|
|
|
|
|
|
by valenterry
441 days ago
|
|
|
> you're going to add a role (standard, unless you have custom roles), which you technically have to map back to the permission you need Which is terrible btw. You dont "technicall" have to do that, you really cannot add roles to custom roles, you can only add permissions to custom roles. Which makes it really hard to maintain the correctness of custom roles since their permissions can and do change. > ...If only we could do something like: dry run and surface all the required permissions, then grant them in one fell (granular) sweep. GCP even has something like that, but I honestly think that standard roles are usually fine. Sometimes making things too fine grained is not good either. Semantics matter. |
|
|