This page describes how to control access to Audit Manager by using Identity and Access Management (IAM).
To administer Audit Manager, you must be granted the
Audit Manager Admin
(roles/auditmanager.admin
) role. This role grants you the ability to enable
auditing on a project or folder, generate an audit scope, and to create or view
audit reports.
To create or view audit reports, you must be granted the
Audit Manager Auditor
(roles/auditmanager.auditor
) role.
When specifying one or more buckets to store audit data, you must be granted
a role that contains the storage.buckets.setIamPolicy
permission. Predefined
roles that contain this permission include the
Storage Admin
(roles/storage.admin
) role and the
Storage Legacy Bucket Owner
(roles/storage.legacyBucketOwner
) role.
See the IAM documentation for more information about granting roles.