IAM Access Control

[xuechen zhang]

Hi everyone,

I have been using GCP and Dialogflow ES to build a chatbot for our work and I have run into some access issues. I hope you can help me with this.

Here is the issue:

I am the admin of my own project and I would like to add one more person to work on this Dialogflow agent as a developer (be able to update the agent, use inline editor and cloud function, and integrate Dialogflow messenger/hangout, etc). However, I don't want to give him the full "Editor" access to my GCP project. So I was wondering what necessary IAM roles/permissions I should grant him so that he can fully use Dialogflow without being an "Editor"?

I have tried a few scenarios:

1. Viewer:   He is able to see the inline editor but not able to change the agent.

2. Viewer + Dialogflow Console Agent Editor:  he can change the agent but is not able to see the inline editor anymore.

3. Dialogflow API Admin + Dialogflow Console Agent Editor + Dialogflow Console Simulator User + Dialogflow Console Smart Messaging Allowlist Editor + Dialogflow Conversation Manager + Dialogflow Integration Manager : he can change the agent but is not able to see the inline editor anymore.

Thanks!

[Mohammad I (Cloud Platform Support)]

Hello,

The issue is known to Cloud Dialogflow Engineering team that there are no corresponding Cloud Dialogflow Developer roles available through Cloud Console’s IAM role.

Please note that the Cloud Dialogflow Console Role “Developer” corresponds to the Project “Editor” role as outlined in this document.

At this moment there is a Feature Request with Cloud Dialogflow Engineering team so that Dialogflow Console roles should ideally not map to GCP IAM high level roles Owner, Editor, Viewer and instead stick to using Dialogflow specific roles only. This is to make sure not giving high level access to Google Cloud Projects every time an agent is shared.