Custom Role Creation

Before creating a Service Account, we need to ensure that we are creating a Custom Role with the minimal permissions. Follow the steps below to create a Custom Role:

1. Navigate to GCP Console – IAM

2. Select the marketplace project in the project list and click on Roles from the left-menu

3. Click on + Create Role

4. Provide the Title to the Custom Role as “GCPMarketplaceRoleForSaaSifyIntegration“

5. If required, provide the Description

6. Provide the ID as “GCPMarketplaceRoleForSaaSifyIntegration_ID“

7. Select the Role launch stage as General Availability

8. Click on + Add Permissions:

   1. In Filter permissions by role field

      1. Search for “Pub/Sub Editor” and select the same

      2. Click on Ok

      3. In the Filter, search for “pubsub.subscriptions.create“:

      4. Select the permission

      5. Click on Add

   2. Once again, click on + Add Permissions

      1. Search for “Pub/Sub Editor” and select the same

      2. Click on Ok

      3. In the Filter, search for “pubsub.subscriptions.get“:

      4. Select the permission

      5. Click on Add

9. Click on + Add Permissions:

   1. Search for “Service Controller” and select the same

   2. From the list of Permissions, select the below Permission and click on Add

      1. servicemanagement.services.check

      2. servicemanagement.services.report

10. Click on + Add Permissions:

    1. From the list of Permissions, select the below Permission and click on Add

       1. consumerprocurement.entitlements.get

       2. consumerprocurement.entitlements.list

11. Click on Create.