Add note on getIamPolicy permissions to index.md (#620)

turbot · Jul 24, 2024 · d086487 · d086487
1 parent c6df161
commit d086487
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/index.md b/docs/index.md
@@ -57,7 +57,7 @@ steampipe plugin install gcp
 | Item | Description |
 | - | - |
 | Credentials | When running locally, you must configure your [Application Default Credentials](https://cloud.google.com/sdk/gcloud/reference/auth/application-default). If you are running in Cloud Shell or Cloud Code, [the tool uses the credentials you provided when you logged in, and manages any authorizations required](https://cloud.google.com/docs/authentication/provide-credentials-adc#cloud-based-dev). |
-| Permissions | Assign the `Viewer` role to your user or service account. |
+| Permissions | Assign the `Viewer` role to your user or service account. You may also need additional permissions related to IAM policies, like `pubsub.subscriptions.getIamPolicy`, `pubsub.topics.getIamPolicy`, `storage.buckets.getIamPolicy`, since these are not included in the `Viewer` role. You can grant these by creating a custom role in your project. |
 | Radius | Each connection represents a single GCP project. |
 | Resolution |  1. Credentials from the JSON file specified by the `credentials` parameter in your steampipe config.<br />2. Credentials from the JSON file specified by the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.<br />3. Credentials from the default JSON file location (~/.config/gcloud/application_default_credentials.json). <br />4. Credentials from [the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)|