Set up the Platform Admin account

Your GDC Sandbox instance is populated with several accounts. One of them is the Platform Admin account, with the email address fop-platform-admin@example.com. This page describes how to configure this account with the necessary permissions for creating projects and performing other administration tasks.

Set up Platform Admin permissions

The following steps will set up your administrator account with the roles necessary to manage projects, users, storage, and other resources.

You can set up your administrator account using the GDC console, or the command line tool gdcloud.

GDC console

  1. Navigate to your GDC console as described In Connect to your instance.
  2. Select Access.
  3. Select fop-platform-admin@example.com and click Edit Roles.

  4. Click Add Another Role to add more roles.

    1. To provide the Platform Admin with the necessary rights to create projects and perform other administrative tasks, add the following roles:
      • Org Network Policy Admin
      • Organization IAM Admin
      • Bucket Admin
      • Organization DB Admin
      • Org Network Policy Admin
      • Project Creator
      • User Cluster Admin
      • AI Platform Admin
      • Organization Grafana Viewer
    2. To provide the Platform Admin with the necessary rights to create and test specific services, add roles specific to those services.
    3. Click Save.

  5. Click Submit.

gdcloud

  1. Navigate to your GDC console as described in Connect to your instance.
  2. Download and install the gdcloud CLI on the machine with access to your instance. See Download the gdcloud CLI.
  3. Open a terminal window on a machine with access to your instance.
    • If you chose to use a remote desktop client to connect to your gateway, open a terminal in the Linux GUI on your gateway.
    • If you are connecting through an sshuttle tunnel, open a terminal on your own machine.

  4. Set the default GDC organization, org-1. For more details on GDC organizations, see Organization.

    gdcloud config set core/organization_console_url \
  https://console.org-1.zone1.google.gdch.test

  5. Retrieve the certificates to authorize your sign in operation:

    echo -n | openssl s_client -showcerts -connect \
  console.org-1.zone1.google.gdch.test:443 | \
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
  > /tmp/org-1-web-tls-ca.cert

  6. Authenticate and sign into your GDC Sandbox environment. A browser window opens.

    gdcloud auth login --login-config-cert=/tmp/org-1-web-tls-ca.cert

  7. To continue your operations using the gdcloud CLI, close the browser.

  8. Optional: To continue your sign in through the browser, follow steps three to five in the GDC console tab.