Permission error when setting IAM policy on Artifact Registry in GCP
Question
I'm following this guide and getting stuck at step 3. When I run
gcloud artifacts repositories add-iam-policy-binding [myrepo] \
--location us \
--member=serviceAccount:build-robot@[myproject].iam.gserviceaccount.com \
--role=roles/artifactregistry.writer
I get PERMISSION_DENIED: The caller does not have permission .
gcloud is running as roles/Owner (myself) so I definitely have permission to perform the action.
I can add a project binding for the service account with role roles/cloudbuild.builds.builder , and this works (I can push and pull images from the artifact registry using the build-robot service account), but is far too permissive for what I want the service account to do.
1 answers
solution1
2 ACCPTED 2021-03-29 14:49:45
Sometimes this error may happen due to the specified location in the --location tag not being the correct one.
Check that the artifact to which you're granting permissions is in US, as the tutorial you shared assumes you've created it in US, or otherwise change the location tag accordingly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.