1. Use the Compute Storage Admin role as the base for a custom role. 2. Exclude unnecessary permissions from the custom role. 3. Grant the custom role to the user at the project level.

Grant the Compute Storage Admin role at the project level.

1. Add the required compute.disks.list and compute.images.list permissions in a custom role. 2. Grant the custom role to the user at the project level.

1. Use the Compute Image User role as the base for a custom role and add the compute.disks.list to the includedPermissions field. 2. Grant the custom role to the user at the project level.