Service Catalog roles and permissions

This page lists the IAM roles and permissions for Service Catalog. To search through all roles and permissions, see the role and permission index .

Service Catalog roles

Role

Permissions

Catalog Consumer ^Beta

( roles/ cloudprivatecatalog.consumer )

Can browse catalogs in the target resource context.

cloudprivatecatalog. targets. get

resourcemanager.projects.get

resourcemanager.projects.list

Catalog Admin ^Beta

( roles/ cloudprivatecatalogproducer.admin )

Can manage catalog and view its associations.

cloudprivatecatalog. targets. get

cloudprivatecatalogproducer. associations.*

cloudprivatecatalogproducer. associations. create
cloudprivatecatalogproducer. associations. delete
cloudprivatecatalogproducer. associations. get
cloudprivatecatalogproducer. associations. list

cloudprivatecatalogproducer. catalogAssociations.*

cloudprivatecatalogproducer. catalogAssociations. create
cloudprivatecatalogproducer. catalogAssociations. delete
cloudprivatecatalogproducer. catalogAssociations. get
cloudprivatecatalogproducer. catalogAssociations. list

cloudprivatecatalogproducer. catalogs.*

cloudprivatecatalogproducer. catalogs. create
cloudprivatecatalogproducer. catalogs. delete
cloudprivatecatalogproducer. catalogs. get
cloudprivatecatalogproducer. catalogs. getIamPolicy
cloudprivatecatalogproducer. catalogs. list
cloudprivatecatalogproducer. catalogs. setIamPolicy
cloudprivatecatalogproducer. catalogs. undelete
cloudprivatecatalogproducer. catalogs. update

cloudprivatecatalogproducer. producerCatalogs.*

cloudprivatecatalogproducer. producerCatalogs. attachProduct
cloudprivatecatalogproducer. producerCatalogs. create
cloudprivatecatalogproducer. producerCatalogs. delete
cloudprivatecatalogproducer. producerCatalogs. detachProduct
cloudprivatecatalogproducer. producerCatalogs. get
cloudprivatecatalogproducer. producerCatalogs. getIamPolicy
cloudprivatecatalogproducer. producerCatalogs. list
cloudprivatecatalogproducer. producerCatalogs. setIamPolicy
cloudprivatecatalogproducer. producerCatalogs. update

cloudprivatecatalogproducer. products.*

cloudprivatecatalogproducer. products. create
cloudprivatecatalogproducer. products. delete
cloudprivatecatalogproducer. products. get
cloudprivatecatalogproducer. products. getIamPolicy
cloudprivatecatalogproducer. products. list
cloudprivatecatalogproducer. products. setIamPolicy
cloudprivatecatalogproducer. products. update

cloudprivatecatalogproducer. targets.*

cloudprivatecatalogproducer. targets. associate
cloudprivatecatalogproducer. targets. unassociate

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Catalog Manager ^Beta

( roles/ cloudprivatecatalogproducer.manager )

Can manage associations between a catalog and a target resource.

cloudprivatecatalog. targets. get

cloudprivatecatalogproducer. associations.*

cloudprivatecatalogproducer. associations. create
cloudprivatecatalogproducer. associations. delete
cloudprivatecatalogproducer. associations. get
cloudprivatecatalogproducer. associations. list

cloudprivatecatalogproducer. catalogAssociations.*

cloudprivatecatalogproducer. catalogAssociations. create
cloudprivatecatalogproducer. catalogAssociations. delete
cloudprivatecatalogproducer. catalogAssociations. get
cloudprivatecatalogproducer. catalogAssociations. list

cloudprivatecatalogproducer. catalogs. get

cloudprivatecatalogproducer. catalogs. list

cloudprivatecatalogproducer. producerCatalogs. get

cloudprivatecatalogproducer. producerCatalogs. list

cloudprivatecatalogproducer. targets.*

cloudprivatecatalogproducer. targets. associate
cloudprivatecatalogproducer. targets. unassociate

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Catalog Org Admin ^Beta

( roles/ cloudprivatecatalogproducer.orgAdmin )

Can manage catalog org settings.

cloudprivatecatalog. targets. get

cloudprivatecatalogproducer.*

cloudprivatecatalogproducer. associations. create
cloudprivatecatalogproducer. associations. delete
cloudprivatecatalogproducer. associations. get
cloudprivatecatalogproducer. associations. list
cloudprivatecatalogproducer. catalogAssociations. create
cloudprivatecatalogproducer. catalogAssociations. delete
cloudprivatecatalogproducer. catalogAssociations. get
cloudprivatecatalogproducer. catalogAssociations. list
cloudprivatecatalogproducer. catalogs. create
cloudprivatecatalogproducer. catalogs. delete
cloudprivatecatalogproducer. catalogs. get
cloudprivatecatalogproducer. catalogs. getIamPolicy
cloudprivatecatalogproducer. catalogs. list
cloudprivatecatalogproducer. catalogs. setIamPolicy
cloudprivatecatalogproducer. catalogs. undelete
cloudprivatecatalogproducer. catalogs. update
cloudprivatecatalogproducer. producerCatalogs. attachProduct
cloudprivatecatalogproducer. producerCatalogs. create
cloudprivatecatalogproducer. producerCatalogs. delete
cloudprivatecatalogproducer. producerCatalogs. detachProduct
cloudprivatecatalogproducer. producerCatalogs. get
cloudprivatecatalogproducer. producerCatalogs. getIamPolicy
cloudprivatecatalogproducer. producerCatalogs. list
cloudprivatecatalogproducer. producerCatalogs. setIamPolicy
cloudprivatecatalogproducer. producerCatalogs. update
cloudprivatecatalogproducer. products. create
cloudprivatecatalogproducer. products. delete
cloudprivatecatalogproducer. products. get
cloudprivatecatalogproducer. products. getIamPolicy
cloudprivatecatalogproducer. products. list
cloudprivatecatalogproducer. products. setIamPolicy
cloudprivatecatalogproducer. products. update
cloudprivatecatalogproducer. settings. get
cloudprivatecatalogproducer. settings. update
cloudprivatecatalogproducer. targets. associate
cloudprivatecatalogproducer. targets. unassociate

commerceorggovernance. organizationSettings.*

commerceorggovernance. organizationSettings. get
commerceorggovernance. organizationSettings. update

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Service Catalog permissions

Permission

Included in roles

`cloudprivatecatalog. targets. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Consumer ( roles/ cloudprivatecatalog.consumer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )

`cloudprivatecatalogproducer. associations. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. associations. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. associations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. associations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogAssociations. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. catalogAssociations. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. catalogAssociations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogAssociations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogs. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. catalogs. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. catalogs. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogs. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogs. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. catalogs. setIamPolicy`

Owner ( roles/ owner )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

`cloudprivatecatalogproducer. catalogs. undelete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. catalogs. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. producerCatalogs. attachProduct`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. producerCatalogs. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. producerCatalogs. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. producerCatalogs. detachProduct`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. producerCatalogs. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. producerCatalogs. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. producerCatalogs. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. producerCatalogs. setIamPolicy`

Owner ( roles/ owner )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

`cloudprivatecatalogproducer. producerCatalogs. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. products. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. products. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. products. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. products. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. products. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. products. setIamPolicy`

Owner ( roles/ owner )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Security Admin ( roles/ iam.securityAdmin )

`cloudprivatecatalogproducer. products. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. settings. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Support User ( roles/ iam.supportUser )

`cloudprivatecatalogproducer. settings. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. targets. associate`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

`cloudprivatecatalogproducer. targets. unassociate`

Owner ( roles/ owner )

Editor ( roles/ editor )

Catalog Admin ( roles/ cloudprivatecatalogproducer.admin )

Catalog Manager ( roles/ cloudprivatecatalogproducer.manager )

Catalog Org Admin ( roles/ cloudprivatecatalogproducer.orgAdmin )

Service Catalog roles and permissions Stay organized with collections Save and categorize content based on your preferences.