Policy Trouble Shooter is used to identify whether the given user can have permission or not.
Open Cloud Console
Open Menu > IAM & Admin > Policy Troubleshooter
Give the mail ID which we want to give principal access.
Select which resource and permission you want to give.
Press Check API call button.
It will show whether we can assign the mail ID for the specific permission or not.