instance creation failed: Required 'compute.images.useReadOnly'

2.6k Views Asked by hod At 28 November 2021 at 08:35

I have created a dedicated GCP project with images I want to share with people from other organizations. I gave those people a custom role on the whole project with the following permissions:

compute.images.get
compute.images.getFromFamily
compute.images.list
compute.images.useReadOnly
resourcemanager.projects.get
serviceusage.services.get
serviceusage.services.list

But people have reported that they are getting the following error:

instance creation failed: Required 'compute.images.useReadOnly' permissions for <specific image>

I don't understand why they need that permission on the specific image when they have it on all the images of the project.

What am I missing?

Original Q&A

There are 2 best solutions below

hod On 28 November 2021 at 09:53

Found the issue, it appears the GCP console made the operation when acting as a service account and not as the user itself. That service account didn't have the attached role.

alucavi On 28 December 2022 at 02:13

To fix this issue, grant access for the service account wanting to use the custom image per the instructions here:

https://cloud.google.com/compute/docs/images/managing-access-custom-images

instance creation failed: Required 'compute.images.useReadOnly'

There are 2 best solutions below

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-COMPUTE-ENGINE

Related Questions in GCP-IAM

Trending Questions

Popular # Hahtags

Popular Questions