Hello, I have a question regarding a permission setup that would allow users to save queries. I came across this documentation: [https://cloud.google.com/logging/docs/view/building-queries#before_you_begin](https://cloud.google.com/logging/docs/view/building-queries#before_you_begin.
After applying the permissions as outlined in the document, I noticed that the functionality was still not enabled for users. I concluded that it might be due to a condition that only allows access to specific buckets, and indeed, that seems to be the case. When I remove the condition, the permission works, and the user can save their query.
The condition currently configured is as follows: resource.name == "projects/[project]/locations/global/buckets/[bucket_name]/views/_AllLogs"
The permissions applied are:
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.get
logging.locations.list
logging.logEntries.download
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.privateLogEntries.list
logging.queries.deleteShared
logging.queries.getShared
logging.queries.listShared
logging.queries.share
logging.queries.updateShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.access
logging.views.get
logging.views.list
observability.scopes.get
resourcemanager.projects.get
Does anyone have any ideas on how to make this work correctly with the condition enabled?