Cloud Config Manager API roles and permissions

This page lists the IAM roles and permissions for Cloud Config Manager API. To search through all roles and permissions, see the role and permission index .

Cloud Config Manager API roles

Role

Permissions

Cloud Infrastructure Manager Admin ^Beta

( roles/ config.admin )

Full access to Cloud Infrastructure Manager resources.

config.*

config.artifacts.import
config.deployments.create
config.deployments.delete
config.deployments.deleteState
config.deployments.get
config. deployments. getIamPolicy
config.deployments.getLock
config.deployments.getState
config.deployments.list
config.deployments.lock
config. deployments. setIamPolicy
config.deployments.unlock
config.deployments.update
config.deployments.updateState
config.locations.get
config.locations.list
config.operations.cancel
config.operations.delete
config.operations.get
config.operations.list
config.previews.create
config.previews.delete
config.previews.export
config.previews.get
config.previews.list
config.previews.upload
config.resourcechanges.get
config.resourcechanges.list
config.resourcedrifts.get
config.resourcedrifts.list
config.resources.get
config.resources.list
config.revisions.get
config.revisions.getState
config.revisions.list
config.terraformversions.get
config.terraformversions.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Infrastructure Manager Agent ^Beta

( roles/ config.agent )

Required permissions to make Cloud Infrastructure Manager work with the user-specified service account

cloudbuild.connections.list

cloudbuild. repositories. accessReadToken

cloudbuild.repositories.list

cloudquotas.quotas.get

config.artifacts.import

config.deployments.deleteState

config.deployments.getLock

config.deployments.getState

config.deployments.updateState

config.previews.upload

config.revisions.getState

logging.logEntries.create

monitoring.timeSeries.list

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Cloud Infrastructure Manager Viewer ^Beta

( roles/ config.viewer )

Read-only access to Cloud Infrastructure Manager resources.

config.deployments.get

config. deployments. getIamPolicy

config.deployments.list

config.locations.*

config.locations.get
config.locations.list

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

config.resources.get
config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

config.terraformversions.get
config.terraformversions.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Config Manager API permissions

Permission

Included in roles

`config.artifacts.import`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

`config.deployments.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.deleteState`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

`config.deployments.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config. deployments. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

`config.deployments.getLock`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

`config.deployments.getState`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.lock`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config. deployments. setIamPolicy`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Security Admin ( roles/ iam.securityAdmin )

`config.deployments.unlock`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.deployments.updateState`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

`config.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.operations.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.previews.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.previews.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.previews.export`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

`config.previews.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.previews.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.previews.upload`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

`config.resourcechanges.get`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

`config.resourcechanges.list`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

`config.resourcedrifts.get`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

`config.resourcedrifts.list`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

`config.resources.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.resources.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.revisions.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

SaaS Service Management Service Agent ( roles/ saasservicemgmt.serviceAgent )
Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.revisions.getState`

Owner ( roles/ owner )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Agent ( roles/ config.agent )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.revisions.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

Workload Manager Service Agent ( roles/ workloadmanager.serviceAgent )
DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.terraformversions.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Support User ( roles/ iam.supportUser )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

`config.terraformversions.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

App Management Viewer ( roles/ apphub.appManagementViewer )

Cloud Infrastructure Manager Admin ( roles/ config.admin )

Cloud Infrastructure Manager Viewer ( roles/ config.viewer )

Application Design Center Admin ( roles/ designcenter.admin )

Application Admin ( roles/ designcenter.applicationAdmin )

Application Editor ( roles/ designcenter.applicationEditor )

Application Viewer ( roles/ designcenter.applicationViewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

Service agent roles

DesignCenter Service Agent ( roles/ designcenter.serviceAgent )

Cloud Config Manager API roles and permissions Stay organized with collections Save and categorize content based on your preferences.