Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
We would like to limit our admin users to create a new Firebase project and link Firebase projects with current GCP Projects.
The only way is to restrict firebase.projects.update, since this permission cannot be restricted with IAM deny, the only way to restrict this is using custom roles.
However, this blocks the ability to add IAM binding permissions to admins user, since they could add this role to their account by themselves.
What you expected to happen:
Provide a simple way to restrict limit our admin users to create a new Firebase project and link Firebase projects with current GCP Projects.
Suggestions:
- Support IAM deny for firease.projects.update
- Support restrict
Possible Workaround:
- Use a IAM deny to deny the permission apikeys.keys.create for Firebase Service Agent service-PROJECT_NUMBER@gcp-sa-firebase.iam.gserviceaccount.com