Console
    Contact Us Start free

    GKE Multi-Cloud roles and permissions

    This page lists the IAM roles and permissions for GKE Multi-Cloud. To search through all roles and permissions, see the role and permission index .

    GKE Multi-Cloud roles

    Role
    Permissions

    ( roles/ gkemulticloud.admin )

    Admin access to Anthos Multi-cloud resources.

    gkemulticloud.*

    • gkemulticloud. attachedClusters. create
    • gkemulticloud. attachedClusters. createTagBinding
    • gkemulticloud. attachedClusters. delete
    • gkemulticloud. attachedClusters. deleteTagBinding
    • gkemulticloud. attachedClusters. generateInstallManifest
    • gkemulticloud. attachedClusters. get
    • gkemulticloud. attachedClusters. import
    • gkemulticloud. attachedClusters. list
    • gkemulticloud. attachedClusters. listEffectiveTags
    • gkemulticloud. attachedClusters. listTagBindings
    • gkemulticloud. attachedClusters. update
    • gkemulticloud. attachedServerConfigs. get
    • gkemulticloud. awsClusters. create
    • gkemulticloud. awsClusters. delete
    • gkemulticloud. awsClusters. generateAccessToken
    • gkemulticloud.awsClusters.get
    • gkemulticloud. awsClusters. getAdminKubeconfig
    • gkemulticloud.awsClusters.list
    • gkemulticloud. awsClusters. update
    • gkemulticloud. awsNodePools. create
    • gkemulticloud. awsNodePools. delete
    • gkemulticloud.awsNodePools.get
    • gkemulticloud. awsNodePools. list
    • gkemulticloud. awsNodePools. update
    • gkemulticloud. awsServerConfigs. get
    • gkemulticloud. azureClients. create
    • gkemulticloud. azureClients. delete
    • gkemulticloud.azureClients.get
    • gkemulticloud. azureClients. list
    • gkemulticloud. azureClusters. create
    • gkemulticloud. azureClusters. delete
    • gkemulticloud. azureClusters. generateAccessToken
    • gkemulticloud. azureClusters. get
    • gkemulticloud. azureClusters. getAdminKubeconfig
    • gkemulticloud. azureClusters. list
    • gkemulticloud. azureClusters. update
    • gkemulticloud. azureNodePools. create
    • gkemulticloud. azureNodePools. delete
    • gkemulticloud. azureNodePools. get
    • gkemulticloud. azureNodePools. list
    • gkemulticloud. azureNodePools. update
    • gkemulticloud. azureServerConfigs. get
    • gkemulticloud. operations. cancel
    • gkemulticloud. operations. delete
    • gkemulticloud.operations.get
    • gkemulticloud.operations.list
    • gkemulticloud.operations.wait

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ gkemulticloud.containerServiceAgent )

    Grants the Anthos Multi-Cloud Container Service Account access to manage resources.

    binaryauthorization. platformPolicies. evaluatePolicy

    binaryauthorization. platformPolicies. get

    binaryauthorization. platformPolicies. list

    binaryauthorization. policy. evaluatePolicy

    binaryauthorization.policy.get

    cloudnotifications. activities. list

    kubernetesmetadata.*

    • kubernetesmetadata. metadata. config
    • kubernetesmetadata. metadata. publish
    • kubernetesmetadata. metadata. snapshot

    logging.logEntries.create

    logging.logEntries.route

    monitoring.alertPolicies.get

    monitoring.alertPolicies.list

    monitoring. alertPolicies. listEffectiveTags

    monitoring. alertPolicies. listTagBindings

    monitoring.alerts.*

    • monitoring.alerts.get
    • monitoring.alerts.list

    monitoring.dashboards.get

    monitoring.dashboards.list

    monitoring. dashboards. listEffectiveTags

    monitoring. dashboards. listTagBindings

    monitoring.groups.get

    monitoring.groups.list

    monitoring. metricDescriptors. create

    monitoring. metricDescriptors. get

    monitoring. metricDescriptors. list

    monitoring. monitoredResourceDescriptors.*

    • monitoring. monitoredResourceDescriptors. get
    • monitoring. monitoredResourceDescriptors. list

    monitoring. notificationChannelDescriptors.*

    • monitoring. notificationChannelDescriptors. get
    • monitoring. notificationChannelDescriptors. list

    monitoring. notificationChannels. get

    monitoring. notificationChannels. list

    monitoring.services.get

    monitoring.services.list

    monitoring.slos.get

    monitoring.slos.list

    monitoring.snoozes.get

    monitoring.snoozes.list

    monitoring.timeSeries.*

    • monitoring.timeSeries.create
    • monitoring.timeSeries.list

    monitoring. uptimeCheckConfigs. get

    monitoring. uptimeCheckConfigs. list

    opsconfigmonitoring.*

    • opsconfigmonitoring. resourceMetadata. list
    • opsconfigmonitoring. resourceMetadata. write

    resourcemanager.projects.get

    resourcemanager.projects.list

    serviceusage.services.use

    stackdriver.projects.get

    stackdriver. resourceMetadata. list

    telemetry.metrics.write

    ( roles/ gkemulticloud.controlPlaneMachineServiceAgent )

    Grants the Anthos Multi-Cloud Control Plane Machine Service Account access to manage resources.

    artifactregistry. dockerimages. get

    artifactregistry. repositories. downloadArtifacts

    artifactregistry. repositories. get

    serviceusage.services.use

    ( roles/ gkemulticloud.nodePoolMachineServiceAgent )

    Grants the Anthos Multi-Cloud Node Pool Machine Service Account access to manage resources.

    artifactregistry. dockerimages. get

    artifactregistry. repositories. downloadArtifacts

    artifactregistry. repositories. get

    serviceusage.services.use

    ( roles/ gkemulticloud.serviceAgent )

    Grants the Anthos Multi-Cloud Service Account access to manage resources.

    gkehub.features.*

    • gkehub.features.create
    • gkehub.features.delete
    • gkehub.features.get
    • gkehub.features.getIamPolicy
    • gkehub.features.list
    • gkehub.features.setIamPolicy
    • gkehub.features.update

    gkehub.fleet.*

    • gkehub.fleet.create
    • gkehub.fleet.createFreeTrial
    • gkehub.fleet.delete
    • gkehub.fleet.get
    • gkehub.fleet.getFreeTrial
    • gkehub.fleet.update
    • gkehub.fleet.updateFreeTrial

    gkehub.locations.*

    • gkehub.locations.get
    • gkehub.locations.list

    gkehub.membershipbindings.*

    • gkehub. membershipbindings. create
    • gkehub. membershipbindings. delete
    • gkehub.membershipbindings.get
    • gkehub.membershipbindings.list
    • gkehub. membershipbindings. update

    gkehub.membershipfeatures.*

    • gkehub. membershipfeatures. create
    • gkehub. membershipfeatures. delete
    • gkehub.membershipfeatures.get
    • gkehub.membershipfeatures.list
    • gkehub. membershipfeatures. update

    gkehub.memberships.*

    • gkehub.memberships.create
    • gkehub.memberships.delete
    • gkehub. memberships. generateConnectManifest
    • gkehub.memberships.get
    • gkehub. memberships. getIamPolicy
    • gkehub.memberships.list
    • gkehub. memberships. setIamPolicy
    • gkehub.memberships.update

    gkehub.namespaces.*

    • gkehub.namespaces.create
    • gkehub.namespaces.delete
    • gkehub.namespaces.get
    • gkehub.namespaces.list
    • gkehub.namespaces.update

    gkehub.operations.*

    • gkehub.operations.cancel
    • gkehub.operations.delete
    • gkehub.operations.get
    • gkehub.operations.list

    gkehub.rbacrolebindings.*

    • gkehub.rbacrolebindings.create
    • gkehub.rbacrolebindings.delete
    • gkehub.rbacrolebindings.get
    • gkehub.rbacrolebindings.list
    • gkehub.rbacrolebindings.update

    gkehub.scopes.create

    gkehub.scopes.delete

    gkehub.scopes.get

    gkehub.scopes.getIamPolicy

    gkehub.scopes.list

    gkehub. scopes. listBoundMemberships

    gkehub.scopes.update

    gkemulticloud. awsClusters. delete

    gkemulticloud. awsNodePools. delete

    gkemulticloud. azureClients. delete

    gkemulticloud. azureClusters. delete

    gkemulticloud. azureNodePools. delete

    resourcemanager.projects.get

    resourcemanager.projects.list

    ( roles/ gkemulticloud.telemetryWriter )

    Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.

    kubernetesmetadata.*

    • kubernetesmetadata. metadata. config
    • kubernetesmetadata. metadata. publish
    • kubernetesmetadata. metadata. snapshot

    logging.logEntries.create

    logging.logEntries.route

    monitoring. metricDescriptors. create

    monitoring. metricDescriptors. get

    monitoring. metricDescriptors. list

    monitoring. monitoredResourceDescriptors.*

    • monitoring. monitoredResourceDescriptors. get
    • monitoring. monitoredResourceDescriptors. list

    monitoring.timeSeries.create

    opsconfigmonitoring. resourceMetadata. write

    telemetry.metrics.write

    ( roles/ gkemulticloud.viewer )

    Viewer access to Anthos Multi-cloud resources.

    gkemulticloud. attachedClusters. generateInstallManifest

    gkemulticloud. attachedClusters. get

    gkemulticloud. attachedClusters. list

    gkemulticloud. attachedClusters. listEffectiveTags

    gkemulticloud. attachedClusters. listTagBindings

    gkemulticloud. attachedServerConfigs. get

    gkemulticloud. awsClusters. generateAccessToken

    gkemulticloud.awsClusters.get

    gkemulticloud.awsClusters.list

    gkemulticloud.awsNodePools.get

    gkemulticloud. awsNodePools. list

    gkemulticloud. awsServerConfigs. get

    gkemulticloud.azureClients.get

    gkemulticloud. azureClients. list

    gkemulticloud. azureClusters. generateAccessToken

    gkemulticloud. azureClusters. get

    gkemulticloud. azureClusters. list

    gkemulticloud. azureNodePools. get

    gkemulticloud. azureNodePools. list

    gkemulticloud. azureServerConfigs. get

    gkemulticloud.operations.get

    gkemulticloud.operations.list

    gkemulticloud.operations.wait

    resourcemanager.projects.get

    resourcemanager.projects.list

    GKE Multi-Cloud permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Tag User ( roles/ resourcemanager.tagUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Service agent roles

    Owner ( roles/ owner )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Anthos Multi-cloud Admin ( roles/ gkemulticloud.admin )

    Anthos Multi-cloud Viewer ( roles/ gkemulticloud.viewer )

    Support User ( roles/ iam.supportUser )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: