Policy: GCP > Turbot > Permissions > Turbot/Owner Level to grant GCP/SuperUser
Define the levels at which a user must have Turbot/Owner to be able to grant GCP/SuperUser. GCP/SuperUser is a highly privileged right that may require tighter restrictions than other rights. For example, if set to "GCP Folder or higher", then only users with Turbot/Owner on a parent Google folder, Organization, or Guardrails folder can grant GCP/SuperUser on an GCP Project - users with Turbot/Owner at the Project level would not be able to grant GCP/SuperUser.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/iamPermissions
- tmod:@turbot/gcp-iam#/policy/types/permissionsGrantOwner
- turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/permissionsGrantOwner"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/permissionsGrantOwner"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI