Multi-Cluster Ingress roles and permissions

This page lists the IAM roles and permissions for Multi-Cluster Ingress. To search through all roles and permissions, see the role and permission index .

Multi-Cluster Ingress roles

Role

Permissions

Multi Cluster Ingress Service Agent

( roles/ multiclusteringress.serviceAgent )

Gives the Multi Cluster Ingress service agent access to CloudPlatform resources.

certificatemanager. certissuanceconfigs. create

certificatemanager. certissuanceconfigs. delete

certificatemanager. certissuanceconfigs. get

certificatemanager. certissuanceconfigs. list

certificatemanager. certissuanceconfigs. listEffectiveTags

certificatemanager. certissuanceconfigs. listTagBindings

certificatemanager. certissuanceconfigs. update

certificatemanager. certissuanceconfigs. use

certificatemanager. certmapentries. create

certificatemanager. certmapentries. delete

certificatemanager. certmapentries. get

certificatemanager. certmapentries. list

certificatemanager. certmapentries. listEffectiveTags

certificatemanager. certmapentries. listTagBindings

certificatemanager. certmapentries. update

certificatemanager. certmaps. create

certificatemanager. certmaps. delete

certificatemanager. certmaps. get

certificatemanager. certmaps. list

certificatemanager. certmaps. listEffectiveTags

certificatemanager. certmaps. listTagBindings

certificatemanager. certmaps. update

certificatemanager. certmaps. use

certificatemanager. certs. create

certificatemanager. certs. delete

certificatemanager.certs.get

certificatemanager.certs.list

certificatemanager. certs. listEffectiveTags

certificatemanager. certs. listTagBindings

certificatemanager. certs. update

certificatemanager.certs.use

certificatemanager. dnsauthorizations. create

certificatemanager. dnsauthorizations. delete

certificatemanager. dnsauthorizations. get

certificatemanager. dnsauthorizations. list

certificatemanager. dnsauthorizations. listEffectiveTags

certificatemanager. dnsauthorizations. listTagBindings

certificatemanager. dnsauthorizations. update

certificatemanager. dnsauthorizations. use

compute.addresses.create

compute. addresses. createInternal

compute.addresses.delete

compute. addresses. deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.backendServices.*

compute. backendServices. addSignedUrlKey
compute.backendServices.create
compute. backendServices. createTagBinding
compute.backendServices.delete
compute. backendServices. deleteSignedUrlKey
compute. backendServices. deleteTagBinding
compute.backendServices.get
compute. backendServices. getIamPolicy
compute.backendServices.list
compute. backendServices. listEffectiveTags
compute. backendServices. listTagBindings
compute. backendServices. setIamPolicy
compute. backendServices. setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.firewalls.*

compute.firewalls.create
compute. firewalls. createTagBinding
compute.firewalls.delete
compute. firewalls. deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute. firewalls. listEffectiveTags
compute. firewalls. listTagBindings
compute.firewalls.update

compute.forwardingRules.*

compute.forwardingRules.create
compute. forwardingRules. createTagBinding
compute.forwardingRules.delete
compute. forwardingRules. deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute. forwardingRules. listEffectiveTags
compute. forwardingRules. listTagBindings
compute. forwardingRules. pscCreate
compute. forwardingRules. pscDelete
compute. forwardingRules. pscSetLabels
compute. forwardingRules. pscUpdate
compute. forwardingRules. setLabels
compute. forwardingRules. setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.create

compute.globalAddresses.delete

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalAddresses.use

compute. globalForwardingRules.*

compute. globalForwardingRules. create
compute. globalForwardingRules. createTagBinding
compute. globalForwardingRules. delete
compute. globalForwardingRules. deleteTagBinding
compute. globalForwardingRules. get
compute. globalForwardingRules. list
compute. globalForwardingRules. listEffectiveTags
compute. globalForwardingRules. listTagBindings
compute. globalForwardingRules. pscCreate
compute. globalForwardingRules. pscDelete
compute. globalForwardingRules. pscSetLabels
compute. globalForwardingRules. pscUpdate
compute. globalForwardingRules. setLabels
compute. globalForwardingRules. setTarget
compute. globalForwardingRules. update

compute.globalOperations.get

compute.healthChecks.*

compute.healthChecks.create
compute. healthChecks. createTagBinding
compute.healthChecks.delete
compute. healthChecks. deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute. healthChecks. listEffectiveTags
compute. healthChecks. listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute. healthChecks. useReadOnly

compute. networkEndpointGroups. get

compute. networkEndpointGroups. list

compute. networkEndpointGroups. use

compute.networks.updatePolicy

compute.networks.use

compute. regionBackendServices.*

compute. regionBackendServices. create
compute. regionBackendServices. createTagBinding
compute. regionBackendServices. delete
compute. regionBackendServices. deleteTagBinding
compute. regionBackendServices. get
compute. regionBackendServices. getIamPolicy
compute. regionBackendServices. list
compute. regionBackendServices. listEffectiveTags
compute. regionBackendServices. listTagBindings
compute. regionBackendServices. setIamPolicy
compute. regionBackendServices. setSecurityPolicy
compute. regionBackendServices. update
compute. regionBackendServices. use

compute.regionHealthChecks.*

compute. regionHealthChecks. create
compute. regionHealthChecks. createTagBinding
compute. regionHealthChecks. delete
compute. regionHealthChecks. deleteTagBinding
compute.regionHealthChecks.get
compute. regionHealthChecks. list
compute. regionHealthChecks. listEffectiveTags
compute. regionHealthChecks. listTagBindings
compute. regionHealthChecks. update
compute.regionHealthChecks.use
compute. regionHealthChecks. useReadOnly

compute.regionOperations.get

compute. regionSslCertificates.*

compute. regionSslCertificates. create
compute. regionSslCertificates. createTagBinding
compute. regionSslCertificates. delete
compute. regionSslCertificates. deleteTagBinding
compute. regionSslCertificates. get
compute. regionSslCertificates. list
compute. regionSslCertificates. listEffectiveTags
compute. regionSslCertificates. listTagBindings

compute.regionSslPolicies.use

compute. regionTargetHttpProxies.*

compute. regionTargetHttpProxies. create
compute. regionTargetHttpProxies. createTagBinding
compute. regionTargetHttpProxies. delete
compute. regionTargetHttpProxies. deleteTagBinding
compute. regionTargetHttpProxies. get
compute. regionTargetHttpProxies. list
compute. regionTargetHttpProxies. listEffectiveTags
compute. regionTargetHttpProxies. listTagBindings
compute. regionTargetHttpProxies. setUrlMap
compute. regionTargetHttpProxies. use

compute. regionTargetHttpsProxies.*

compute. regionTargetHttpsProxies. create
compute. regionTargetHttpsProxies. createTagBinding
compute. regionTargetHttpsProxies. delete
compute. regionTargetHttpsProxies. deleteTagBinding
compute. regionTargetHttpsProxies. get
compute. regionTargetHttpsProxies. list
compute. regionTargetHttpsProxies. listEffectiveTags
compute. regionTargetHttpsProxies. listTagBindings
compute. regionTargetHttpsProxies. setSslCertificates
compute. regionTargetHttpsProxies. setUrlMap
compute. regionTargetHttpsProxies. update
compute. regionTargetHttpsProxies. use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute. regionUrlMaps. createTagBinding
compute.regionUrlMaps.delete
compute. regionUrlMaps. deleteTagBinding
compute.regionUrlMaps.get
compute. regionUrlMaps. invalidateCache
compute.regionUrlMaps.list
compute. regionUrlMaps. listEffectiveTags
compute. regionUrlMaps. listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.securityPolicies.use

compute.sslCertificates.*

compute.sslCertificates.create
compute. sslCertificates. createTagBinding
compute.sslCertificates.delete
compute. sslCertificates. deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute. sslCertificates. listEffectiveTags
compute. sslCertificates. listTagBindings

compute.sslPolicies.use

compute.subnetworks.list

compute.subnetworks.use

compute.targetHttpProxies.*

compute. targetHttpProxies. create
compute. targetHttpProxies. createTagBinding
compute. targetHttpProxies. delete
compute. targetHttpProxies. deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute. targetHttpProxies. listEffectiveTags
compute. targetHttpProxies. listTagBindings
compute. targetHttpProxies. setUrlMap
compute. targetHttpProxies. update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute. targetHttpsProxies. create
compute. targetHttpsProxies. createTagBinding
compute. targetHttpsProxies. delete
compute. targetHttpsProxies. deleteTagBinding
compute.targetHttpsProxies.get
compute. targetHttpsProxies. list
compute. targetHttpsProxies. listEffectiveTags
compute. targetHttpsProxies. listTagBindings
compute. targetHttpsProxies. setCertificateMap
compute. targetHttpsProxies. setQuicOverride
compute. targetHttpsProxies. setSslCertificates
compute. targetHttpsProxies. setSslPolicy
compute. targetHttpsProxies. setUrlMap
compute. targetHttpsProxies. update
compute.targetHttpsProxies.use

compute.urlMaps.*

compute.urlMaps.create
compute. urlMaps. createTagBinding
compute.urlMaps.delete
compute. urlMaps. deleteTagBinding
compute.urlMaps.get
compute. urlMaps. invalidateCache
compute.urlMaps.list
compute. urlMaps. listEffectiveTags
compute. urlMaps. listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.zoneOperations.get

container.backendConfigs.*

container. backendConfigs. create
container. backendConfigs. delete
container.backendConfigs.get
container.backendConfigs.list
container. backendConfigs. update

container.clusters.get

container. customResourceDefinitions. create

container. customResourceDefinitions. delete

container. customResourceDefinitions. get

container. customResourceDefinitions. list

container. customResourceDefinitions. update

container.deployments.*

container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container. deployments. getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container. deployments. updateScale
container. deployments. updateStatus

container.events.create

container.events.update

container.frontendConfigs.*

container. frontendConfigs. create
container. frontendConfigs. delete
container.frontendConfigs.get
container.frontendConfigs.list
container. frontendConfigs. update

container.namespaces.list

container.secrets.get

container.secrets.list

container.services.*

container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container. services. updateStatus

container.thirdPartyObjects.*

container. thirdPartyObjects. create
container. thirdPartyObjects. delete
container. thirdPartyObjects. get
container. thirdPartyObjects. list
container. thirdPartyObjects. update

gkehub.features.get

gkehub.gateway.delete

gkehub. gateway. generateCredentials

gkehub.gateway.get

gkehub.gateway.patch

gkehub.gateway.post

gkehub.gateway.put

gkehub.locations.*

gkehub.locations.get
gkehub.locations.list

gkehub.memberships.get

gkehub.memberships.list

networkservices. lbRouteExtensions.*

networkservices. lbRouteExtensions. create
networkservices. lbRouteExtensions. delete
networkservices. lbRouteExtensions. get
networkservices. lbRouteExtensions. list
networkservices. lbRouteExtensions. update

networkservices. lbTrafficExtensions.*

networkservices. lbTrafficExtensions. create
networkservices. lbTrafficExtensions. delete
networkservices. lbTrafficExtensions. get
networkservices. lbTrafficExtensions. list
networkservices. lbTrafficExtensions. update

networkservices.wasmPlugins.*

networkservices. wasmPlugins. create
networkservices. wasmPlugins. delete
networkservices. wasmPlugins. get
networkservices. wasmPlugins. list
networkservices. wasmPlugins. update
networkservices. wasmPlugins. use

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

Multi-Cluster Ingress permissions

There are no IAM permissions for this service.