permission IAM accidentally removed - google-app-engine

I removed my permission from my project in google app engine, now I can not access more functionality of my project, which is still online, but I can not access any more, everything I click returns that I am not allowed

Just tried changing Roles in my GAE project, since I am the only sole owner.
GAE doesn't allowed that to happen.
Please re-check, there must be another owner which you're not aware or you have given some-one Owner role and that is the reason it happened.
PS :Posting in answer to attach image.

Related

Cannot find my AAD app in the portal anymore

I've created an AAD application by using the below CMD let:
New-AzureADApplication -DisplayName "My Name" -PublicClient $False -IdentifierUris "https://mytestapp.com"
The command completes with no errors and if I then query list of applications by executing
Get-AzureADApplication
I can see my application but if I go to https://portal.azure.com I am not seeing my app there. I remember for sure I did this multiple times in past and had no problem with it, has anything changed in the portal recently? I also noticed that all my apps in all my directories are not visible if I use a portal - it just shows that I don't have any apps but I can successfully use them to acquire tokens and can see them through PowerShell.
You should make sure you are signed into the right tenant. Use the tenant picker in the top right corner of the Azure Portal:
The fact that all your apps are missing makes me feel like you might simply be looking in the wrong place :)
Firstly, you should ensure you select right Tenant on Portal.
Also, when you select, you should choose All Apps not My Apps, you should see the app.

How do I specify DomainOverrideStrategy.OVERRIDE on a gcloud beta app domain-mappings request?

I am using a Custom Domain for a Google Application project. I have multiple projects and I use the same domain for each, although only one mapping is active at any time. Historically this has been as simple as Verifying the domain on the latest project and then Adding the domain. The domain has then automatically switched to the new project.
I have not used this approach for some months and when I tried it recently I got the messages
www.xxxxx.com is already mapped to a project.
xxxxx.com is already mapped to a project.
Research on StackOverflow suggests the use of the following command
gcloud beta app domain-mappings create xxxxx.com
This does look the right thing to do, unfortunately the response to the command is:
ERROR: (gcloud.beta.app.domain-mappings.create) App [aaaaaa] is the subject of a conflict: Domain 'xxxxx.com' is already mapped to another application. You must delete the existing domain mapping before you can re-map the domain, or you may specify 'DomainOverrideStrategy.OVERRIDE' on the request to force overwrite the existing mapping. Domain 'xxxxx.com' is currently mapped to an application on which you do not have permissions.
I do not want to use the delete approach since there will be a gap in service before the re-map. I would like to use the OVERRIDE option but I cannot work out how to add it to the gcloud command and I cannot locate any documentation.
Update 6Nov17.
In the absence of an answer I have used the delete approach and it worked as expected. The re-map was possible immediately after the mapping was deleted for the current app. Unfortunately for some users access to the web page was not possible, or error messages were returned, for a while. After about 10-15 minutes normal service was resumed. For my web site a gap of 10-15 minutes is manageable. This will not be true for many sites and I anticipate that Google Cloud will tidy up this procedure before it exits Beta.
If for some reason it is not possible to access the current app to delete the mapping then I guess deleting the app's subdomain information at the domain registrar will have the same effect, although it may be difficult to predict when the delete of the associated mapping will happen.
On the plus site the new automatic SSL provision worked flawlessly.

Rights to using App Engine section in Google Cloud Console

In the Permission sections I gave access to my brother's e-mail account, but no matter what kind of right is it (View, Edit, Admin), he can't see the App Engine section, which is visible only when logging with the email, I created App Engine project with.
Is there really no way to give my brother rights at least to view logs?
It seems there is a bug here. Adding privileges from new Cloud Console doesn't work, but when I did that from the old one, Invitation was sent, and now everything works like expected.
Adding edit permission from the new console, allows the user to deploy the app, but doesn't grant him rights to view App Engine section in the console, which sounds like a bug to me.

AppEngine Application is missing

I just created my apps account, and created my app engine application, yesterday. I used Eclipse to upload my app and everything was wonderful yesterday. Today... the application is missing. I log into my appengine account and my app is no longer listed; I only see the "create application" button. I tried creating the app again, with the same ID, but I get the "invalid" message. Despite all this, I'm able to bring up my site via the main-domain.appspot.com. Please help. Why can't I see my app in the appengine console?
The most likely cause is that you're logged into a different account. This can happen sometimes if there was confusion about mutli-login. Try these steps to find your application:
Open a fresh incognito or private browsing window
Go to http://appspot.com and log into one Google account
See if your application is listed. If not, close your private browsing window to clear the session, and try it again for one of your other accounts.
Once you've found your application, it may be owned by the wrong account. You can fix this by moving ownership to your preferred account.
Navigate to the dashboard for your application.
On the left side menu click 'Permissions' under 'Administration'.
Add your preferred account as an owner.
Log into your preferred account and check your email. You will need to accept an invitation to take ownership of the application.
Reload the permissions page on the application dashboard. You should see both accounts listed as owners.
Remove any unwanted accounts from the owners list. (Remember, you need at least one owner!)

AppEngine Deployment Role with no access to data

Is there a role in Google appengine which only has rights to deploy the application but does not have access to data. As I understand all the roles viewer,developer and owner have access to data.
The use case is that because of security concerns many users will not want to share their data but the developers will want to give newer deployments.
Is there a way to solve this problem
I don't think it can be done with GAE admin roles. The least privileged role: viewer has the right to view the data (but not to modify it). Also don't forget that if you have a right to upload code you can upload code that will give you access to the data.
No, there is no such role. If you want to do this, you will need to give the code to your users to deploy themselves.
Note that even this doesn't solve the problem as you describe it, because the developer could trivially code in a backdoor that lets them examine the users' data. Ultimately, there is no way around this unless you're prepared to provide your source code: your users must trust you in order to use your app.

Resources