Cloud Trace roles and permissions

This page lists the IAM roles and permissions for Cloud Trace. To search through all roles and permissions, see the role and permission index .

Cloud Trace roles

Role

Permissions

Cloud Trace Admin

( roles/ cloudtrace.admin )

Provides full access to the Trace console and read-write access to traces.

Lowest-level resources where you can grant this role:

Project

cloudtrace.*

cloudtrace.insights.get
cloudtrace.insights.list
cloudtrace.stats.get
cloudtrace.tasks.create
cloudtrace.tasks.delete
cloudtrace.tasks.get
cloudtrace.tasks.list
cloudtrace.traceScopes.create
cloudtrace.traceScopes.delete
cloudtrace.traceScopes.get
cloudtrace.traceScopes.list
cloudtrace.traceScopes.update
cloudtrace.traces.get
cloudtrace.traces.list
cloudtrace.traces.patch

observability.scopes.get

observability.traceScopes.*

observability. traceScopes. create
observability. traceScopes. delete
observability.traceScopes.get
observability.traceScopes.list
observability. traceScopes. update

resourcemanager.projects.get

resourcemanager.projects.list

telemetry.traces.write

Cloud Trace Agent

( roles/ cloudtrace.agent )

For service accounts. Provides ability to write traces by sending the data to Stackdriver Trace.

Lowest-level resources where you can grant this role:

Project

cloudtrace.traces.patch

telemetry.traces.write

Cloud Trace User

( roles/ cloudtrace.user )

Provides full access to the Trace console and read access to traces.

Lowest-level resources where you can grant this role:

Project

cloudtrace.insights.*

cloudtrace.insights.get
cloudtrace.insights.list

cloudtrace.stats.get

cloudtrace.tasks.*

cloudtrace.tasks.create
cloudtrace.tasks.delete
cloudtrace.tasks.get
cloudtrace.tasks.list

cloudtrace.traceScopes.*

cloudtrace.traceScopes.create
cloudtrace.traceScopes.delete
cloudtrace.traceScopes.get
cloudtrace.traceScopes.list
cloudtrace.traceScopes.update

cloudtrace.traces.get

cloudtrace.traces.list

observability.scopes.get

observability.traceScopes.*

observability. traceScopes. create
observability. traceScopes. delete
observability.traceScopes.get
observability.traceScopes.list
observability. traceScopes. update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Trace permissions

Permission

Included in roles

`cloudtrace.insights.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.insights.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.stats.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.tasks.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.tasks.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

`cloudtrace.tasks.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.tasks.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.traceScopes.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

`cloudtrace.traceScopes.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

`cloudtrace.traceScopes.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.traceScopes.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.traceScopes.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

`cloudtrace.traces.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.traces.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace User ( roles/ cloudtrace.user )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Site Reliability Engineer ( roles/ iam.siteReliabilityEngineer )

Support User ( roles/ iam.supportUser )

`cloudtrace.traces.patch`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Trace Admin ( roles/ cloudtrace.admin )

Cloud Trace Agent ( roles/ cloudtrace.agent )

Firebase App Hosting Compute Runner ( roles/ firebaseapphosting.computeRunner )

Service agent roles

Apigee Service Agent ( roles/ apigee.serviceAgent )
KubeRun Events Data Plane Service Agent ( roles/ kuberun.eventsDataPlaneServiceAgent )
Mesh Data Plane Service Agent ( roles/ meshdataplane.serviceAgent )
Monitoring Service Agent ( roles/ monitoring.notificationServiceAgent )
Vertex AI Reasoning Engine Service Agent ( roles/ aiplatform.reasoningEngineServiceAgent )