This page lists the IAM roles and permissions for Assured Workloads. To search through all roles and permissions, see the role and permission index .
Assured Workloads roles
Assured Workloads Administrator
( roles/
)
Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
assuredworkloads.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list -
assuredworkloads.updates.list -
assuredworkloads.updates. update -
assuredworkloads.violations. get -
assuredworkloads.violations. list -
assuredworkloads.violations. update -
assuredworkloads.workload. create -
assuredworkloads.workload. delete -
assuredworkloads.workload.get -
assuredworkloads.workload.list -
assuredworkloads.workload. update
axt.labels.set
bigquery.config.update
logging.settings.update
orgpolicy.policies.*
-
orgpolicy.policies.create -
orgpolicy.policies.delete -
orgpolicy.policies.list -
orgpolicy.policies.update
orgpolicy.policy.*
-
orgpolicy.policy.get -
orgpolicy.policy.set
resourcemanager.folders.create
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Editor
( roles/
)
Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
assuredworkloads.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list -
assuredworkloads.updates.list -
assuredworkloads.updates. update -
assuredworkloads.violations. get -
assuredworkloads.violations. list -
assuredworkloads.violations. update -
assuredworkloads.workload. create -
assuredworkloads.workload. delete -
assuredworkloads.workload.get -
assuredworkloads.workload.list -
assuredworkloads.workload. update
axt.labels.set
bigquery.config.update
logging.settings.update
orgpolicy.policies.*
-
orgpolicy.policies.create -
orgpolicy.policies.delete -
orgpolicy.policies.list -
orgpolicy.policies.update
orgpolicy.policy.*
-
orgpolicy.policy.get -
orgpolicy.policy.set
resourcemanager.folders.create
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Monitoring Service Agent
( roles/
)
Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.
cloudasset.
cloudasset.assets.listResource
cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
Assured Workloads Reader
( roles/
)
Grants read access to all Assured Workloads resources and CRM resources - project/folder
assuredworkloads.operations.*
-
assuredworkloads.operations. get -
assuredworkloads.operations. list
assuredworkloads.updates.list
assuredworkloads.
assuredworkloads.
assuredworkloads.workload.get
assuredworkloads.workload.list
orgpolicy.policies.list
orgpolicy.policy.get
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.
resourcemanager.projects.get
resourcemanager.projects.list
Assured Workloads Service Agent
( roles/
)
Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.
cloudkms.cryptoKeys.create
cloudkms.keyRings.create
orgpolicy.policies.list
orgpolicy.policy.get
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.use
Assured Workloads permissions
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.updates.list
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
Service agent roles
- Cloud Controls Partner Monitoring Service Agent
(
roles/)cloudcontrolspartner.monitoringServiceAgent
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
Service agent roles
- Cloud Controls Partner Monitoring Service Agent
(
roles/)cloudcontrolspartner.monitoringServiceAgent
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
assuredworkloads.workload.get
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Support User
( roles/
)
assuredworkloads.workload.list
Owner
( roles/
)
Editor
( roles/
)
Viewer
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
Assured Workloads Reader
( roles/
)
Security Admin
( roles/
)
Security Auditor
( roles/
)
Security Reviewer
( roles/
)
Support User
( roles/
)
assuredworkloads.
Owner
( roles/
)
Editor
( roles/
)
Assured Workloads Administrator
( roles/
)
Assured Workloads Editor
( roles/
)
