I am creating a website for a customer using firebase.
I want the customer to enter his / her credit card details and manage payments associated with that project.
How do I give access to the customer?
There is a project billing manager profile that associates billing to a project. But that seems to be different than my current use case.
Is my use case even possible? Or should I ask the customer to create a new gcp account altogether and give me permission to deploy the project in it?
What is the recommended way of setting up billing in a safe manner
If the customer going to manage the payments, in this case the recommended way is,
Creating a new GCP account for the customer, if the customer don't have an account.
Create a Google payments profile, if the customer don't have any.
Create a new billing account and choose the respective payment profile or you get a provision to create a payment profile while creating the billing account, which by
default comes with Billing Account Administrator role.
Finally, link the project to the billing account.
As the billing administrator(customer), he can add other members to the billing resource with roles such as Billing Account User, Billing account viewer, etc .. depends on the requirement.
For example, the member who got assigned as Billing Account User, can link the projects to the billing account managed by the customer, but won't able to update the billing account.
By doing above, the billing part will be restricted from others.
Additional Info:
Even the customer owns the billing account, it doesn't mean he can access all the projects linked to his billing account. He can access only the projects that he created and got the respective project access.
In other end, the user won't be able to update the billing account of the customer and also the user won't be able to see other projects attached to the customer billing account, apart from the projects he manages.
Related
I've set up a firebase project not to long ago and linked it with a Google Cloud organization. I'm now trying to get the receipts for the monthly charges and I can't figure the hell out where to find them.
The Firebase Console lets me know that I'm not an "Billing Admin" for the associated project... but I also can't figure out who is
As per the image's suggestion, I went into the GCP console to find the billing account.
There seems to be one called "Firebase Payment" (after all I'm paying) but whenever I try to access/modify the account I'm presented with a message saying that I have no access. I tried with all users in my organization and not a single one has access.
Has anyone ever run into this problem before?
It seems that when you create a Firebase project (with Blaze plan) and link it to an GCP org later you'll get the Firebase Payment billing account which can't be modified. To solve that problem for good, do the following
Open the GCP dashboard and create a new billing account
Once thats done, search for Billing Accounts and switch to the My Projects tab
Click Change billing and assign the newly creataed Billing Account
Errors regarding "permissions" have to do with the role we have assigned in that particular project. If you have a role assigned in a particular protect, the access does not migrate to another project. Each project has its own set of rules and they are controlled by the owner of the project. Here is a list of the billing roles and what each role does:
Billing account Administrator - The Billing Account Administrator role grants the IT department the permissions to associate projects with billing accounts, turn off billing for the projects, and view the credit card information for the accounts that they resell to their customers.
It does not give them permissions to view the contents of the projects.
Billing Account User - The Billing Account User role gives the service account the permissions to enable billing (associate projects with the organization's billing account for all projects in the organization) and thereby permit the service account to enable APIs that require billing to be enabled.
Billing Account Viewer - The Billing Account Viewer role allows the developers to view the expenses for a billing account.
Here is a google document that provides a more detailed explanation about the different roles for billing.
The owner of the project needs to provide you with the correct role in IAM in order for you to have access to the information you are requesting.
You can also access a billing report using the following, but make sure you have the access billing.accounts.getSpendingInformationif you want such feature
We have a service account creating meetings from our node.js backend. Each meeting has a Google Meet link generated. Attendees are NOT associated with our gsuite account.
However, each attendee is required to “ask to join” the meeting when they click on the Google Meet link.
With the service account, when the meeting has been created the creator and organizer are both automatically set to the service account user despite the parameters that passed in the “insert” function.
We need to generate meetings and assign the role of the organizer to one of the attendees to give one of the attendees the privilege to start the meeting and let the other attendees in. How can we do this?
Two things:
If you user a service account - the only type of delegation that is possible is domain-wide delegation. In other words, the service account is not able to impersonate a user who does not belong to the same domain.
If you do not user a service account with impersonation - the creator / organizer of an event is the person who runs the code to create the event. Those properties are readonly and cannot be modified - see here.
Now, as for letting external users join a Google Meet without approval - have a read at the information provided by Google:
Who needs to request to join a video meeting?
People who aren’t added to the Calendar event.
Web users only - People who don't have a Google Account. This is applicable for meetings created by G Suite users. For any meetings created by non G Suite users, you will need a Google account to request joining the meeting.
G Suite users only: People outside your organization who use G Suite for Education. Anyone in the meeting can grant access. Someone from your organization in the video meeting can also grant access.
Provided that the guests confirmed their participation in the event, I recommend you to contact GSuite support to troubleshoot why your invitees are not able to join the meeting without approval.
WORKAROUND
Consider creating an account in your GSuite domain for the users whom you would like to allow to join wihtout aproval.
How do i link the billing account to my project on google cloud?
I have enabled the billing but unable to open the JS file and getting some errors like "You must enable the billing on google clouds projects".
Please help me out in fixing this error!!
Thanks!!
Go to the Google Cloud Platform Console.
Click the "hamburger" menu item top left.
Select Manage billing accounts.
You will see a list of billing accounts and the number of projects assigned.
The My projects tab will show you a list of your projects and the associated billing account.
To assign a billing account to a project:
Go to IAM & admin.
Select Manage resources.
To the RIGHT of each project is an ellipsis menu (three vertical dots). Click and select billing.
If you just enabled your billing account, wait. The approval is not instant. If it has been an hour or so, go to your billing account and look for errors regarding your payment being declined, invalid credit card etc.
Just creating a billing account does not enable a project. You must assign a billing account to a project. The menus above provide these features.
I created a videolab with a collection of videos on Google Cloud Billing. The following link is a video to show you how to create and attach a billing account. There are many more videos in this collection.
Create and attach a billing account
Updated gcloud command - Alpha has now become beta
gcloud beta billing projects link Project-ID --billing-account=xxxxxx-yyyyyy-xxxxxx
To update the projects billing account info programmatically one could use google-cloud's billing client library. Below is the sample using ruby client,
require "google/cloud/billing"
billing_account_name = ""
project_id = ""
billing_manager = Google::Cloud::Billing.cloud_billing_service
billing_manager.update_project_billing_info name: "projects/#{project_id}",
project_billing_info: {
billing_account_name: "billingAccounts/#{billing_account_name}",
billing_enabled: true,
project_id: project_id,
name: "projects/#{project_id}/billingInfo",
}
Refer https://github.com/googleapis/google-cloud-ruby/tree/master/google-cloud-billing for more info on enabling auth and running the script.
Elaborating on #suraj-psu's answer, and using a tip found at https://unix.stackexchange.com/questions/84922/extract-a-part-of-one-line-from-a-file-with-sed, the following should work only under the right circumstances.
You can borrow the information from another project that you know for sure it has an enabled billing account.
gcloud beta billing projects describe KNOWN_BILLING_ENABLED_PROJECT
You copy/paste the result, but you could also save it in a variable as follows,
BILLING_ACCOUNT=$(gcloud beta billing projects describe KNOWN_BILLING_ENABLED_PROJECT | awk '/billingAccountName: /{print $NF}')
And then,
gcloud beta billing projects link YOUR_NEW_PROJECT --billing-account=$BILLING_ACCOUNT
firebase.com security API only users that paid for subscription
So lets say a user is logged in, but didn't pay for subscription to get data. So how to protect the data, so only users that paid subscription can see contents of some specific tables?
So let's say a user is logged in, but he didn't paid subscription to see content of tables:
protectedtable
so he cant access that
After he made purchase with paypal, then he can see that protectedtable
So every user that pay can access that table.
Are there any tutorials or how this can be done with firebase.com?
I'm recreating my test environment. I created new business and buyer accounts. I setup the business account as best as I remember including the IPN info.
I attempt to make a purchase using ExpressCheckOut and I get back an error message:
You are not signed up to accept payment for digitally delivered goods.
We are selling a subscription so we are in fact performing a digital delivery. Seems like I remember having to get a PayPal CS person to enable this feature on our live account. Is there something special I need to do in the sandbox?
I opened a new PayPal account to replace my developer account. It doesn't seem like a good idea to use the company live account. Is this unexpected?
The setting needs to be enabled via PayPal agents. Go ahead and send me an email via my profile details including your test account email address and I will enable this for you.