Description for the role and select Continue.

Follow the below steps to create custom roles on Google Cloud Provider (GCP):

Go to GCP Console > Roles.
Select Create Role.
Enter the Title and Description for the role and select Continue.

Assigning Permissions to Custom Roles

The following permissions must be assigned to the custom role for the service account at the organization level:

cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
iam.roles.list
iam.serviceAccounts.getIamPolicy
iam.serviceAccounts.list
logging.logEntries.list
resourcemanager.folders.getIamPolicy
resourcemanager.folders.list
resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Creating and Assigning Custom Roles

Assigning Permissions to Custom Roles

Documentation Feedback