I have several google cloud functions for a google cloud project. We have multiple project editors who currently have the ability to create, edit, delete cloud functions within the project as they see fit. I would like to be able to create a google cloud function that only I have access to within the project. Is this possible? I've looked at custom IAM policies but I can't tell if its possible using them.
1 Answers
1
votes
Cloud Functions doesn't support per-account IAM for the purpose of managing the functions in a project. An account either has some level of access to all the functions in the entire project (as listed in the documentation), or none at all.
There is per-account controls for invoking functions, as described in the documentation, but that is not the same as the permissions for managing the functions.
If you really need to isolate accounts per function for management, I believe your only option is to deploy the functions to different projects. That will certainly make other things difficult, but possibly doable.
Update: Currently Cloud Functions support granting roles to users on an entire project or on individual functions
This can be configured with the following command:
gcloud functions add-iam-policy-binding FUNCTION_NAME \
--member=MEMBER_TYPE \
--role=ROLE
