This page lists the IAM roles and permissions for Assured Workloads. To search through all roles and permissions, see the role and permission index .
Assured Workloads roles
Assured Workloads Administrator
( roles/
)
Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
assuredworkloads.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list -
assuredworkloads.updates.list -
assuredworkloads.updates. update -
assuredworkloads.violations. get -
assuredworkloads.violations. list -
assuredworkloads.violations. update -
assuredworkloads.workload. create -
assuredworkloads.workload. delete -
assuredworkloads.workload.get -
assuredworkloads.workload.list -
assuredworkloads.workload. update
axt.labels.set
bigquery.config.update
logging.settings.update
orgpolicy.policies.*
-
orgpolicy.policies.create -
orgpolicy.policies.delete -
orgpolicy.policies.list -
orgpolicy.policies.update
orgpolicy.policy.*
-
orgpolicy.policy.get -
orgpolicy.policy.set
resourcemanager.folders.create
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Editor
( roles/
)
Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
assuredworkloads.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list -
assuredworkloads.updates.list -
assuredworkloads.updates. update -
assuredworkloads.violations. get -
assuredworkloads.violations. list -
assuredworkloads.violations. update -
assuredworkloads.workload. create -
assuredworkloads.workload. delete -
assuredworkloads.workload.get -
assuredworkloads.workload.list -
assuredworkloads.workload. update
axt.labels.set
bigquery.config.update
logging.settings.update
orgpolicy.policies.*
-
orgpolicy.policies.create -
orgpolicy.policies.delete -
orgpolicy.policies.list -
orgpolicy.policies.update
orgpolicy.policy.*
-
orgpolicy.policy.get -
orgpolicy.policy.set
resourcemanager.folders.create
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Monitoring Service Agent
( roles/
)
Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.
cloudasset.
cloudasset.assets.listResource
cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
Assured Workloads Reader
( roles/
)
Grants read access to all Assured Workloads resources and CRM resources - project/folder
assuredworkloads.operations.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list
assuredworkloads.updates.list
assuredworkloads.
assuredworkloads.
assuredworkloads.workload.get
assuredworkloads.workload.list
orgpolicy.policies.list
orgpolicy.policy.get
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Service Agent
( roles/
)
Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.
cloudkms.cryptoKeys.create
cloudkms.keyRings.create
orgpolicy.policies.list
orgpolicy.policy.get
serviceusage.consumerpolicy.*
-
serviceusage.consumerpolicy. analyze -
serviceusage.consumerpolicy. get -
serviceusage.consumerpolicy. update
serviceusage.
serviceusage.groups.*
-
serviceusage.groups.list -
serviceusage.groups. listExpandedMembers -
serviceusage.groups. listMembers
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.use
serviceusage.values.test
Assured Workloads permissions
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.updates.list
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
Service agent roles
- Cloud Controls Partner Monitoring Service Agent
(
roles/)cloudcontrolspartner.monitoringServiceAgent
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
Service agent roles
- Cloud Controls Partner Monitoring Service Agent
(
roles/)cloudcontrolspartner.monitoringServiceAgent
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.workload.get
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
assuredworkloads.workload.list
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
