Control access with IAM

This page describes the IAM roles and permissions that are required to set up and use Audit Manager.

User	Task	Roles and permissions
Administrator	Set up Audit Manager access	Audit Manager Admin (`roles/auditmanager.admin`) This role grants users the ability to enable auditing on a project or folder, generate an audit scope, and create or view Audit Manager reports. Storage Admin (`roles/storage.admin`) or Storage Legacy Bucket Owner (`roles/storage.legacyBucketOwner`) These roles grant users the ability to create, overwrite, and delete storage buckets. Users need to specify a storage bucket when enrolling a resource for auditing. `resourcemanager.organizations.setIamPolicy` This additional permission is required to enroll an organization. `resourcemanager.folders.setIamPolicy` This additional permission is required to enroll a folder.
Auditor	Run audit and view reports	Audit Manager Auditor (`roles/auditmanager.auditor`) This role grants users the ability to generate an audit scope, and to create or view Audit Manager reports. Storage Legacy Object Reader (`roles/storage.legacyObjectReader`) This role grants users the ability to read storage buckets.

For more information about granting roles, see the IAM documentation.

What's next