3
votes

I want to be able to programatically add a user to a project that exists in google cloud. I can do this via the console by going to Iam and admin, selecting a project, then searching for a user, selecting a role and adding them. Furthermore, the docs seem to say this should be possible

Project owners can grant access to team members to access project's resources and APIs by granting IAM roles to team members. You can grant a role to a team member using the Cloud Platform Console, the cloud command-line tool, or the setIamPolicy() method.

But the API seems to be missing this method.

I can grant users access to particular resources, but I cant give them the same kind of all resource access level that I can from the console.

What API call can I use to, say, grant a given user read-only access to all the resources in a given project?

1

1 Answers

3
votes

It's right where you linked it :)

What you want to do is:
1. Get current policy.
That will give you a JSON response showing you what the structure should be like.
2. Make your changes. If there is already an entry with roles/viewer, append to the members list, otherwise create the entry:

...
{
   "role": "roles/viewer",
   "members": [
    "user:[email protected]"
   ]
  },
...

3. Set the new policy.

For a list of possible roles look here.