Managed Services for Google Cloud Platform
Product Guide

Access and Permissions

Controlling access and permissions to the Rackspace and GCP control planes (APIs and UIs) along with the resources you deploy at GCP are a critical part of the overall security of your environment.

Rackspace Account Permissions

You can grant other members of your company access to Billing and Payments and Support Ticketing by clicking the Account dropdown in the top right corner of the Managed Services for Google Cloud Platform Control Panel and selecting User Management. From there, you can add and manage existing users, selecting which parts of the Rackspace Control Panel they should have access to.

GCP Project Permissions

GCP project permissions are managed via Google Cloud Identity and Access Management. If you have questions regarding the permissions you should grant users in your company, contact a member of your support team.

Rackspace will add a service account with the Project Owner role to each of your GCP projects that we manage: automation@rackspace-mgcp.iam.gserviceaccount.com. Additionally, we will grant resource-observer@rackspace-mgcp.iam.gserviceaccount.com the Viewer role on all Aviator projects. Do not remove these accounts or alter their permissions in any way without first consulting with your support team. We will also temporarily add accounts from the gcp.rackspace.com domain as Rackers and automation need access to your projects, so do not remove those accounts or alter their permissions.

Google Organization Permissions

Rackspace will also add our automation@rackspace-mgcp.iam.gserviceaccount.com service account with the Project Creator role on your Google organization, allowing both you and us to create additional projects for new applications, as needed.