Console
    Contact Us Start free

    Cloud Workstations roles and permissions

    This page lists the IAM roles and permissions for Cloud Workstations. To search through all roles and permissions, see the role and permission index .

    Cloud Workstations roles

    Role
    Permissions

    ( roles/ workstations.admin )

    Grants CRUD access to all Workstation resources.

    compute.acceleratorTypes.*

    • compute.acceleratorTypes.get
    • compute.acceleratorTypes.list

    compute.machineTypes.*

    • compute.machineTypes.get
    • compute.machineTypes.list

    compute.networks.get

    compute.networks.list

    compute.subnetworks.get

    compute.subnetworks.list

    compute.zones.*

    • compute.zones.get
    • compute.zones.list

    iam.serviceAccounts.get

    iam.serviceAccounts.list

    resourcemanager.projects.get

    resourcemanager.projects.list

    workstations.operations.get

    workstations. workstationClusters.*

    • workstations. workstationClusters. create
    • workstations. workstationClusters. createTagBinding
    • workstations. workstationClusters. delete
    • workstations. workstationClusters. deleteTagBinding
    • workstations. workstationClusters. get
    • workstations. workstationClusters. list
    • workstations. workstationClusters. listEffectiveTags
    • workstations. workstationClusters. listTagBindings
    • workstations. workstationClusters. update

    workstations. workstationConfigs.*

    • workstations. workstationConfigs. create
    • workstations. workstationConfigs. delete
    • workstations. workstationConfigs. get
    • workstations. workstationConfigs. getIamPolicy
    • workstations. workstationConfigs. list
    • workstations. workstationConfigs. setIamPolicy
    • workstations. workstationConfigs. update

    workstations. workstations. create

    workstations. workstations. delete

    workstations.workstations.get

    workstations. workstations. getIamPolicy

    workstations.workstations.list

    workstations. workstations. setIamPolicy

    workstations. workstations. start

    workstations.workstations.stop

    workstations. workstations. update

    ( roles/ workstations.networkAdmin )

    Grants ability to connect a Workstation Cluster to a shared VPC network.

    compute.addresses.create

    compute. addresses. createInternal

    compute.addresses.delete

    compute. addresses. deleteInternal

    compute.addresses.get

    compute.addresses.use

    compute.forwardingRules.create

    compute.forwardingRules.delete

    compute.forwardingRules.get

    compute. forwardingRules. pscCreate

    compute. forwardingRules. pscDelete

    compute.globalOperations.get

    compute.networks.get

    compute.networks.updatePolicy

    compute.networks.use

    compute.networks.useExternalIp

    compute.regionOperations.get

    compute.subnetworks.get

    compute.subnetworks.use

    compute. subnetworks. useExternalIp

    compute.zoneOperations.get

    servicedirectory. namespaces. create

    servicedirectory. namespaces. delete

    servicedirectory. services. create

    servicedirectory. services. delete

    ( roles/ workstations.operationViewer )

    Grants ability to view Cloud Workstations API operations.

    workstations.operations.get

    ( roles/ workstations.policyAdmin )

    Grants permission to set IAM policy on workstation.

    workstations. workstations. getIamPolicy

    workstations. workstations. setIamPolicy

    ( roles/ workstations.serviceAgent )

    Grants the Workstations Service Account access to manage resources in consumer project.

    compute.addresses.create

    compute. addresses. createInternal

    compute.addresses.delete

    compute. addresses. deleteInternal

    compute.addresses.get

    compute.addresses.use

    compute.disks.create

    compute.disks.createSnapshot

    compute.disks.createTagBinding

    compute.disks.delete

    compute.disks.deleteTagBinding

    compute.disks.get

    compute.disks.list

    compute.disks.setLabels

    compute.disks.use

    compute.disks.useReadOnly

    compute.firewalls.create

    compute.firewalls.delete

    compute.firewalls.get

    compute.firewalls.update

    compute.forwardingRules.create

    compute.forwardingRules.delete

    compute.forwardingRules.get

    compute. forwardingRules. pscCreate

    compute. forwardingRules. pscDelete

    compute.globalOperations.get

    compute.instances.attachDisk

    compute.instances.create

    compute. instances. createTagBinding

    compute.instances.delete

    compute. instances. deleteTagBinding

    compute.instances.detachDisk

    compute.instances.get

    compute. instances. getGuestAttributes

    compute. instances. getSerialPortOutput

    compute.instances.setLabels

    compute.instances.setMetadata

    compute. instances. setServiceAccount

    compute.instances.setTags

    compute.networks.addPeering

    compute.networks.get

    compute.networks.removePeering

    compute.networks.updatePolicy

    compute.networks.use

    compute.networks.useExternalIp

    compute.regionOperations.get

    compute.regions.get

    compute.reservations.get

    compute.snapshots.create

    compute. snapshots. createTagBinding

    compute.snapshots.delete

    compute. snapshots. deleteTagBinding

    compute.snapshots.get

    compute. snapshots. listTagBindings

    compute.snapshots.setLabels

    compute.snapshots.useReadOnly

    compute.subnetworks.get

    compute.subnetworks.use

    compute. subnetworks. useExternalIp

    compute.zoneOperations.get

    dns. networks. bindPrivateDNSZone

    dns. networks. targetWithPeeringZone

    iam.serviceAccounts.actAs

    iam.serviceAccounts.get

    iam.serviceAccounts.list

    resourcemanager. tagValueBindings.*

    • resourcemanager. tagValueBindings. create
    • resourcemanager. tagValueBindings. delete

    servicedirectory. namespaces. create

    servicedirectory. namespaces. delete

    servicedirectory. services. create

    servicedirectory. services. delete

    serviceusage.services.get

    ( roles/ workstations.user )

    Grants runtime access to Workstation resources.

    workstations.operations.get

    workstations. workstations. delete

    workstations.workstations.get

    workstations. workstations. start

    workstations.workstations.stop

    workstations. workstations. update

    workstations.workstations.use

    ( roles/ workstations.workstationCreator )

    Grants ability to create Workstation resources.

    resourcemanager.projects.get

    resourcemanager.projects.list

    workstations.operations.get

    workstations. workstationClusters. get

    workstations. workstationClusters. list

    workstations. workstationConfigs. get

    workstations. workstations. create

    ( roles/ workstations.workstationLimitExemptedCreator )

    Grants ability to create workstations with exemption from max_usable_workstations Limit.

    resourcemanager.projects.get

    resourcemanager.projects.list

    workstations.operations.get

    workstations. workstationConfigs. get

    workstations. workstations. create

    Cloud Workstations permissions

    Permission Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Operation Viewer ( roles/ workstations.operationViewer )

    Cloud Workstations User ( roles/ workstations.user )

    Cloud Workstations Creator ( roles/ workstations.workstationCreator )

    Cloud Workstations Limit Exempted Creator ( roles/ workstations.workstationLimitExemptedCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Creator ( roles/ workstations.workstationCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Creator ( roles/ workstations.workstationCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Creator ( roles/ workstations.workstationCreator )

    Cloud Workstations Limit Exempted Creator ( roles/ workstations.workstationLimitExemptedCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Creator ( roles/ workstations.workstationCreator )

    Cloud Workstations Limit Exempted Creator ( roles/ workstations.workstationLimitExemptedCreator )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations User ( roles/ workstations.user )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations User ( roles/ workstations.user )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Policy Admin ( roles/ workstations.policyAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations Policy Admin ( roles/ workstations.policyAdmin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations User ( roles/ workstations.user )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations User ( roles/ workstations.user )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Cloud Workstations Admin ( roles/ workstations.admin )

    Cloud Workstations User ( roles/ workstations.user )

    Cloud Workstations User ( roles/ workstations.user )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: