Your GDC Sandbox instance is populated with several accounts. One of
them is the Platform Admin account, with the email address
fop-platform-admin@example.com.
This page describes how to configure this account with the necessary
permissions for creating projects and performing other administration
tasks.
Set up Platform Admin permissions
The following steps will set up your administrator account with the roles necessary to manage projects, users, storage, and other resources.
You can set up your administrator account using the GDC console,
or the command line tool gdcloud.
GDC console
- Navigate to your GDC console as described In Connect to your instance.
- Select Access.
- Select fop-platform-admin@example.com and click Edit Roles.
Click Add Another Role to add more roles.
- To provide the Platform Admin with the necessary rights to create
projects and perform other administrative tasks, add the following
roles:
- Org Network Policy Admin
- Organization IAM Admin
- Bucket Admin
- Organization DB Admin
- Project Creator
- Project Editor
- User Cluster Admin
- Organization Grafana Viewer
- To provide the Platform Admin with the necessary rights to create and test specific services, add roles specific to those services.
- Click Save.
- To provide the Platform Admin with the necessary rights to create
projects and perform other administrative tasks, add the following
roles:
Click Submit.
gdcloud
- Ensure you have the gdcloud CLI installed.
- Sign in using gdcloud auth login.
Set up role bindings for an organization:
gdcloud organizations add-iam-policy-binding ORGANIZATION \ --member=user:fop-platform-admin@example.com \ --role=ROLEReplace the following variables:
ORGANIZATION: the name of the organization for which you're setting up the role binding.ROLE: the name of the predefined or custom role you want to assign to the user.
To provide the Platform Admin with the necessary rights to create projects and perform other administrative tasks, add the following roles:
gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=org-network-policy-admin gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=organization-iam-admin gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=bucket-admin gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=organization-db-admin gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=project-creator gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=oproject-editor gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=user-cluster-admin gdcloud organizations add-iam-policy-binding org-1 \ --member=user:fop-platform-admin@example.com \ --role=organization-grafana-viewer