This section discusses the usage of Command Line Tool for role creation.

To create roles using the gcloud command-line tool:

• Download the role definition YAML files.

• Run the following commands for each of the project.

If there is only one project where you have to create all the network, storage, and Service Engine objects, then create all the roles in the same project.

$ gcloud iam roles create avi.se --project se-project --file service_engine_project_role.yaml
Created role [avi.se].
description: Access to resources required for operations on Service Engines and Virtual
  Services
etag: B********k=
includedPermissions:
- compute.addresses.create
- compute.addresses.delete
- compute.addresses.get
- compute.addresses.list
- compute.addresses.use
- compute.disks.create
- compute.forwardingRules.create
- compute.forwardingRules.delete
- compute.forwardingRules.list
- compute.globalOperations.get
- compute.images.create
- compute.images.delete
- compute.images.list
- compute.images.useReadOnly
- compute.instances.create
- compute.instances.delete
- compute.instances.get
- compute.instances.list
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setTags
- compute.instances.use
- compute.instances.updateNetworkInterface
- compute.regionOperations.get
- compute.regions.get
- compute.regions.list
- compute.targetPools.addInstance
- compute.targetPools.create
- compute.targetPools.delete
- compute.targetPools.get
- compute.targetPools.list
- compute.targetPools.removeInstance
- compute.targetPools.use
- compute.zoneOperations.get
- compute.zones.list
name: projects/se-project/roles/avi.se
stage: ALPHA
title: AVI Service Engine Project Role

$ gcloud iam roles create avi.network --project network-project --file network_project_role.yaml

Note: permissions [compute.subnetworks.get, compute.subnetworks.list]
are in 'TESTING' stage which means the functionality is not mature and
 they can go away in the future. This can break your workflows, so do
not use them in production systems!

Are you sure you want to make this change? (Y/n)?  y

Created role [avi.network].
description: Access to resources required for operations in Network Project
etag: B*******k4=
includedPermissions:
- compute.networks.get
- compute.networks.list
- compute.networks.updatePolicy
- compute.regions.get
- compute.routes.create
- compute.routes.delete
- compute.routes.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.subnetworks.use
name: projects/network-project/roles/avi.network
stage: ALPHA
title: AVI Network Project Role

$ gcloud iam roles create avi.storage --project storage-project --file storage_project_role.yaml

Created role avi.storage.
description: Access to resources required for operations on GCS Buckets and Objects
etag: B*******g=
includedPermissions:

storage.buckets.create
storage.buckets.delete
storage.objects.create
storage.objects.delete
storage.objects.list
name: projects/storage-project/roles/avi.storage
stage: ALPHA
title: AVI Storage Project Role