This page summarizes general requirements for deploying artifacts to Google Cloud runtime environments.
There are two forms of access control to consider:
- IAM permissions
- Identity and Access Management permissions determine the users, service accounts and other identities that can access resources. You grant Artifact Registry permissions to identities that can access repositories.
- Access scopes
- Access scopes determine the default OAuth scopes for requests made through the gcloud CLI and client libraries on a VM instance. As a result, access scopes can further limit access to API methods when authenticating with application default credentials .
Google Cloud runtime environments are preconfigured with access to repositories in the same project. You must configure or modify permissions yourself if:
- You are using a service account in one project to access Artifact Registry in a different project
- You are using a service account with read-only access to storage, but you want the service account to both upload and download artifacts
- You are using a custom service account to interact with Artifact Registry.
For service-specific requirements, refer to the following information:
