Assured Workloads roles and permissions

This page lists the IAM roles and permissions for Assured Workloads. To search through all roles and permissions, see the role and permission index .

Assured Workloads roles

Role

Permissions

Assured Workloads Administrator

( roles/ assuredworkloads.admin )

Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration

assuredworkloads.*

assuredworkloads. operations. get
assuredworkloads. operations. list
assuredworkloads.updates.list
assuredworkloads. updates. update
assuredworkloads. violations. get
assuredworkloads. violations. list
assuredworkloads. violations. update
assuredworkloads. workload. create
assuredworkloads. workload. delete
assuredworkloads.workload.get
assuredworkloads.workload.list
assuredworkloads. workload. update

axt.labels.set

bigquery.config.update

logging.settings.update

orgpolicy.policies.*

orgpolicy.policies.create
orgpolicy.policies.delete
orgpolicy.policies.list
orgpolicy.policies.update

orgpolicy.policy.*

orgpolicy.policy.get
orgpolicy.policy.set

resourcemanager.folders.create

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager. projects. create

resourcemanager.projects.get

resourcemanager.projects.list

Assured Workloads Editor

( roles/ assuredworkloads.editor )

Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration

assuredworkloads.*

assuredworkloads. operations. get
assuredworkloads. operations. list
assuredworkloads.updates.list
assuredworkloads. updates. update
assuredworkloads. violations. get
assuredworkloads. violations. list
assuredworkloads. violations. update
assuredworkloads. workload. create
assuredworkloads. workload. delete
assuredworkloads.workload.get
assuredworkloads.workload.list
assuredworkloads. workload. update

axt.labels.set

bigquery.config.update

logging.settings.update

orgpolicy.policies.*

orgpolicy.policies.create
orgpolicy.policies.delete
orgpolicy.policies.list
orgpolicy.policies.update

orgpolicy.policy.*

orgpolicy.policy.get
orgpolicy.policy.set

resourcemanager.folders.create

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager. projects. create

resourcemanager.projects.get

resourcemanager.projects.list

Assured Workloads Monitoring Service Agent

( roles/ assuredworkloads.monitoringServiceAgent )

Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.

cloudasset. assets. exportResource

cloudasset.assets.listResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

Assured Workloads Reader

( roles/ assuredworkloads.reader )

Grants read access to all Assured Workloads resources and CRM resources - project/folder

assuredworkloads.operations.*

assuredworkloads. operations. get
assuredworkloads. operations. list

assuredworkloads.updates.list

assuredworkloads. violations. get

assuredworkloads. violations. list

assuredworkloads.workload.get

assuredworkloads.workload.list

orgpolicy.policies.list

orgpolicy.policy.get

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager. organizations. get

resourcemanager.projects.get

resourcemanager.projects.list

Assured Workloads Service Agent

( roles/ assuredworkloads.serviceAgent )

Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.

cloudkms.cryptoKeys.create

cloudkms.keyRings.create

orgpolicy.policies.list

orgpolicy.policy.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.use

Assured Workloads permissions

Permission

Included in roles

`assuredworkloads. operations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Support User ( roles/ iam.supportUser )

`assuredworkloads. operations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`assuredworkloads.updates.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`assuredworkloads. updates. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

`assuredworkloads. violations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Support User ( roles/ iam.supportUser )

Service agent roles

Cloud Controls Partner Monitoring Service Agent ( roles/ cloudcontrolspartner.monitoringServiceAgent )

`assuredworkloads. violations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Cloud Controls Partner Monitoring Service Agent ( roles/ cloudcontrolspartner.monitoringServiceAgent )

`assuredworkloads. violations. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

`assuredworkloads. workload. create`

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

`assuredworkloads. workload. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

`assuredworkloads.workload.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Support User ( roles/ iam.supportUser )

`assuredworkloads.workload.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )

Assured Workloads Reader ( roles/ assuredworkloads.reader )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`assuredworkloads. workload. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Assured Workloads Administrator ( roles/ assuredworkloads.admin )

Assured Workloads Editor ( roles/ assuredworkloads.editor )