google cloud iam - Create a custom role with no (or minimal) permissions

I am working on an application that has several custom roles that do not map to the existing IAM roles or permissions. e.g. Sales Department, Administrator, or Approver.I would like to create these custom roles in IAM and assign users to them. However, in order to create a custom role, I need to select at least one permission from the list of predefined permissions. Is there a way to create a custom role with no permissions or with a minimal permission that has no side effects?...Read more

google cloud iam - service account - best practise

some questions about service accounts and best practises on GCP.1) I'm able to create a "brand new" service account. How can I ensure that this new service account doesn't have any kind of privileges bound to it? I'm asking this because for a project I need to create multiple service accounts with only one permission: write access to a single Google Storage bucket. Nothing more. How can I ensure that this is the only granted permission and nothing else ?2) Should I create a new Google Cloud Project for every customer I have, in example, one pro...Read more