Google Distributed Cloud roles and permissions

This page lists the IAM roles and permissions for Google Distributed Cloud. To search through all roles and permissions, see the role and permission index .

Google Distributed Cloud roles

Role

Permissions

GKE on-prem Admin

( roles/ gkeonprem.admin )

Full access to GKE on-prem all resources.

gkeonprem.*

gkeonprem. bareMetalAdminClusters. connect
gkeonprem. bareMetalAdminClusters. create
gkeonprem. bareMetalAdminClusters. createTagBinding
gkeonprem. bareMetalAdminClusters. deleteTagBinding
gkeonprem. bareMetalAdminClusters. enroll
gkeonprem. bareMetalAdminClusters. get
gkeonprem. bareMetalAdminClusters. getIamPolicy
gkeonprem. bareMetalAdminClusters. list
gkeonprem. bareMetalAdminClusters. listEffectiveTags
gkeonprem. bareMetalAdminClusters. listTagBindings
gkeonprem. bareMetalAdminClusters. queryVersionConfig
gkeonprem. bareMetalAdminClusters. setIamPolicy
gkeonprem. bareMetalAdminClusters. unenroll
gkeonprem. bareMetalAdminClusters. update
gkeonprem. bareMetalClusters. create
gkeonprem. bareMetalClusters. createTagBinding
gkeonprem. bareMetalClusters. delete
gkeonprem. bareMetalClusters. deleteTagBinding
gkeonprem. bareMetalClusters. enroll
gkeonprem. bareMetalClusters. get
gkeonprem. bareMetalClusters. getIamPolicy
gkeonprem. bareMetalClusters. list
gkeonprem. bareMetalClusters. listEffectiveTags
gkeonprem. bareMetalClusters. listTagBindings
gkeonprem. bareMetalClusters. queryVersionConfig
gkeonprem. bareMetalClusters. setIamPolicy
gkeonprem. bareMetalClusters. unenroll
gkeonprem. bareMetalClusters. update
gkeonprem. bareMetalNodePools. create
gkeonprem. bareMetalNodePools. delete
gkeonprem. bareMetalNodePools. enroll
gkeonprem. bareMetalNodePools. get
gkeonprem. bareMetalNodePools. getIamPolicy
gkeonprem. bareMetalNodePools. list
gkeonprem. bareMetalNodePools. setIamPolicy
gkeonprem. bareMetalNodePools. unenroll
gkeonprem. bareMetalNodePools. update
gkeonprem.locations.get
gkeonprem.locations.list
gkeonprem.operations.cancel
gkeonprem.operations.delete
gkeonprem.operations.get
gkeonprem.operations.list
gkeonprem. vmwareAdminClusters. connect
gkeonprem. vmwareAdminClusters. createTagBinding
gkeonprem. vmwareAdminClusters. deleteTagBinding
gkeonprem. vmwareAdminClusters. enroll
gkeonprem. vmwareAdminClusters. get
gkeonprem. vmwareAdminClusters. getIamPolicy
gkeonprem. vmwareAdminClusters. list
gkeonprem. vmwareAdminClusters. listEffectiveTags
gkeonprem. vmwareAdminClusters. listTagBindings
gkeonprem. vmwareAdminClusters. setIamPolicy
gkeonprem. vmwareAdminClusters. unenroll
gkeonprem. vmwareAdminClusters. update
gkeonprem. vmwareClusters. create
gkeonprem. vmwareClusters. createTagBinding
gkeonprem. vmwareClusters. delete
gkeonprem. vmwareClusters. deleteTagBinding
gkeonprem. vmwareClusters. enroll
gkeonprem.vmwareClusters.get
gkeonprem. vmwareClusters. getIamPolicy
gkeonprem.vmwareClusters.list
gkeonprem. vmwareClusters. listEffectiveTags
gkeonprem. vmwareClusters. listTagBindings
gkeonprem. vmwareClusters. queryVersionConfig
gkeonprem. vmwareClusters. setIamPolicy
gkeonprem. vmwareClusters. unenroll
gkeonprem. vmwareClusters. update
gkeonprem. vmwareNodePools. create
gkeonprem. vmwareNodePools. delete
gkeonprem. vmwareNodePools. enroll
gkeonprem.vmwareNodePools.get
gkeonprem. vmwareNodePools. getIamPolicy
gkeonprem.vmwareNodePools.list
gkeonprem. vmwareNodePools. setIamPolicy
gkeonprem. vmwareNodePools. unenroll
gkeonprem. vmwareNodePools. update

resourcemanager.projects.get

resourcemanager.projects.list

GKE on-prem Viewer

( roles/ gkeonprem.viewer )

Read-only access to GKE on-prem all resources.

gkeonprem. bareMetalAdminClusters. connect

gkeonprem. bareMetalAdminClusters. get

gkeonprem. bareMetalAdminClusters. getIamPolicy

gkeonprem. bareMetalAdminClusters. list

gkeonprem. bareMetalAdminClusters. listEffectiveTags

gkeonprem. bareMetalAdminClusters. listTagBindings

gkeonprem. bareMetalAdminClusters. queryVersionConfig

gkeonprem. bareMetalClusters. get

gkeonprem. bareMetalClusters. getIamPolicy

gkeonprem. bareMetalClusters. list

gkeonprem. bareMetalClusters. listEffectiveTags

gkeonprem. bareMetalClusters. listTagBindings

gkeonprem. bareMetalClusters. queryVersionConfig

gkeonprem. bareMetalNodePools. get

gkeonprem. bareMetalNodePools. getIamPolicy

gkeonprem. bareMetalNodePools. list

gkeonprem.locations.*

gkeonprem.locations.get
gkeonprem.locations.list

gkeonprem.operations.get

gkeonprem.operations.list

gkeonprem. vmwareAdminClusters. connect

gkeonprem. vmwareAdminClusters. get

gkeonprem. vmwareAdminClusters. getIamPolicy

gkeonprem. vmwareAdminClusters. list

gkeonprem. vmwareAdminClusters. listEffectiveTags

gkeonprem. vmwareAdminClusters. listTagBindings

gkeonprem.vmwareClusters.get

gkeonprem. vmwareClusters. getIamPolicy

gkeonprem.vmwareClusters.list

gkeonprem. vmwareClusters. listEffectiveTags

gkeonprem. vmwareClusters. listTagBindings

gkeonprem. vmwareClusters. queryVersionConfig

gkeonprem.vmwareNodePools.get

gkeonprem. vmwareNodePools. getIamPolicy

gkeonprem.vmwareNodePools.list

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents .

Role Permissions

Role	Permissions
GKE On-Prem Service Agent ( `roles/ gkeonprem.serviceAgent` ) Gives the GKE On-Prem service agent access to Cloud Platform resources. Warning:Do not grant service agent roles to any principals except service agents .	`gkehub.memberships.delete` `gkehub.memberships.get` `gkehub.memberships.update` `gkeonprem. bareMetalAdminClusters. connect` `gkeonprem. bareMetalAdminClusters. enroll` `gkeonprem. bareMetalAdminClusters. get` `gkeonprem. bareMetalAdminClusters. unenroll` `gkeonprem. bareMetalClusters. enroll` `gkeonprem. bareMetalClusters. get` `gkeonprem. bareMetalClusters. unenroll` `gkeonprem. bareMetalNodePools. enroll` `gkeonprem. bareMetalNodePools. get` `gkeonprem. bareMetalNodePools. unenroll` `gkeonprem.operations.get` `gkeonprem.operations.list` `gkeonprem. vmwareAdminClusters. connect` `gkeonprem. vmwareAdminClusters. enroll` `gkeonprem. vmwareAdminClusters. get` `gkeonprem. vmwareAdminClusters. unenroll` `gkeonprem. vmwareClusters. enroll` `gkeonprem.vmwareClusters.get` `gkeonprem. vmwareClusters. unenroll` `gkeonprem. vmwareNodePools. enroll` `gkeonprem.vmwareNodePools.get` `gkeonprem. vmwareNodePools. unenroll`

GKE On-Prem Service Agent

( roles/ gkeonprem.serviceAgent )

Gives the GKE On-Prem service agent access to Cloud Platform resources.

gkehub.memberships.delete

gkehub.memberships.get

gkehub.memberships.update

gkeonprem. bareMetalAdminClusters. connect

gkeonprem. bareMetalAdminClusters. enroll

gkeonprem. bareMetalAdminClusters. get

gkeonprem. bareMetalAdminClusters. unenroll

gkeonprem. bareMetalClusters. enroll

gkeonprem. bareMetalClusters. get

gkeonprem. bareMetalClusters. unenroll

gkeonprem. bareMetalNodePools. enroll

gkeonprem. bareMetalNodePools. get

gkeonprem. bareMetalNodePools. unenroll

gkeonprem.operations.get

gkeonprem.operations.list

gkeonprem. vmwareAdminClusters. connect

gkeonprem. vmwareAdminClusters. enroll

gkeonprem. vmwareAdminClusters. get

gkeonprem. vmwareAdminClusters. unenroll

gkeonprem. vmwareClusters. enroll

gkeonprem.vmwareClusters.get

gkeonprem. vmwareClusters. unenroll

gkeonprem. vmwareNodePools. enroll

gkeonprem.vmwareNodePools.get

gkeonprem. vmwareNodePools. unenroll

Google Distributed Cloud permissions

Permission

Included in roles

`gkeonprem. bareMetalAdminClusters. connect`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalAdminClusters. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalAdminClusters. createTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. bareMetalAdminClusters. deleteTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. bareMetalAdminClusters. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalAdminClusters. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalAdminClusters. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalAdminClusters. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalAdminClusters. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalAdminClusters. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalAdminClusters. queryVersionConfig`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalAdminClusters. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. bareMetalAdminClusters. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalAdminClusters. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalClusters. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalClusters. createTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. bareMetalClusters. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalClusters. deleteTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. bareMetalClusters. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalClusters. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalClusters. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalClusters. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalClusters. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalClusters. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalClusters. queryVersionConfig`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalClusters. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. bareMetalClusters. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalClusters. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalNodePools. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalNodePools. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. bareMetalNodePools. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalNodePools. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalNodePools. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalNodePools. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. bareMetalNodePools. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. bareMetalNodePools. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. bareMetalNodePools. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

`gkeonprem.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem.operations.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareAdminClusters. connect`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareAdminClusters. createTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. vmwareAdminClusters. deleteTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. vmwareAdminClusters. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareAdminClusters. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareAdminClusters. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareAdminClusters. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareAdminClusters. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareAdminClusters. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareAdminClusters. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. vmwareAdminClusters. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareAdminClusters. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareClusters. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareClusters. createTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. vmwareClusters. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareClusters. deleteTagBinding`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

`gkeonprem. vmwareClusters. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem.vmwareClusters.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE Hub Service Agent ( roles/ gkehub.serviceAgent )
GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareClusters. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem.vmwareClusters.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareClusters. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareClusters. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareClusters. queryVersionConfig`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareClusters. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. vmwareClusters. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareClusters. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareNodePools. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareNodePools. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

`gkeonprem. vmwareNodePools. enroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem.vmwareNodePools.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Support User ( roles/ iam.supportUser )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareNodePools. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem.vmwareNodePools.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

GKE on-prem Admin ( roles/ gkeonprem.admin )

GKE on-prem Viewer ( roles/ gkeonprem.viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

`gkeonprem. vmwareNodePools. setIamPolicy`

Owner ( roles/ owner )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Security Admin ( roles/ iam.securityAdmin )

`gkeonprem. vmwareNodePools. unenroll`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Service agent roles

GKE On-Prem Service Agent ( roles/ gkeonprem.serviceAgent )

`gkeonprem. vmwareNodePools. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

GKE on-prem Admin ( roles/ gkeonprem.admin )

Google Distributed Cloud roles and permissions Stay organized with collections Save and categorize content based on your preferences.