-
Type:
Infra Task
-
Resolution: Fixed
-
Priority:
Should have
-
None
-
None
Instead of assigning multiple roles per Developer, sysadmin and NRO, it might simply administration to define custom roles with all the necessary permissions: https://console.cloud.google.com/iam-admin/roles/create?project=planet-4-151612
Tasks:
- Determine the minimum necessary permissions for each business role
- Create custom IAM roles to describe these permissions for each project (custom role management via Terraform is a good candidate here, though perhaps not in this ticket)
- Update nro-generator init script to suit: https://github.com/greenpeace/planet4-nro-generator/blob/master/bin/init_service_account.sh#L26
- Update the Developers, Sysadmins, NRO service accounts to use newly defined roles