Console
    Start free

    Assured Workloads roles and permissions

    This page lists the IAM roles and permissions for Assured Workloads. To search through all roles and permissions, see the role and permission index .

    Assured Workloads roles

    Role
    Permissions

    ( roles/ assuredworkloads.admin )

    Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration

    assuredworkloads.*

    • assuredworkloads. operations. get
    • assuredworkloads. operations. list
    • assuredworkloads.updates.list
    • assuredworkloads. updates. update
    • assuredworkloads. violations. get
    • assuredworkloads. violations. list
    • assuredworkloads. violations. update
    • assuredworkloads. workload. create
    • assuredworkloads. workload. delete
    • assuredworkloads.workload.get
    • assuredworkloads.workload.list
    • assuredworkloads. workload. update

    axt.labels.set

    bigquery.config.update

    logging.settings.update

    orgpolicy.policies.*

    • orgpolicy.policies.create
    • orgpolicy.policies.delete
    • orgpolicy.policies.list
    • orgpolicy.policies.update

    orgpolicy.policy.*

    • orgpolicy.policy.get
    • orgpolicy.policy.set

    resourcemanager.folders.create

    resourcemanager.folders.get

    resourcemanager.folders.list

    resourcemanager. organizations. get

    resourcemanager. projects. create

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ assuredworkloads.editor )

    Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration

    assuredworkloads.*

    • assuredworkloads. operations. get
    • assuredworkloads. operations. list
    • assuredworkloads.updates.list
    • assuredworkloads. updates. update
    • assuredworkloads. violations. get
    • assuredworkloads. violations. list
    • assuredworkloads. violations. update
    • assuredworkloads. workload. create
    • assuredworkloads. workload. delete
    • assuredworkloads.workload.get
    • assuredworkloads.workload.list
    • assuredworkloads. workload. update

    axt.labels.set

    bigquery.config.update

    logging.settings.update

    orgpolicy.policies.*

    • orgpolicy.policies.create
    • orgpolicy.policies.delete
    • orgpolicy.policies.list
    • orgpolicy.policies.update

    orgpolicy.policy.*

    • orgpolicy.policy.get
    • orgpolicy.policy.set

    resourcemanager.folders.create

    resourcemanager.folders.get

    resourcemanager.folders.list

    resourcemanager. organizations. get

    resourcemanager. projects. create

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ assuredworkloads.reader )

    Grants read access to all Assured Workloads resources and CRM resources - project/folder

    assuredworkloads.operations.*

    • assuredworkloads. operations. get
    • assuredworkloads. operations. list

    assuredworkloads.updates.list

    assuredworkloads. violations. get

    assuredworkloads. violations. list

    assuredworkloads.workload.get

    assuredworkloads.workload.list

    orgpolicy.policies.list

    orgpolicy.policy.get

    resourcemanager.folders.get

    resourcemanager.folders.list

    resourcemanager. organizations. get

    resourcemanager.projects.get

    resourcemanager.projects.list

    Service agent roles

    Service agent roles should only be granted to service agents .

    Role
    Permissions

    ( roles/ assuredworkloads.monitoringServiceAgent )

    Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.

    cloudasset. assets. exportResource

    cloudasset.assets.listResource

    cloudasset.feeds.create

    cloudasset.feeds.delete

    cloudasset.feeds.get

    ( roles/ assuredworkloads.serviceAgent )

    Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.

    cloudkms.cryptoKeys.create

    cloudkms.keyRings.create

    orgpolicy.policies.list

    orgpolicy.policy.get

    serviceusage.consumerpolicy.*

    • serviceusage. consumerpolicy. analyze
    • serviceusage. consumerpolicy. get
    • serviceusage. consumerpolicy. update

    serviceusage. effectivepolicy. get

    serviceusage.groups.*

    • serviceusage.groups.list
    • serviceusage. groups. listExpandedMembers
    • serviceusage. groups. listMembers

    serviceusage.services.enable

    serviceusage.services.get

    serviceusage.services.use

    serviceusage.values.test

    Assured Workloads permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Assured Workloads Reader ( roles/ assuredworkloads.reader )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Assured Workloads Administrator ( roles/ assuredworkloads.admin )

    Assured Workloads Editor ( roles/ assuredworkloads.editor )
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: