The following steps are needed to grant/revoke permissions for creating/updating/deleting device registries to service accounts:
To Add/Edit/Delete Service Accounts
-
Open the project selector window (drop-down at the top of the page).
-
Click the edit icon (
) to update the project area settings.
-
Select the second tab, PRINCIPAL MANAGEMENT.
-
Click ADD and select Service Account:
Provide the Name, Description, select Roles, and click CREATE.
To edit a Service Account, click the Edit icon (Pencil) to the right.
To download a Service Account credentials click the Download icon to the right.
To delete a Service account, select the checkbox (left), click Remove (top-right) then confirm by clicking REMOVE in the modal:
Roles
The following table describes the permissions of roles that can be assigned to Users and Service Accounts.
|
Role Name |
Id |
Permissions |
Levels Assignable |
|---|---|---|---|
|
Cloud IoT Viewer |
roles/cloudiot.viewer |
|
Project level, Registry level |
|
Cloud IoT Device Controller |
roles/cloudiot.deviceController |
|
Project level, Registry level |
|
Cloud IoT Provisioner |
roles/cloudiot.provisioner |
|
Project level, Registry level |
|
Cloud IoT Editor |
roles/cloudiot.editor |
|
Project level, Registry level |
|
Cloud IoT Admin |
roles/cloudiot.admin |
|
Project level |
|
Cloud IoT Project Admin |
roles/project.admin |
|
Project level (or higher perhaps if that concept gets created) |