To get the permissions that you need to fully access Unified Maintenance in GKE Fleet, ask your administrator to grant you the following IAM roles on your project:
- Maintenance API Viewer
(
roles/maintenance.viewer) - Monitoring AlertPolicy Editor
(
roles/monitoring.alertPolicyEditor) - Logs Configuration Writer
(
roles/logging.configWriter) - Monitoring NotificationChannel Viewer
(
roles/monitoring.notificationChannelViewer) - Logs Viewer
(
roles/logging.viewer) - Monitoring AlertPolicy Editor
(
roles/monitoring.alertPolicyEditor) - Monitoring AlertPolicy Editor
(
roles/monitoring.alertPolicyEditor)
For more information about granting roles, see Manage access to projects, folders, and organizations .
These predefined roles contain the permissions required to fully access Unified Maintenance in GKE Fleet. To see the exact permissions that are required, expand the Required permissionssection:
Required permissions
The following permissions are required to fully access Unified Maintenance in GKE Fleet:
- To view upcoming, ongoing and completed maintenance on resources:
Maintenance API Viewer (
roles/maintenance.viewer) - To view logs:
Logs Viewer (
roles/logging.viewer) - To view alerting policies:
Monitoring AlertPolicy Viewer (
roles/monitoring.alertPolicyViewer) - To create alerting policies:
- Logs Configuration Writer (
roles/logging.configWriter) - Monitoring AlertPolicy Editor (
roles/monitoring.alertPolicyEditor)
- Logs Configuration Writer (
- To edit alerting policies:
Monitoring AlertPolicy Editor (
roles/monitoring.alertPolicyEditor) - To create an alerting policy with a notification:
Monitoring NotificationChannel Viewer (
roles/monitoring.notificationChannelViewer) *
You might also be able to get these permissions with custom roles or other predefined roles .
