Console
    Contact Us Start free

    Binary Authorization roles and permissions

    This page lists the IAM roles and permissions for Binary Authorization. To search through all roles and permissions, see the role and permission index .

    Binary Authorization roles

    Role
    Permissions

    ( roles/ binaryauthorization.attestorsAdmin )

    Administrator of Binary Authorization Attestors

    binaryauthorization. attestors.*

    • binaryauthorization. attestors. create
    • binaryauthorization. attestors. delete
    • binaryauthorization. attestors. get
    • binaryauthorization. attestors. getIamPolicy
    • binaryauthorization. attestors. list
    • binaryauthorization. attestors. setIamPolicy
    • binaryauthorization. attestors. update
    • binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsEditor )

    Editor of Binary Authorization Attestors

    binaryauthorization. attestors. create

    binaryauthorization. attestors. delete

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. update

    binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsVerifier )

    Caller of Binary Authorization Attestors VerifyImageAttested

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. verifyImageAttested

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.attestorsViewer )

    Viewer of Binary Authorization Attestors

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyAdmin )

    Administrator of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig.*

    • binaryauthorization. continuousValidationConfig. get
    • binaryauthorization. continuousValidationConfig. getIamPolicy
    • binaryauthorization. continuousValidationConfig. setIamPolicy
    • binaryauthorization. continuousValidationConfig. update

    binaryauthorization. platformPolicies.*

    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace

    binaryauthorization.policy.*

    • binaryauthorization. policy. evaluatePolicy
    • binaryauthorization.policy.get
    • binaryauthorization. policy. getIamPolicy
    • binaryauthorization. policy. setIamPolicy
    • binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyEditor )

    Editor of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. continuousValidationConfig. update

    binaryauthorization. platformPolicies.*

    • binaryauthorization. platformPolicies. create
    • binaryauthorization. platformPolicies. delete
    • binaryauthorization. platformPolicies. evaluatePolicy
    • binaryauthorization. platformPolicies. get
    • binaryauthorization. platformPolicies. list
    • binaryauthorization. platformPolicies. replace

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    binaryauthorization. policy. update

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyEvaluator )

    Evaluator of Binary Authorization Policy

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.policyViewer )

    Viewer of Binary Authorization Policy

    binaryauthorization. continuousValidationConfig. get

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization.policy.get

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ binaryauthorization.serviceAgent )

    Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

    artifactregistry. dockerimages. get

    artifactregistry. repositories. downloadArtifacts

    binaryauthorization. attestors. get

    binaryauthorization. attestors. list

    binaryauthorization. attestors. verifyImageAttested

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. policy. evaluatePolicy

    cloudasset. assets. exportResource

    cloudasset.feeds.create

    cloudasset.feeds.delete

    cloudasset.feeds.get

    cloudasset.feeds.update

    containeranalysis.notes.get

    containeranalysis.notes.list

    containeranalysis. notes. listOccurrences

    containeranalysis. occurrences. get

    containeranalysis. occurrences. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    storage.objects.list

    Binary Authorization permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Binary Authorization Attestor Viewer ( roles/ binaryauthorization.attestorsViewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Binary Authorization Attestor Viewer ( roles/ binaryauthorization.attestorsViewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Attestor Admin ( roles/ binaryauthorization.attestorsAdmin )

    Binary Authorization Attestor Editor ( roles/ binaryauthorization.attestorsEditor )

    Binary Authorization Attestor Image Verifier ( roles/ binaryauthorization.attestorsVerifier )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Cloud Run Service Agent ( roles/ serverless.serviceAgent )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Cloud Run Service Agent ( roles/ serverless.serviceAgent )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Binary Authorization Policy Evaluator ( roles/ binaryauthorization.policyEvaluator )

    Binary Authorization Policy Viewer ( roles/ binaryauthorization.policyViewer )

    Dev Ops ( roles/ iam.devOps )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Dev Ops ( roles/ iam.devOps )

    Security Admin ( roles/ iam.securityAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Binary Authorization Policy Administrator ( roles/ binaryauthorization.policyAdmin )

    Binary Authorization Policy Editor ( roles/ binaryauthorization.policyEditor )

    Dev Ops ( roles/ iam.devOps )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: