Assigned
Status Update
No update yet.
Comments
ar...@e.lloydsbanking.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
Want to create custom constraints on a GCP project using a project level role. However can only do so with the roles/orgpolicy.policyAdmin. This is a organisational level role and be too privileged for a large scale organisation, therefore we cannot see any way in which a custom constraint can be set without implementing complex governance.
How this might work:
Role to be allowed at the project level, or new role to be created with similar permissions at the project level.
If applicable, reasons why alternative solutions are not sufficient:
There is too much governance around managing a role with privileges at the organisational level. Project admins should be able to manage custom constraints for their own project without having to have a role that has access to every project within the organisation. Role with organisation level privileges are not feasibly assigned at a large scale organisation. Do not see how we can feasibly use custom constraints.
Other information (workarounds you have tried, documentation consulted, etc):
Required to build validation checks as part of CI/CD. Custom constraints would be a lot more convenient and easy.