Grant permissions to applications

You can configure application access by assigning user roles on your management project. To do this, use the following approaches:

Grant access to all applications in a management project.
Grant access to individual applications in a management project.

Grant access to all applications

To grant access to all applications from the management project, assign an IAM role to a principal on the management project.

Google Cloud console

Go to the IAM page.

Go to IAM
From the project picker in the Google Cloud console, select the management project.
Click Grant access.
Enter an identifier for the principal. For example, user@example.com.
From the Select a role drop-down menu, search for the role you want to assign and click it.
Click Save.
Verify that the principal and the corresponding role are listed in the IAM page.

You have successfully granted an IAM role to a principal.

gcloud CLI

Run the following gcloud CLI command. For example, you can use Cloud Shell:

gcloud projects add-iam-policy-binding MANAGEMENT_PROJECT_ID \  --member=USER_EMAIL \  --role=ROLE

Replace the following:

MANAGEMENT_PROJECT_ID: the management project ID, such as google-mpf-123456789.
USER_EMAIL: the email address of the user that must get access to all applications in the management project, such as user@example.com.
ROLE: the role that you want to provide to the user, such as roles/apphub.editor.

Grant access to individual applications

To grant access to individual applications in the management project, assign an IAM role to the principal on the application resource. Run the following gcloud CLI command. For example, you can use Cloud Shell:

gcloud apphub applications set-iam-policy APPLICATION_NAME \  --project=MANAGEMENT_PROJECT_ID \  --location=REGION \  POLICY_FILE