mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
Some checks failed
Build and test GAM / build (Win64, build, 7, VC-WIN64A, windows-2022) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 2, linux-aarch64, [self-hosted linux arm64]) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 4, linux-aarch64, [self-hosted linux arm64], yes) (push) Has been cancelled
Build and test GAM / build (aarch64, build, 6, darwin64-arm64, macos-14) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 1, linux-x86_64, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 3, linux-x86_64, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (x86_64, build, 5, darwin64-x86_64, macos-13) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 8, ubuntu-24.04, 3.13) (push) Has been cancelled
Build and test GAM / build (x86_64, test, 9, ubuntu-24.04, 3.9) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
41 lines
1.3 KiB
Markdown
41 lines
1.3 KiB
Markdown
!# GAM setup with minimal GCP permissions.
|
|
|
|
- GCP Admin can create a project for the Workspace / GAM admin.
|
|
|
|
- GAM admin needs following permissions on the created project resource:
|
|
|
|
```
|
|
clientauthconfig.brands.create
|
|
clientauthconfig.brands.update
|
|
clientauthconfig.clients.create
|
|
clientauthconfig.clients.createSecret
|
|
clientauthconfig.clients.delete
|
|
clientauthconfig.clients.get
|
|
clientauthconfig.clients.getWithSecret
|
|
clientauthconfig.clients.list
|
|
clientauthconfig.clients.listWithSecrets
|
|
clientauthconfig.clients.update
|
|
iam.serviceAccountKeys.create
|
|
iam.serviceAccounts.create
|
|
iam.serviceAccounts.list
|
|
iam.serviceAccounts.setIamPolicy
|
|
oauthconfig.testusers.get
|
|
oauthconfig.verification.get
|
|
resourcemanager.projects.get
|
|
serviceusage.services.enable
|
|
serviceusage.services.get
|
|
serviceusage.services.list
|
|
```
|
|
Reasons for permission by service:
|
|
| Service(s) | Reason |
|
|
|---------|--------|
|
|
| clientauthconfig and oauthconfig | Manage the [OAuth Consent Page](https://developers.google.com/workspace/guides/configure-oauth-consent) |
|
|
| iam | Manage service accounts and their keys |
|
|
| serviceusage | Enable Google API services |
|
|
| resourcemanager | Read basic project info |
|
|
|
|
- Once GAM admin has rights to the new project they can complete setup with:
|
|
```
|
|
gam use project
|
|
```
|
|
admin will be prompted for the project ID. |