# Setting up permissions in GCP

To use Policy Management in a GCP account, additional permissions are required within the GCP Account.\
\
Please follow these steps:\
\
1\. Download the Terraform code for creating a service account key file from the link below: 

{% file src="/files/rjCcmaZuYB4acH5O1aL8" %}

2\. Access the Cloud Shell of the account you want to register using the link below. Make sure to log in with an account that has Owner permissions.\
\
[Access Cloud Shell](https://console.cloud.google.com/cloudshelleditor?referrer=search\&hl=en\&inv=1\&invt=Abk8Aw\&project=opsnow-gcp-dev-pjt\&cloudshell=true)

3. Select \[Upload] from the menu in the upper right corner.

<figure><img src="/files/Pi23CmWPT6pbxGDSpH3W" alt=""><figcaption></figcaption></figure>

4. Click **\[Choose file]** and select the Terraform file you downloaded in Step 1.

<figure><img src="/files/LsnpxfbuMw7FdSKMtMWO" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/5XfGq0jcb9XTBu8n1Kk0" alt=""><figcaption></figcaption></figure>

5. Click the **\[Upload]** button.

<figure><img src="/files/dGxorkaG00mgFZypaLKe" alt=""><figcaption></figcaption></figure>

6. A file upload notification will appear in the bottom right corner.

<figure><img src="/files/6YS9IYKGsLdzX32TuVH5" alt=""><figcaption></figcaption></figure>

7. Run the following command in Cloud Shell to create the necessary resources and generate a service account key file.

```
terraform init
terraform apply -var="service_account_email=<SERVICE_ACCOUNT_EMAIL>"
```

{% hint style="info" %}
The service account email must match the email associated with the service account linked to OpsNow.
{% endhint %}

{% hint style="info" %}
'SERVICE\_ACCOUNT\_EMAIL' can be found by navigating to "IAM & Admin" > "IAM" in the left menu, then selecting the project. The email address of the corresponding service account will be visible there.

<img src="/files/yrfRmvblKUWzqcNnuJaX" alt="" data-size="original">
{% endhint %}

8. When you run the `terraform apply` command, click the **\[Authorize]** button in the Cloud Shell authorization pop-up message.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsnow.io/opsnow-user-guide-v0.2/menu/policy-management/settings/setting-up-permissions-in-gcp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.