Console
    Contact Us Start free

    Roles and permissions

    This page lists the permissions required by Google Distributed Cloud connected and the Identity and Access Management (IAM) roles that encapsulate them.

    Roles

    This section lists the IAM roles that encapsulate Distributed Cloud connected permissions.

    Google Cloud project roles for Distributed Cloud connected

    The following table lists the Google Cloud project roles and the Distributed Cloud connected permissions that they encapsulate.

    Role
    Resources
    Permissions
    Edge Container Viewer

    roles/edgecontainer.viewer
    zones, nodes, node pools, clusters, VPN connections
    • edgecontainer.clusters.list
    • edgecontainer.clusters.get
    • edgecontainer.clusters.generateAccessToken
    • edgecontainer.clusters.getIamPolicy
    • edgecontainer.nodePools.list
    • edgecontainer.nodePools.get
    • edgecontainer.nodePools.getIamPolicy
    • edgecontainer.machines.list
    • edgecontainer.machines.get
    • edgecontainer.machines.getIamPolicy
    • edgecontainer.vpnConnections.list
    • edgecontainer.vpnConnections.get
    • edgecontainer.vpnConnections.getIamPolicy
    • edgecontainer.locations.list
    • edgecontainer.locations.get
    • edgecontainer.operations.list
    • edgecontainer.operations.get
    • edgecontainer.serverconfig.get
    Edge Container Admin

    roles/edgecontainer.admin
    zones, nodes, node pools, clusters, VPN connections
    Includes all permissions from the Edge Container Viewer role, plus the following:
    • edgecontainer.clusters.create
    • edgecontainer.clusters.update
    • edgecontainer.clusters.upgrade
    • edgecontainer.clusters.delete
    • edgecontainer.clusters.setIamPolicy
    • edgecontainer.clusters.generateOfflineCredential
    • edgecontainer.nodePools.create
    • edgecontainer.nodePools.update
    • edgecontainer.nodePools.delete
    • edgecontainer.nodePools.setIamPolicy
    • edgecontainer.machines.create
    • edgecontainer.machines.update
    • edgecontainer.machines.delete
    • edgecontainer.machines.use
    • edgecontainer.machines.setIamPolicy
    • edgecontainer.vpnConnections.create
    • edgecontainer.vpnConnections.update
    • edgecontainer.vpnConnections.delete
    • edgecontainer.vpnConnections.setIamPolicy
    • edgecontainer.operations.cancel
    • edgecontainer.operations.delete
    Edge Container Machine User

    roles/edgecontainer.machineUser
    machines
    • edgecontainer.machines.use
    Edge Container Offline Credential User

    roles/edgecontainer.offlineCredentialUser
    clusters
    • edgecontainer.clusters.generateOfflineCredential
    Edge Network Viewer

    roles/edgenetwork.viewer
    zones, networks, subnets, interconnects, interconnect attachments, routers, locations, operations
    • edgenetwork.networks.list
    • edgenetwork.networks.get
    • edgenetwork.networks.getStatus
    • edgenetwork.networks.getIamPolicy
    • edgenetwork.subnetworks.list
    • edgenetwork.subnetworks.get
    • edgenetwork.subnetworks.getIamPolicy
    • edgenetwork.interconnects.list
    • edgenetwork.interconnects.get
    • edgenetwork.interconnects.getDiagnostics
    • edgenetwork.interconnects.getIamPolicy
    • edgenetwork.interconnectAttachments.list
    • edgenetwork.interconnectAttachments.get
    • edgenetwork.interconnectAttachments.getIamPolicy
    • edgenetwork.routers.list
    • edgenetwork.routers.get
    • edgenetwork.routers.getRouterStatus
    • edgenetwork.routers.getIamPolicy
    • edgenetwork.zones.list
    • edgenetwork.zones.get
    • edgenetwork.locations.list
    • edgenetwork.locations.get
    • edgenetwork.operations.list
    • edgenetwork.operations.get
    Edge Network Admin

    roles/edgenetwork.admin
    zones, networks, subnets, interconnects, interconnect attachments, routers, operations
    Includes all permissions from the Edge Network Viewer role, plus the following:
    • edgenetwork.networks.create
    • edgenetwork.networks.delete
    • edgenetwork.networks.setIamPolicy
    • edgenetwork.subnetworks.create
    • edgenetwork.subnetworks.delete
    • edgenetwork.subnetworks.setIamPolicy
    • edgenetwork.interconnects.setIamPolicy
    • edgenetwork.interconnectAttachments.create
    • edgenetwork.interconnectAttachments.delete
    • edgenetwork.interconnectAttachments.setIamPolicy
    • edgenetwork.routers.create
    • edgenetwork.routers.update
    • edgenetwork.routers.patch
    • edgenetwork.routers.delete
    • edgenetwork.routers.setIamPolicy
    • edgenetwork.zones.initialize
    • edgenetwork.operations.cancel
    • edgenetwork.operations.delete

    Custom roles

    Google Cloud also allows you to create custom roles that encapsulate permissions specific to your business needs, such as the principle of least privilege. For instructions, see Create and manage custom roles .

    Permissions

    This section lists the permissions required to perform specific operations on Distributed Cloud connected resources.

    Operation and method Resource Permission
    List regions in the Google Cloud project.

    locations.list
    		regions edgecontainer.locations.list
    on the target Google Cloud project
    Get information about a region.

    locations.get
    		regions edgecontainer.locations.get
    on the target Google Cloud project
    Create a cluster.

    clusters.create
    		clusters edgecontainer.clusters.create
    on the target Google Cloud project
    List clusters in the Google Cloud project.

    clusters.list
    		clusters edgecontainer.clusters.list
    on the target Google Cloud project
    Obtain credentials for the cluster.

    clusters.get
    		clusters edgecontainer.clusters.get
    on the target Google Cloud project
    Generate an access token for the cluster.

    clusters.generateAccessToken
    		clusters edgecontainer.clusters.generateAccessToken
    on the target Google Cloud project
    Modify a cluster.

    clusters.update
    		clusters edgecontainer.clusters.update
    on the target Google Cloud project
    Upgrade, downgrade, or pin a cluster to a specific Distributed Cloud software stack version.

    clusters.upgrade
    		clusters edgecontainer.clusters.upgrade
    on the target Google Cloud project
    Generate an offline access credential for a local control plane cluster.

    clusters.generateOfflineCredential
    		clusters edgecontainer.clusters.generateOfflineCredential
    on the target Google Cloud project
    Delete a cluster.

    clusters.delete
    		clusters edgecontainer.clusters.delete
    on the target Google Cloud project
    Create a node pool.

    nodePools.create
    		node pools edgecontainer.nodePools.create
    on the target Google Cloud project
    List node pools in the Google Cloud project.

    nodePools.list
    		node pools edgecontainer.nodePools.list
    on the target Google Cloud project
    Get information about a node pool.

    nodePools.get
    		node pools edgecontainer.nodePools.get
    on the target Google Cloud project
    Modify a node pool.

    nodePools.update
    		node pools edgecontainer.nodePools.update
    on the target Google Cloud project
    Delete a node pool.

    nodePools.delete
    		node pools edgecontainer.nodePools.delete
    on the target Google Cloud project
    Create a node (machine).

    machines.create
    		nodes edgecontainer.machines.create
    on the target Google Cloud project
    List nodes (machines) in the Google Cloud project.

    machines.list
    		nodes edgecontainer.machines.list
    on the target Google Cloud project
    Get information about a node (machine).

    machines.get
    		nodes edgecontainer.machines.get
    on the target Google Cloud project
    Modify a node (machine).

    machines.update
    		nodes edgecontainer.machines.update
    on the target Google Cloud project
    Deploy a workload to a node (machine).

    machines.use
    		nodes edgecontainer.machines.use
    on the target Google Cloud project
    Delete a node (machine).

    machines.delete
    		nodes edgecontainer.machines.delete
    on the target Google Cloud project
    List workloads deployed in a zone.

    operations.list
    		operations edgecontainer.operations.list
    on the target Google Cloud project
    Get information about a workload.

    operations.get
    		operations edgecontainer.operations.get
    on the target Google Cloud project
    Cancel a workload in progress.

    operations.cancel
    		operations edgecontainer.operations.cancel
    on the target Google Cloud project
    Delete a workload.

    operations.delete
    		operations edgecontainer.operations.delete
    on the target Google Cloud project
    Get the server configuration for a cluster.

    serverconfig.get
    		serverconfig edgecontainer.serverconfig.get
    on the target Google Cloud project
    Create a VPN connection.

    vpnConnections.create
    		VPN connections edgecontainer.vpnConnections.create
    on the target Google Cloud project
    List VPN connections in the Google Cloud project.

    vpnConnections.list
    		VPN connections edgecontainer.vpnConnections.list
    on the target Google Cloud project
    Get information about a VPN connection.

    vpnConnections.get
    		VPN connections edgecontainer.vpnConnections.get
    on the target Google Cloud project
    Modify a VPN connection.

    vpnConnections.update
    		VPN connections edgecontainer.vpnConnections.update
    on the target Google Cloud project
    Delete a VPN connection.

    vpnConnections.delete
    		VPN connections edgecontainer.vpnConnections.delete
    on the target Google Cloud project
    List zones in the Google Cloud project.

    zones.list
    		zones edgenetwork.zones.list
    on the target machine Google Cloud project
    Get information about a zone.

    zones.get
    		zones edgenetwork.zones.get
    on the target machine Google Cloud project
    Initialize a zone.

    zones.initialize
    		zones edgenetwork.zones.initialize
    on the target machine Google Cloud project
    Create a network.

    networks.create
    		networks edgenetwork.networks.create
    on the target machine Google Cloud project
    List networks in the Google Cloud project.

    networks.list
    		networks edgenetwork.networks.list
    on the target machine Google Cloud project
    Get information about a network.

    networks.get
    		networks edgenetwork.networks.get
    on the target machine Google Cloud project
    Get status about a network.

    networks.getStatus
    		networks edgenetwork.networks.getStatus
    on the target machine Google Cloud project
    Delete a network.

    networks.delete
    		networks edgenetwork.networks.delete
    on the target machine Google Cloud project
    Create a subnet.

    subnetworks.create
    		subnets edgenetwork.subnetworks.create
    on the target machine Google Cloud project
    List subnets in the Google Cloud project.

    subnetworks.list
    		subnets edgenetwork.subnetworks.list
    on the target machine Google Cloud project
    Get information about a subnet.

    subnetworks.get
    		subnets edgenetwork.subnetworks.get
    on the target machine Google Cloud project
    Delete a subnet.

    subnetworks.delete
    		subnets edgenetwork.subnetworks.delete
    on the target machine Google Cloud project
    List interconnects in the Google Cloud project.

    interconnects.list
    		interconnects edgenetwork.interconnects.list
    on the target machine Google Cloud project
    Get information about an interconnect.

    interconnects.get
    		interconnects edgenetwork.interconnects.get
    on the target machine Google Cloud project
    Get diagnostic information about an interconnect.

    interconnects.getDiagnostics
    		interconnects edgenetwork.interconnects.getDiagnostics
    on the target machine Google Cloud project
    Create an interconnect attachment.

    interconnectAttachments.create
    		interconnect attachments edgenetwork.interconnectAttachments.create
    on the target machine Google Cloud project
    List interconnect attachments in the Google Cloud project.

    interconnectAttachments.list
    		interconnect attachments edgenetwork.interconnectAttachments.list
    on the target machine Google Cloud project
    Get information about an interconnect attachment.

    interconnectAttachments.get
    		interconnect attachments edgenetwork.interconnectAttachments.get
    on the target machine Google Cloud project
    Delete an interconnect attachment.

    interconnectAttachments.delete
    		interconnect attachments edgenetwork.interconnectAttachments.delete
    on the target machine Google Cloud project
    Create a router.

    routers.create
    		routers edgenetwork.routers.create
    on the target machine Google Cloud project
    List routers in the Google Cloud project.

    routers.list
    		routers edgenetwork.routers.list
    on the target machine Google Cloud project
    Get status about a router.

    routers.getRouterStatus
    		routers edgenetwork.routers.getRouterStatus
    on the target machine Google Cloud project
    Get information about a router.

    routers.get
    		routers edgenetwork.routers.get
    on the target machine Google Cloud project
    Modify a router.

    routers.update
    		routers edgenetwork.routers.update
    on the target machine Google Cloud project
    Delete a router.

    routers.delete
    		routers edgenetwork.routers.delete
    on the target machine Google Cloud project
    List workloads deployed in a zone.

    operations.list
    		operations edgenetwork.operations.list
    on the target machine Google Cloud project
    Get information about a workload.

    operations.get
    		operations edgenetwork.operations.get
    on the target machine Google Cloud project
    Cancel a workload in progress.

    operations.cancel
    		operations edgenetwork.operations.cancel
    on the target machine Google Cloud project
    Delete a workload.

    operations.delete
    		operations edgenetwork.operations.delete
    on the target machine Google Cloud project
    List locations in the machine Google Cloud project.

    locations.list
    		locations edgenetwork.locations.list
    on the target machine Google Cloud project
    Get information about a location.

    locations.get
    		locations edgenetwork.locations.get
    on the target machine Google Cloud project
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: