Assign Roles

Assign roles to your service account.


When an identity calls a Google Cloud Platform API, Cloud Identity and Access Management (IAM) requires that the identity has the appropriate permissions to use the resource. You can grant permissions by granting roles to a user, a group, or a service account. In this case, you need to assign roles to your service account associated with a project to start installing and managing functions in Function Store.

Roles that you need to assign

A role is a group of permissions that can be assigned to principals. These principals can be individuals, service accounts, or Google Groups. Creation of roles and assigning permissions to the roles can be done from the Google Cloud Platform (GCP) console.

The roles you need to assign to your service account are:

  • Cloud Function Admin: Full access to functions, operations and locations.

  • Firebase Authentication Admin: Full read/write access to Firebase Authentication resources.

  • Secret Manager Admin: Full access to administer Secret Manager resources.

  • Service Account User: Run operations as the service account.

  • Service Usage Admin: Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.

These roles bundle one or more permissions. Check them in the next section👇.

Last updated