Container Threat Detection roles and permissions

This page lists the IAM roles and permissions for Container Threat Detection. To search through all roles and permissions, see the role and permission index .

Container Threat Detection roles

Role

Permissions

Container Threat Detection Service Agent

( roles/ containerthreatdetection.serviceAgent )

Gives Container Threat Detection service account access to enable/disable Container Threat Detection and manage the Container Threat Detection Agent on Google Kubernetes Engine clusters.

container.apiServices.get

container. apiServices. getStatus

container.apiServices.list

container.auditSinks.get

container.auditSinks.list

container.backendConfigs.get

container.backendConfigs.list

container.bindings.get

container.bindings.list

container. certificateSigningRequests. get

container. certificateSigningRequests. getStatus

container. certificateSigningRequests. list

container. clusterRoleBindings.*

container. clusterRoleBindings. create
container. clusterRoleBindings. delete
container. clusterRoleBindings. get
container. clusterRoleBindings. list
container. clusterRoleBindings. update

container.clusterRoles.*

container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container. clusterRoles. escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update

container.clusters.connect

container.clusters.get

container.clusters.list

container.componentStatuses.*

container. componentStatuses. get
container. componentStatuses. list

container.configMaps.get

container.configMaps.list

container. controllerRevisions. get

container. controllerRevisions. list

container.cronJobs.get

container.cronJobs.getStatus

container.cronJobs.list

container.csiDrivers.get

container.csiDrivers.list

container.csiNodeInfos.get

container.csiNodeInfos.list

container.csiNodes.get

container.csiNodes.list

container. customResourceDefinitions. create

container. customResourceDefinitions. delete

container. customResourceDefinitions. get

container. customResourceDefinitions. getStatus

container. customResourceDefinitions. list

container. customResourceDefinitions. update

container.daemonSets.*

container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container. daemonSets. updateStatus

container.deployments.get

container.deployments.getScale

container. deployments. getStatus

container.deployments.list

container.endpointSlices.get

container.endpointSlices.list

container.endpoints.get

container.endpoints.list

container.events.get

container.events.list

container.frontendConfigs.get

container.frontendConfigs.list

container. horizontalPodAutoscalers. get

container. horizontalPodAutoscalers. getStatus

container. horizontalPodAutoscalers. list

container.ingresses.get

container.ingresses.getStatus

container.ingresses.list

container. initializerConfigurations. get

container. initializerConfigurations. list

container.jobs.get

container.jobs.getStatus

container.jobs.list

container.leases.get

container.leases.list

container.limitRanges.get

container.limitRanges.list

container. managedCertificates. get

container. managedCertificates. list

container. mutatingWebhookConfigurations. get

container. mutatingWebhookConfigurations. list

container.namespaces.get

container.namespaces.getStatus

container.namespaces.list

container.networkPolicies.get

container.networkPolicies.list

container. networkPolicies. update

container.nodes.get

container.nodes.getStatus

container.nodes.list

container.operations.*

container.operations.get
container.operations.list

container. persistentVolumeClaims. get

container. persistentVolumeClaims. getStatus

container. persistentVolumeClaims. list

container. persistentVolumes. get

container. persistentVolumes. getStatus

container. persistentVolumes. list

container.petSets.get

container.petSets.list

container. podDisruptionBudgets. get

container. podDisruptionBudgets. getStatus

container. podDisruptionBudgets. list

container.podPresets.get

container.podPresets.list

container. podSecurityPolicies. get

container. podSecurityPolicies. list

container.podTemplates.get

container.podTemplates.list

container.pods.attach

container.pods.create

container.pods.delete

container.pods.exec

container.pods.get

container.pods.getLogs

container.pods.getStatus

container.pods.list

container.pods.portForward

container.pods.update

container.priorityClasses.get

container.priorityClasses.list

container.replicaSets.get

container.replicaSets.getScale

container. replicaSets. getStatus

container.replicaSets.list

container. replicationControllers. get

container. replicationControllers. getScale

container. replicationControllers. getStatus

container. replicationControllers. list

container.resourceQuotas.get

container. resourceQuotas. getStatus

container.resourceQuotas.list

container.roleBindings.*

container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update

container.roles.*

container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update

container.runtimeClasses.get

container.runtimeClasses.list

container.scheduledJobs.get

container.scheduledJobs.list

container.secrets.create

container.secrets.delete

container.secrets.list

container.secrets.update

container. serviceAccounts. create

container. serviceAccounts. delete

container.serviceAccounts.get

container.serviceAccounts.list

container. serviceAccounts. update

container.services.get

container.services.getStatus

container.services.list

container.statefulSets.get

container. statefulSets. getScale

container. statefulSets. getStatus

container.statefulSets.list

container.storageClasses.get

container.storageClasses.list

container.storageStates.get

container. storageStates. getStatus

container.storageStates.list

container. storageVersionMigrations. get

container. storageVersionMigrations. getStatus

container. storageVersionMigrations. list

container. thirdPartyObjects. get

container. thirdPartyObjects. list

container. thirdPartyResources. get

container. thirdPartyResources. list

container.tokenReviews.create

container.updateInfos.get

container.updateInfos.list

container. validatingWebhookConfigurations. get

container. validatingWebhookConfigurations. list

container. volumeAttachments. get

container. volumeAttachments. getStatus

container. volumeAttachments. list

container. volumeSnapshotClasses. get

container. volumeSnapshotClasses. list

container. volumeSnapshotContents. get

container. volumeSnapshotContents. getStatus

container. volumeSnapshotContents. list

container.volumeSnapshots.get

container.volumeSnapshots.list

recommender. containerDiagnosisInsights. get

recommender. containerDiagnosisInsights. list

recommender. containerDiagnosisRecommendations. get

recommender. containerDiagnosisRecommendations. list

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender. networkAnalyzerGkeConnectivityInsights. get

recommender. networkAnalyzerGkeConnectivityInsights. list

recommender. networkAnalyzerGkeIpAddressInsights. get

recommender. networkAnalyzerGkeIpAddressInsights. list

resourcemanager.projects.get

resourcemanager.projects.list

Container Threat Detection permissions

There are no IAM permissions for this service.

Container Threat Detection roles and permissions Stay organized with collections Save and categorize content based on your preferences.