why we have to create another mail id for gcp non-admin user ? anyone please explain it clearly..
1 Answers
We are trying to mimic a real business scenario where we have multiple GCP users (employees) one of them can be admin and can grant non-admin privileges to other employees in the organization. Here is what you need to do (and I did while I was learning):
1) Create two gmail accounts (example: demo_admin_myorg@gmail.com demo_user_myorg@gmail.com)
2) Sign-up for gcp using demo_admin_myorg@gmail.com account
3) Now while you are signed up with admin account – create a project and make demo_admin_myorg@gmail.com the owner of the project
4) On the IAM member screen, add a new member (demo_user_myorg@gmail.com) as viewer (any non-admin role).
5) Then login to GCP via demo_user_myorg@gmail.com and see the difference in options presented to admin and non-admin users.
Hope this helps!
thanks lokesh for your update…. but why we have to create user account is it related to billing purpose or anyother purpose??
it’s more of a demonstration purpose to create two different identities – make one admin and other non-admin. But in real life, an organization employee will have access to GCP using their Org identity. Some of the employees (identities) will have admin privileges and other will have only specific privileges required to accomplish a job (according to Principle of least privileges).