Console
    Start free

    Binary Authorization roles and permissions

    This page lists the IAM roles and permissions for Binary Authorization. To search through all roles and permissions, see the role and permission index .

    Binary Authorization roles

    Role
    Permissions

    ( roles/ binaryauthorization.admin )

    Admin role for Binary Authorization

    binaryauthorization.*

    • binaryauthorization. attestors. create
    • binaryauthorization. attestors. delete
    • binaryauthorization. attestors. get
    • binaryauthorization. attestors. getIamPolicy
    • binaryauthorization. attestors. list
    • binaryauthorization. attestors. setIamPolicy
    • binaryauthorization. attestors. update
    • binaryauthorization. attestors. verifyImageAttested
    • binaryauthorization. continuousValidationConfig. get
    • binaryauthorization. continuousValidationConfig. getIamPolicy
    • binaryauthorization. continuousValidationConfig. setIamPolicy
    • binaryauthorization. continuousValidationConfig. update
    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace
    • binaryauthorization. policy. evaluatePolicy
    • binaryauthorization.policy.get
    • binaryauthorization. policy. getIamPolicy
    • binaryauthorization. policy. setIamPolicy
    • binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.editor )

    Editor role for Binary Authorization

    binaryauthorization. attestors. create

    binaryauthorization. attestors. delete

    binaryauthorization. attestors. get

    binaryauthorization. attestors. getIamPolicy

    binaryauthorization. attestors. list

    binaryauthorization. attestors. update

    binaryauthorization. attestors. verifyImageAttested

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. continuousValidationConfig. getIamPolicy

    binaryauthorization. continuousValidationConfig. update

    binaryauthorization. platformPolicies.*

    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    binaryauthorization. policy. getIamPolicy

    binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.viewer )

    Viewer role for Binary Authorization

    binaryauthorization. attestors. get

    binaryauthorization. attestors. getIamPolicy

    binaryauthorization. attestors. list

    binaryauthorization. attestors. verifyImageAttested

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. continuousValidationConfig. getIamPolicy

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    binaryauthorization. policy. getIamPolicy

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsAdmin )

    Administrator of Binary Authorization Attestors

    binaryauthorization. attestors.*

    • binaryauthorization. attestors. create
    • binaryauthorization. attestors. delete
    • binaryauthorization. attestors. get
    • binaryauthorization. attestors. getIamPolicy
    • binaryauthorization. attestors. list
    • binaryauthorization. attestors. setIamPolicy
    • binaryauthorization. attestors. update
    • binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsEditor )

    Editor of Binary Authorization Attestors

    binaryauthorization. attestors. create

    binaryauthorization. attestors. delete

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. update

    binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsVerifier )

    Caller of Binary Authorization Attestors VerifyImageAttested

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsViewer )

    Viewer of Binary Authorization Attestors

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyAdmin )

    Administrator of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig.*

    • binaryauthorization. continuousValidationConfig. get
    • binaryauthorization. continuousValidationConfig. getIamPolicy
    • binaryauthorization. continuousValidationConfig. setIamPolicy
    • binaryauthorization. continuousValidationConfig. update

    binaryauthorization. platformPolicies.*

    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace

    binaryauthorization.policy.*

    • binaryauthorization. policy. evaluatePolicy
    • binaryauthorization.policy.get
    • binaryauthorization. policy. getIamPolicy
    • binaryauthorization. policy. setIamPolicy
    • binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyEditor )

    Editor of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. continuousValidationConfig. update

    binaryauthorization. platformPolicies.*

    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyEvaluator )

    Evaluator of Binary Authorization Policy

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyViewer )

    Viewer of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization.policy.get

    resourcemanager.projects.get

    resourcemanager.projects.list

    Service agent roles

    Service agent roles should only be granted to service agents .

    Role Permissions

    ( roles/ binaryauthorization.serviceAgent )

    Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

    artifactregistry. dockerimages. get

    artifactregistry. repositories. downloadArtifacts

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. verifyImageAttested

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. policy. evaluatePolicy

    cloudasset. assets. exportResource

    cloudasset.feeds.create

    cloudasset.feeds.delete

    cloudasset.feeds.get

    cloudasset.feeds.update

    containeranalysis.notes.get

    containeranalysis.notes.list

    containeranalysis. notes. listOccurrences

    containeranalysis. occurrences. get

    containeranalysis. occurrences. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    storage.objects.list

    Binary Authorization permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Binary Authorization Attestor Viewer ( roles/ binaryauthorization.attestorsViewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Binary Authorization Attestor Viewer ( roles/ binaryauthorization.attestorsViewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Viewer ( roles/ binaryauthorization.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Reviewer ( roles/ iam.securityReviewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Admin ( roles/ binaryauthorization.admin )

    Binary Authorization Editor ( roles/ binaryauthorization.editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: