Console
    Contact Us Start free

    Access Context Manager roles and permissions

    This page lists the IAM roles and permissions for Access Context Manager. To search through all roles and permissions, see the role and permission index .

    Access Context Manager roles

    Role
    Permissions

    ( roles/ accesscontextmanager.gcpAccessAdmin )

    Create, edit, and change Cloud access bindings.

    accesscontextmanager. gcpUserAccessBindings.*

    • accesscontextmanager. gcpUserAccessBindings. create
    • accesscontextmanager. gcpUserAccessBindings. delete
    • accesscontextmanager. gcpUserAccessBindings. get
    • accesscontextmanager. gcpUserAccessBindings. list
    • accesscontextmanager. gcpUserAccessBindings. update

    ( roles/ accesscontextmanager.gcpAccessReader )

    Read access to Cloud access bindings.

    accesscontextmanager. gcpUserAccessBindings. get

    accesscontextmanager. gcpUserAccessBindings. list

    ( roles/ accesscontextmanager.policyAdmin )

    Full access to policies, access levels, access zones and authorized orgs descs.

    accesscontextmanager. accessLevels.*

    • accesscontextmanager. accessLevels. create
    • accesscontextmanager. accessLevels. delete
    • accesscontextmanager. accessLevels. get
    • accesscontextmanager. accessLevels. list
    • accesscontextmanager. accessLevels. replaceAll
    • accesscontextmanager. accessLevels. update

    accesscontextmanager. authorizedOrgsDescs.*

    • accesscontextmanager. authorizedOrgsDescs. create
    • accesscontextmanager. authorizedOrgsDescs. delete
    • accesscontextmanager. authorizedOrgsDescs. get
    • accesscontextmanager. authorizedOrgsDescs. list
    • accesscontextmanager. authorizedOrgsDescs. update

    accesscontextmanager. policies.*

    • accesscontextmanager. policies. create
    • accesscontextmanager. policies. delete
    • accesscontextmanager. policies. get
    • accesscontextmanager. policies. getIamPolicy
    • accesscontextmanager. policies. list
    • accesscontextmanager. policies. setIamPolicy
    • accesscontextmanager. policies. update

    accesscontextmanager. servicePerimeters.*

    • accesscontextmanager. servicePerimeters. commit
    • accesscontextmanager. servicePerimeters. create
    • accesscontextmanager. servicePerimeters. delete
    • accesscontextmanager. servicePerimeters. get
    • accesscontextmanager. servicePerimeters. list
    • accesscontextmanager. servicePerimeters. replaceAll
    • accesscontextmanager. servicePerimeters. update

    cloudasset. assets. searchAllResources

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ accesscontextmanager.policyEditor )

    Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.

    accesscontextmanager. accessLevels.*

    • accesscontextmanager. accessLevels. create
    • accesscontextmanager. accessLevels. delete
    • accesscontextmanager. accessLevels. get
    • accesscontextmanager. accessLevels. list
    • accesscontextmanager. accessLevels. replaceAll
    • accesscontextmanager. accessLevels. update

    accesscontextmanager. authorizedOrgsDescs.*

    • accesscontextmanager. authorizedOrgsDescs. create
    • accesscontextmanager. authorizedOrgsDescs. delete
    • accesscontextmanager. authorizedOrgsDescs. get
    • accesscontextmanager. authorizedOrgsDescs. list
    • accesscontextmanager. authorizedOrgsDescs. update

    accesscontextmanager. policies. create

    accesscontextmanager. policies. delete

    accesscontextmanager. policies. get

    accesscontextmanager. policies. getIamPolicy

    accesscontextmanager. policies. list

    accesscontextmanager. policies. update

    accesscontextmanager. servicePerimeters.*

    • accesscontextmanager. servicePerimeters. commit
    • accesscontextmanager. servicePerimeters. create
    • accesscontextmanager. servicePerimeters. delete
    • accesscontextmanager. servicePerimeters. get
    • accesscontextmanager. servicePerimeters. list
    • accesscontextmanager. servicePerimeters. replaceAll
    • accesscontextmanager. servicePerimeters. update

    cloudasset. assets. searchAllResources

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ accesscontextmanager.policyReader )

    Read access to policies, access levels, access zones and authorized orgs descs.

    accesscontextmanager. accessLevels. get

    accesscontextmanager. accessLevels. list

    accesscontextmanager. authorizedOrgsDescs. get

    accesscontextmanager. authorizedOrgsDescs. list

    accesscontextmanager. policies. get

    accesscontextmanager. policies. getIamPolicy

    accesscontextmanager. policies. list

    accesscontextmanager. servicePerimeters. get

    accesscontextmanager. servicePerimeters. list

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    accesscontextmanager. accessLevels. get

    accesscontextmanager. accessLevels. list

    accesscontextmanager. authorizedOrgsDescs. get

    accesscontextmanager. authorizedOrgsDescs. list

    accesscontextmanager. policies. get

    accesscontextmanager. policies. getIamPolicy

    accesscontextmanager. policies. list

    accesscontextmanager. servicePerimeters. get

    accesscontextmanager. servicePerimeters. list

    logging.exclusions.get

    logging.exclusions.list

    logging.logEntries.list

    logging.logMetrics.get

    logging.logMetrics.list

    logging.logServiceIndexes.list

    logging.logServices.list

    logging.logs.list

    logging.sinks.get

    logging.sinks.list

    logging.usage.get

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    Access Context Manager permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Access Binding Admin ( roles/ accesscontextmanager.gcpAccessAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Access Binding Admin ( roles/ accesscontextmanager.gcpAccessAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud Access Binding Admin ( roles/ accesscontextmanager.gcpAccessAdmin )

    Cloud Access Binding Reader ( roles/ accesscontextmanager.gcpAccessReader )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Cloud Access Binding Admin ( roles/ accesscontextmanager.gcpAccessAdmin )

    Cloud Access Binding Reader ( roles/ accesscontextmanager.gcpAccessReader )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Access Binding Admin ( roles/ accesscontextmanager.gcpAccessAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Organization Level Remediator ( roles/ securedlandingzone.bqdwOrgRemediator )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Access Context Manager Reader ( roles/ accesscontextmanager.policyReader )

    VPC Service Controls Troubleshooter Viewer ( roles/ accesscontextmanager.vpcScTroubleshooterViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    SLZ BQDW Blueprint Organization Level Remediator ( roles/ securedlandingzone.bqdwOrgRemediator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Access Context Manager Admin ( roles/ accesscontextmanager.policyAdmin )

    Access Context Manager Editor ( roles/ accesscontextmanager.policyEditor )

    SLZ BQDW Blueprint Organization Level Remediator ( roles/ securedlandingzone.bqdwOrgRemediator )

    Service agent roles

    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: