You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

A template to be submitted when requesting a GCP project can be found here:  Product GCP Request

Make a copy of the template and update the necessary fields.

Creation of Groups for Project Access

The best practice for managing user permissions on GCP projects is done with Groups.

Prior to making a request for GCP projects, it is first necessary to request access groups to be able to attribute access to the projects.  Typically the Application owner should be making the request for groups.  This person will become the manager of each group and be able to assign, or delegate assess to those working on, and using the project.

The permissions to be requested for the project will vary depending on the types of access on the project.

It is not necessary to provide an exhaustive list of groups when requesting a project, as further access can be requested and granted later upon request, but at least one group should be provided at the beginning for the data engineers and architects to being working on the project.  A generic group for technical users (data architects and engineers) can follow the format of gcp-sl-data-{product_name}-nonprod@solvay.com and gcp-sl-data-{product_name}-prod@solvay.com.  The Application Owner should never add end users to the technical user group. 

Additionally, it should be considered whether or not business users or other end users will need to have direct access to BigQuery.  If this is the case, additional groups should be requested by the Product Application Owner and the accesses granted to this group should be limited based on the actions they require.  For example, if end users will require the ability to create their own datasets and tables, then these permissions should be requested accordingly.  The end user groups should not have broad permissions on the projects like the technical user group.  See the attached template above for reference concerning the details.

To request Groups within Service One, follow the guidelines on the Service One Page for Group Creation.

One the groups have been requested, a request can be made in Service one for the Cloud Operations Team.

Project Request in Service One

To request a new project in Google Cloud Platform, open Service One here: https://solvay-dwp.onbmc.com/dwp/app/#/itemprofile/602 and select Request Now

Then complete the requested fields accordingly.   Be mindful to give as many details as possible, as the Cloud Operations Team may respond requiring additional information.  

In the Application field, search and select Google Cloud Platform.

When finished, click Submit Request.


Special Note: for any service account keys that are requested, it is the Application Owner, as defined in the request template, that will receive the keys.  The Application Owner will be responsible for transmitting the keys to the appropriate teams.  For example, service account keys for Talend should go to the developer team, Dataiku to the Data Scientist team, Tableau to the Dataviz team.

  • No labels