Support access to Google Cloud
DoiT provides complete transparency when accessing your Google Cloud Billing account.
When you open a technical support request with DoiT International, we may occasionally need to access your Cloud Billing account to help you effectively. This document describes how to grant access and how access control works.
Key points
-
We only access your Cloud Billing account to provide technical support per our contractual obligations. We never access your Cloud Billing account for any other reason.
-
Support engineers do not have write access to your Cloud Billing account. The only exception is that we are able to raise Google Cloud support requests on your behalf.
Grant access
When creating a new service request with DoiT, you will be prompted to grant DoiT access to the relevant Google Cloud projects.
A typical access grant is implemented with a gcloud
command. The access is view-only, limited, and provides access only to the support engineers handling your request.
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="group:[email protected]" \
--role=roles/viewer --condition=None
For example, to add an IAM policy binding for the group assigned to the service request #1234
on a Google Cloud project example-project-id
, run:
gcloud projects add-iam-policy-binding example-project-id \
--member="group:[email protected]" \
--role=roles/viewer --condition=None
DoiT workspace customer ID
If you use GCP organization policy to restrict identities by domain, make sure to whitelist cre.doit-intl.com
using the DoiT Google Workspace customer ID C04eumws5
.
Revoke access
Support access is automatically revoked for security reasons when the support request is resolved. The next time you create a support request, you will need to grant our support engineers access again.