These roles grant the ability to create, overwrite, and delete storage buckets.
Users need to specify a storage bucket when enrolling a resource for auditing.
resourcemanager.organizations.setIamPolicy
This additional permission is required to enroll an organization.
resourcemanager.folders.setIamPolicy
This additional permission is required to enroll a folder.
This role grants the ability to create, read, update, delete, view, and
list custom compliance frameworks (Preview). This role can only be assigned at the organizational level.
This role grants the ability to view and list custom compliance frameworks (Preview).
This role is required to run audits against custom compliance frameworks (Preview). This role
can only be assigned at the organizational level.
For more information about granting roles, see theIAM documentation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page outlines the necessary IAM roles and permissions for using Audit Manager and custom compliance frameworks.\u003c/p\u003e\n"],["\u003cp\u003eAdministrators require the Audit Manager Admin, Storage Admin, or Storage Legacy Bucket Owner roles, along with additional permissions for organizations and folders.\u003c/p\u003e\n"],["\u003cp\u003eAuditors need the Audit Manager Auditor and Storage Legacy Object Reader roles to run audits and view reports.\u003c/p\u003e\n"],["\u003cp\u003eFramework administrators require the Audit Manager Custom Compliance Framework Admin role to manage custom compliance frameworks.\u003c/p\u003e\n"],["\u003cp\u003eFramework viewers require the Audit Manager Custom Compliance Framework Viewer role to view custom compliance frameworks, which is also required to run audits on them.\u003c/p\u003e\n"]]],[],null,["# Control access with IAM\n\nThis page describes the IAM roles and permissions that are\nrequired to set up and use Audit Manager and custom compliance frameworks.\n\nFor more information about granting roles, see the\n[IAM documentation](/iam/docs/granting-changing-revoking-access#grant-single-role).\n\nWhat's next\n-----------\n\n- [Enroll resources for audit](/audit-manager/docs/enroll-resource).\n- [Create a custom compliance framework](/audit-manager/docs/create-framework).\n- [Run an audit](/audit-manager/docs/run-audit)."]]
