Confidential Computing roles and permissions

This page lists the IAM roles and permissions for Confidential Computing. To search through all roles and permissions, see the role and permission index .

Confidential Computing roles

Role
Permissions

( roles/ confidentialcomputing.admin )

Admin role for confidentialcomputing

confidentialcomputing.*

  • confidentialcomputing. challenges. create
  • confidentialcomputing. challenges. verify
  • confidentialcomputing. challenges. verifygke
  • confidentialcomputing. locations. get
  • confidentialcomputing. locations. list

resourcemanager.projects.get

resourcemanager.projects.list

( roles/ confidentialcomputing.viewer )

Viewer role for confidentialcomputing

confidentialcomputing. locations.*

  • confidentialcomputing. locations. get
  • confidentialcomputing. locations. list

resourcemanager.projects.get

resourcemanager.projects.list

( roles/ confidentialcomputing.gkeWorkloadUser )

Grants the ability to generate a GKE attestation token and run a workload in a GKE cluster.

confidentialcomputing. challenges. create

confidentialcomputing. challenges. verifygke

confidentialcomputing. locations.*

  • confidentialcomputing. locations. get
  • confidentialcomputing. locations. list

logging.logEntries.create

( roles/ confidentialcomputing.workloadUser )

Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.

confidentialcomputing. challenges. create

confidentialcomputing. challenges. verify

confidentialcomputing. locations.*

  • confidentialcomputing. locations. get
  • confidentialcomputing. locations. list

logging.logEntries.create

Confidential Computing permissions

Permission Included in roles

Owner ( roles/ owner )

Editor ( roles/ editor )

Confidentialcomputing Admin ( roles/ confidentialcomputing.admin )

Confidential GKE Workload User ( roles/ confidentialcomputing.gkeWorkloadUser )

Confidential Space Workload User ( roles/ confidentialcomputing.workloadUser )

Owner ( roles/ owner )

Editor ( roles/ editor )

Confidentialcomputing Admin ( roles/ confidentialcomputing.admin )

Confidential Space Workload User ( roles/ confidentialcomputing.workloadUser )

Owner ( roles/ owner )

Editor ( roles/ editor )

Confidentialcomputing Admin ( roles/ confidentialcomputing.admin )

Confidential GKE Workload User ( roles/ confidentialcomputing.gkeWorkloadUser )

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Confidentialcomputing Admin ( roles/ confidentialcomputing.admin )

Confidentialcomputing Viewer ( roles/ confidentialcomputing.viewer )

Confidential GKE Workload User ( roles/ confidentialcomputing.gkeWorkloadUser )

Confidential Space Workload User ( roles/ confidentialcomputing.workloadUser )

Support User ( roles/ iam.supportUser )

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Confidentialcomputing Admin ( roles/ confidentialcomputing.admin )

Confidentialcomputing Viewer ( roles/ confidentialcomputing.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Confidential GKE Workload User ( roles/ confidentialcomputing.gkeWorkloadUser )

Confidential Space Workload User ( roles/ confidentialcomputing.workloadUser )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Create a Mobile Website
View Site in Mobile | Classic
Share by: