Console
    Contact Us Start free

    Container Threat Detection roles and permissions

    This page lists the IAM roles and permissions for Container Threat Detection. To search through all roles and permissions, see the role and permission index .

    Container Threat Detection roles

    Role
    Permissions

    ( roles/ containerthreatdetection.serviceAgent )

    Gives Container Threat Detection service account access to enable/disable Container Threat Detection and manage the Container Threat Detection Agent on Google Kubernetes Engine clusters.

    container.apiServices.get

    container. apiServices. getStatus

    container.apiServices.list

    container.auditSinks.get

    container.auditSinks.list

    container.backendConfigs.get

    container.backendConfigs.list

    container.bindings.get

    container.bindings.list

    container. certificateSigningRequests. get

    container. certificateSigningRequests. getStatus

    container. certificateSigningRequests. list

    container. clusterRoleBindings.*

    • container. clusterRoleBindings. create
    • container. clusterRoleBindings. delete
    • container. clusterRoleBindings. get
    • container. clusterRoleBindings. list
    • container. clusterRoleBindings. update

    container.clusterRoles.*

    • container.clusterRoles.bind
    • container.clusterRoles.create
    • container.clusterRoles.delete
    • container. clusterRoles. escalate
    • container.clusterRoles.get
    • container.clusterRoles.list
    • container.clusterRoles.update

    container.clusters.connect

    container.clusters.get

    container.clusters.list

    container.componentStatuses.*

    • container. componentStatuses. get
    • container. componentStatuses. list

    container.configMaps.get

    container.configMaps.list

    container. controllerRevisions. get

    container. controllerRevisions. list

    container.cronJobs.get

    container.cronJobs.getStatus

    container.cronJobs.list

    container.csiDrivers.get

    container.csiDrivers.list

    container.csiNodeInfos.get

    container.csiNodeInfos.list

    container.csiNodes.get

    container.csiNodes.list

    container. customResourceDefinitions. create

    container. customResourceDefinitions. delete

    container. customResourceDefinitions. get

    container. customResourceDefinitions. getStatus

    container. customResourceDefinitions. list

    container. customResourceDefinitions. update

    container.daemonSets.*

    • container.daemonSets.create
    • container.daemonSets.delete
    • container.daemonSets.get
    • container.daemonSets.getStatus
    • container.daemonSets.list
    • container.daemonSets.update
    • container. daemonSets. updateStatus

    container.deployments.get

    container.deployments.getScale

    container. deployments. getStatus

    container.deployments.list

    container.endpointSlices.get

    container.endpointSlices.list

    container.endpoints.get

    container.endpoints.list

    container.events.get

    container.events.list

    container.frontendConfigs.get

    container.frontendConfigs.list

    container. horizontalPodAutoscalers. get

    container. horizontalPodAutoscalers. getStatus

    container. horizontalPodAutoscalers. list

    container.ingresses.get

    container.ingresses.getStatus

    container.ingresses.list

    container. initializerConfigurations. get

    container. initializerConfigurations. list

    container.jobs.get

    container.jobs.getStatus

    container.jobs.list

    container.leases.get

    container.leases.list

    container.limitRanges.get

    container.limitRanges.list

    container. managedCertificates. get

    container. managedCertificates. list

    container. mutatingWebhookConfigurations. get

    container. mutatingWebhookConfigurations. list

    container.namespaces.get

    container.namespaces.getStatus

    container.namespaces.list

    container.networkPolicies.get

    container.networkPolicies.list

    container. networkPolicies. update

    container.nodes.get

    container.nodes.getStatus

    container.nodes.list

    container.operations.*

    • container.operations.get
    • container.operations.list

    container. persistentVolumeClaims. get

    container. persistentVolumeClaims. getStatus

    container. persistentVolumeClaims. list

    container. persistentVolumes. get

    container. persistentVolumes. getStatus

    container. persistentVolumes. list

    container.petSets.get

    container.petSets.list

    container. podDisruptionBudgets. get

    container. podDisruptionBudgets. getStatus

    container. podDisruptionBudgets. list

    container.podPresets.get

    container.podPresets.list

    container. podSecurityPolicies. get

    container. podSecurityPolicies. list

    container.podTemplates.get

    container.podTemplates.list

    container.pods.attach

    container.pods.create

    container.pods.delete

    container.pods.exec

    container.pods.get

    container.pods.getLogs

    container.pods.getStatus

    container.pods.list

    container.pods.portForward

    container.pods.update

    container.priorityClasses.get

    container.priorityClasses.list

    container.replicaSets.get

    container.replicaSets.getScale

    container. replicaSets. getStatus

    container.replicaSets.list

    container. replicationControllers. get

    container. replicationControllers. getScale

    container. replicationControllers. getStatus

    container. replicationControllers. list

    container.resourceQuotas.get

    container. resourceQuotas. getStatus

    container.resourceQuotas.list

    container.roleBindings.*

    • container.roleBindings.create
    • container.roleBindings.delete
    • container.roleBindings.get
    • container.roleBindings.list
    • container.roleBindings.update

    container.roles.*

    • container.roles.bind
    • container.roles.create
    • container.roles.delete
    • container.roles.escalate
    • container.roles.get
    • container.roles.list
    • container.roles.update

    container.runtimeClasses.get

    container.runtimeClasses.list

    container.scheduledJobs.get

    container.scheduledJobs.list

    container.secrets.create

    container.secrets.delete

    container.secrets.list

    container.secrets.update

    container. serviceAccounts. create

    container. serviceAccounts. delete

    container.serviceAccounts.get

    container.serviceAccounts.list

    container. serviceAccounts. update

    container.services.get

    container.services.getStatus

    container.services.list

    container.statefulSets.get

    container. statefulSets. getScale

    container. statefulSets. getStatus

    container.statefulSets.list

    container.storageClasses.get

    container.storageClasses.list

    container.storageStates.get

    container. storageStates. getStatus

    container.storageStates.list

    container. storageVersionMigrations. get

    container. storageVersionMigrations. getStatus

    container. storageVersionMigrations. list

    container. thirdPartyObjects. get

    container. thirdPartyObjects. list

    container. thirdPartyResources. get

    container. thirdPartyResources. list

    container.tokenReviews.create

    container.updateInfos.get

    container.updateInfos.list

    container. validatingWebhookConfigurations. get

    container. validatingWebhookConfigurations. list

    container. volumeAttachments. get

    container. volumeAttachments. getStatus

    container. volumeAttachments. list

    container. volumeSnapshotClasses. get

    container. volumeSnapshotClasses. list

    container. volumeSnapshotContents. get

    container. volumeSnapshotContents. getStatus

    container. volumeSnapshotContents. list

    container.volumeSnapshots.get

    container.volumeSnapshots.list

    recommender. containerDiagnosisInsights. get

    recommender. containerDiagnosisInsights. list

    recommender. containerDiagnosisRecommendations. get

    recommender. containerDiagnosisRecommendations. list

    recommender.locations.*

    • recommender.locations.get
    • recommender.locations.list

    recommender. networkAnalyzerGkeConnectivityInsights. get

    recommender. networkAnalyzerGkeConnectivityInsights. list

    recommender. networkAnalyzerGkeIpAddressInsights. get

    recommender. networkAnalyzerGkeIpAddressInsights. list

    resourcemanager.projects.get

    resourcemanager.projects.list

    Container Threat Detection permissions

    There are no IAM permissions for this service.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: