Enable privileges
The following privileges are necessary to import a virtual application:
- roles/compute.admin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/iam.serviceAccountTokenCreator
- Sign in to cloud.google.com.
- Click Console.
- Click APIs & Services.
- Click + ENABLE APIS AND SERVICES.
- Enter Cloud Build API in the search field.
- Click Cloud Build API in the search results.
- Click ENABLE.
You need the project ID and project number to enable privileges. To display the metadata for a project that includes these details, run this command:
gcloud projects describe <project-name>
To enable privileges, run this command:
gcloud projects add-iam-policy-binding <project-id>
--member serviceAccount:<project-number>@cloudbuild.gserviceaccount.com --role <role>- <project-id> is the project ID.
- <project-number> is the project number.
- <role> is one of the required roles.
To enable the required privileges for the project, run the command for each role you want to create.
In all of the following examples, replace <project-id> with accessgateway-2022, and <project-number> with 123456789012.
In this example, replace <role> with compute.admin:
gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/compute.adminIn this example, replace <role> with storage.admin:
gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/storage.Admin
In this example, replace <role> with iam.serviceAccountUser:
gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/iam.serviceAccountUser
In this example, replace <role> with iam.serviceAccountTokenCreator:
gcloud projects add-iam-policy-binding accessgateway-2022 --member serviceAccount:123456789012@cloudbuild.gserviceaccount.com --role roles/iam.serviceAccountTokenCreator