--- title: "Creating a Custom Role for GCP Projects only" slug: "creating-a-custom-role-for-gcp-standalone-application" updated: 2026-06-02T05:47:28Z published: 2026-06-02T05:47:28Z canonical: "docs.britive.com/creating-a-custom-role-for-gcp-standalone-application" --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.britive.com/llms.txt > Use this file to discover all available pages before exploring further. # Creating a Custom Role for GCP Projects only A custom role needs to be created for Britive to perform operations within GCP. The custom role can be created at one of the following locations: - **Organization level:**In this scenario custom role can be created at the organization level and the role can be granted to the service account at folder or projects that need to be managed in Britive. - **Project level:** If creating the role at the organization level is not possible then a custom role needs to be created at every project that needs to be managed within Britive and all the roles have to be assigned to the service account. Follow these steps to create a custom role: 1. Login to [GCP Console](https://console.cloud.google.com) using the administrative privileges. 2. Select either Organization level or Project from the project selector drop-down on the top. If a project is selected then the following steps need to be repeated for all the projects managed within Britive. 3. Select **IAM & Admin** -> **Roles**from the navigation menu. 4. Click **+ CREATE ROLE.** 5. Enter the following values on the **Create Role**page. 1. Enter the **Title** as Britive Integration Role. 2. Enter the **ID** as BritiveIntegrationRole. 3. Click **ADD PERMISSIONS**to add the following permissions: PermissionsPermissions ```Permissions iam.roles.get, iam.roles.list, iam.serviceAccountKeys.create, iam.serviceAccountKeys.delete, iam.serviceAccountKeys.get, iam.serviceAccountKeys.list, iam.serviceAccounts.create, iam.serviceAccounts.delete, iam.serviceAccounts.disable, iam.serviceAccounts.enable, iam.serviceAccounts.get, iam.serviceAccounts.getIamPolicy, iam.serviceAccounts.list, iam.serviceAccounts.setIamPolicy, iam.serviceAccounts.undelete, iam.serviceAccounts.update, resourcemanager.projects.get, resourcemanager.projects.getIamPolicy, resourcemanager.projects.setIamPolicy ``` 4. The following permissions are required if Britive is managing a set of folders. If there are no folders these permissions can be ignored. PermissionsPermissions ```Permissions resourcemanager.folders.get, resourcemanager.folders.getIamPolicy, resourcemanager.folders.list, resourcemanager.folders.setIamPolicy ``` 5. The following permissions are required to support BigQuery constraint management. These permissions can be ignored if you are not using this feature. PermissionsPermissions ```Permissions bigquery.datasets.get, bigquery.datasets.update, bigquery.tables.get, bigquery.tables.getIamPolicy, bigquery.tables.setIamPolicy ``` 6. The following permissions are required to support Apigee environment constraint management. These permissions can be ignored if you are not using this feature. PermissionsPermissions ```Permissions apigee.environments.get, apigee.environments.getIamPolicy, apigee.environments.setIamPolicy ``` 7. The following permissions are required to support scanning AI identities. These permissions can be ignored if you are not using this feature. ```Permissions aiplatform.locations.get, aiplatform.locations.list,aiplatform.reasoningEngines.get,aiplatform.reasoningEngines.list ``` 8. Click **ADD**. 6. Click **CREATE.** For more information about custom roles in GCP, see [Creating and managing custom roles](https://cloud.google.com/iam/docs/creating-custom-roles#iam-custom-roles-create-console).