Certificate Authority Service roles and permissions

This page lists the IAM roles and permissions for Certificate Authority Service. To search through all roles and permissions, see the role and permission index .

Certificate Authority Service roles

Role

Permissions

CA Service Admin

( roles/ privateca.admin )

Full access to all CA Service resources.

privateca.*

privateca.caPools.create
privateca. caPools. createTagBinding
privateca.caPools.delete
privateca. caPools. deleteTagBinding
privateca.caPools.get
privateca.caPools.getIamPolicy
privateca.caPools.list
privateca. caPools. listEffectiveTags
privateca. caPools. listTagBindings
privateca.caPools.setIamPolicy
privateca.caPools.update
privateca.caPools.use
privateca. certificateAuthorities. create
privateca. certificateAuthorities. delete
privateca. certificateAuthorities. get
privateca. certificateAuthorities. getIamPolicy
privateca. certificateAuthorities. list
privateca. certificateAuthorities. setIamPolicy
privateca. certificateAuthorities. update
privateca. certificateRevocationLists. create
privateca. certificateRevocationLists. get
privateca. certificateRevocationLists. getIamPolicy
privateca. certificateRevocationLists. list
privateca. certificateRevocationLists. setIamPolicy
privateca. certificateRevocationLists. update
privateca. certificateTemplates. create
privateca. certificateTemplates. createTagBinding
privateca. certificateTemplates. delete
privateca. certificateTemplates. deleteTagBinding
privateca. certificateTemplates. get
privateca. certificateTemplates. getIamPolicy
privateca. certificateTemplates. list
privateca. certificateTemplates. listEffectiveTags
privateca. certificateTemplates. listTagBindings
privateca. certificateTemplates. setIamPolicy
privateca. certificateTemplates. update
privateca. certificateTemplates. use
privateca.certificates.create
privateca. certificates. createForSelf
privateca.certificates.get
privateca. certificates. getIamPolicy
privateca.certificates.list
privateca. certificates. setIamPolicy
privateca.certificates.update
privateca.locations.get
privateca.locations.list
privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list
privateca. reusableConfigs. create
privateca. reusableConfigs. delete
privateca.reusableConfigs.get
privateca. reusableConfigs. getIamPolicy
privateca.reusableConfigs.list
privateca. reusableConfigs. setIamPolicy
privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

Privateca Editor

( roles/ privateca.editor )

Editor role for privateca

privateca.caPools.create

privateca.caPools.delete

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca.caPools.update

privateca.caPools.use

privateca. certificateAuthorities. create

privateca. certificateAuthorities. delete

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateAuthorities. update

privateca. certificateRevocationLists. create

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateRevocationLists. update

privateca. certificateTemplates. create

privateca. certificateTemplates. delete

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. update

privateca. certificateTemplates. use

privateca.certificates.create

privateca. certificates. createForSelf

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.certificates.update

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.*

privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list

privateca. reusableConfigs. create

privateca. reusableConfigs. delete

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

Privateca Viewer

( roles/ privateca.viewer )

Viewer role for privateca

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. use

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Auditor

( roles/ privateca.auditor )

Read-only access to all CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Operation Manager

( roles/ privateca.caManager )

Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.

privateca.caPools.create

privateca. caPools. createTagBinding

privateca.caPools.delete

privateca. caPools. deleteTagBinding

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca.caPools.update

privateca. certificateAuthorities. create

privateca. certificateAuthorities. delete

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateAuthorities. update

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateRevocationLists. update

privateca. certificateTemplates. create

privateca. certificateTemplates. createTagBinding

privateca. certificateTemplates. delete

privateca. certificateTemplates. deleteTagBinding

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. update

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.certificates.update

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca. reusableConfigs. create

privateca. reusableConfigs. delete

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

CA Service Certificate Manager

( roles/ privateca.certificateManager )

Create certificates and read-only access for CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca.certificates.create

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Certificate Requester

( roles/ privateca.certificateRequester )

Request certificates from CA Service.

privateca.certificates.create

CA Service Pool Reader

( roles/ privateca.poolReader )

Read CA Pools in CA Service.

privateca.caPools.get

CA Service Certificate Template User

( roles/ privateca.templateUser )

Read, list and use certificate templates.

privateca. certificateTemplates. get

privateca. certificateTemplates. list

privateca. certificateTemplates. use

CA Service Workload Certificate Requester

( roles/ privateca.workloadCertificateRequester )

Request certificates from CA Service with caller's identity.

privateca. certificates. createForSelf

Certificate Authority Service permissions

Permission

Included in roles

`privateca.caPools.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. caPools. createTagBinding`

Owner ( roles/ owner )

CA Service Admin ( roles/ privateca.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca.caPools.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. caPools. deleteTagBinding`

Owner ( roles/ owner )

CA Service Admin ( roles/ privateca.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca.caPools.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

CA Service Pool Reader ( roles/ privateca.poolReader )

Service agent roles

Managed Kafka Service Agent ( roles/ managedkafka.serviceAgent )

`privateca.caPools.getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.caPools.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. caPools. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. caPools. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.caPools.setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca.caPools.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca.caPools.use`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateAuthorities. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateAuthorities. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateAuthorities. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateAuthorities. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateAuthorities. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateAuthorities. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateAuthorities. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateRevocationLists. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateRevocationLists. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateRevocationLists. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateRevocationLists. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateRevocationLists. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateRevocationLists. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. createTagBinding`

Owner ( roles/ owner )

CA Service Admin ( roles/ privateca.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. deleteTagBinding`

Owner ( roles/ owner )

CA Service Admin ( roles/ privateca.admin )

Tag User ( roles/ resourcemanager.tagUser )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

CA Service Certificate Template User ( roles/ privateca.templateUser )

`privateca. certificateTemplates. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateTemplates. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

CA Service Certificate Template User ( roles/ privateca.templateUser )

`privateca. certificateTemplates. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateTemplates. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificateTemplates. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateTemplates. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. certificateTemplates. use`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Certificate Template User ( roles/ privateca.templateUser )

`privateca.certificates.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

CA Service Certificate Requester ( roles/ privateca.certificateRequester )

`privateca. certificates. createForSelf`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Workload Certificate Requester ( roles/ privateca.workloadCertificateRequester )

`privateca.certificates.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. certificates. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.certificates.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Service agent roles

Audit Manager Auditing Service Agent ( roles/ auditmanager.serviceAgent )
Cloud Security Compliance Service Agent ( roles/ cloudsecuritycompliance.serviceAgent )

`privateca. certificates. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca.certificates.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca.operations.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. reusableConfigs. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca. reusableConfigs. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

`privateca.reusableConfigs.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. reusableConfigs. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca.reusableConfigs.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

`privateca. reusableConfigs. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. reusableConfigs. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Operation Manager ( roles/ privateca.caManager )

Certificate Authority Service roles and permissions Stay organized with collections Save and categorize content based on your preferences.