Enable privileges

The following privileges are necessary to import a virtual application:

  • roles/compute.admin
  • roles/storage.admin
  • roles/iam.serviceAccountUser
  • roles/iam.serviceAccountTokenCreator
  1. Sign in to cloud.google.com.
  2. Click Console.
  3. Click APIs & Services.
  4. Click + ENABLE APIS AND SERVICES.
  5. Enter Cloud Build API in the search field.
  6. Click Cloud Build API in the search results.
  7. Click ENABLE.

You need the project ID and project number to enable privileges. To display the metadata for a project that includes these details, run:

gcloud projects describe <project-name>

Enable privileges using the command:

gcloud projects add-iam-policy-binding <project-id> --member serviceAccount:<project-number>@cloudbuild.gserviceaccount.com --role <role>

where:

  • <project-id> is the project ID
  • <project-number> is the project number
  • <role> is one of the required roles.

For example, to enable our required privileges for the project with an ID of accessgateway-2022, a project number of 123456789012, enter the following commands:

gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/compute.admin

gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/storage.Admin

gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/iam.serviceAccountUser

gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/iam.serviceAccountTokenCreator