Context-aware access enforcement points

This page provides a list of context-aware access enforcement points.

Access policy and session controls are applied whenever a Google service (such as the Google Cloud console, or the Google Cloud CLI when using Application Default Credentials) requests or validates access to a token containing one of the following scopes:

  • https://www.googleapis.com/auth/acr
  • https://www.googleapis.com/auth/acr.dev
  • https://www.googleapis.com/auth/alloydb.login
  • https://www.googleapis.com/auth/appengine.admin
  • https://www.googleapis.com/auth/appengine.apis
  • https://www.googleapis.com/auth/appengine.monitoring
  • https://www.googleapis.com/auth/atap-walnut.upload
  • https://www.googleapis.com/auth/bigquery
  • https://www.googleapis.com/auth/bigquery.insertdata
  • https://www.googleapis.com/auth/bigquery.managetables
  • https://www.googleapis.com/auth/bigquery.querytables
  • https://www.googleapis.com/auth/bigquery.readonly
  • https://www.googleapis.com/auth/bigtable.admin
  • https://www.googleapis.com/auth/bigtable.admin.cluster
  • https://www.googleapis.com/auth/bigtable.admin.instance
  • https://www.googleapis.com/auth/bigtable.admin.table
  • https://www.googleapis.com/auth/bigtable.data
  • https://www.googleapis.com/auth/bigtable.data.readonly
  • https://www.googleapis.com/auth/bigtable.keyvisualizer
  • https://www.googleapis.com/auth/bio
  • https://www.googleapis.com/auth/cloud_debugger
  • https://www.googleapis.com/auth/cloud_debugletcontroller
  • https://www.googleapis.com/auth/cloud-bigtable.admin
  • https://www.googleapis.com/auth/cloud-bigtable.admin.cluster
  • https://www.googleapis.com/auth/cloud-bigtable.admin.table
  • https://www.googleapis.com/auth/cloud-bigtable.data
  • https://www.googleapis.com/auth/cloud-bigtable.data.readonly
  • https://www.googleapis.com/auth/cloud-billing
  • https://www.googleapis.com/auth/cloud-billing-partner-subscriptions.readonly
  • https://www.googleapis.com/auth/cloud-billing.readonly
  • https://www.googleapis.com/auth/cloud-build-service
  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-language
  • https://www.googleapis.com/auth/cloud-license-server
  • https://www.googleapis.com/auth/cloud-messaging
  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/cloud-platform.app-auth
  • https://www.googleapis.com/auth/cloud-platform.read-only
  • https://www.googleapis.com/auth/cloud-scheduler
  • https://www.googleapis.com/auth/cloud-source-tools
  • https://www.googleapis.com/auth/cloud-speech
  • https://www.googleapis.com/auth/cloud-taskqueue
  • https://www.googleapis.com/auth/cloud-taskqueue.consumer
  • https://www.googleapis.com/auth/cloud-tasks
  • https://www.googleapis.com/auth/cloud-tool-results
  • https://www.googleapis.com/auth/cloud-translation
  • https://www.googleapis.com/auth/cloud-video-intelligence
  • https://www.googleapis.com/auth/cloud-vision
  • https://www.googleapis.com/auth/cloud.tpu
  • https://www.googleapis.com/auth/cloud.useraccounts
  • https://www.googleapis.com/auth/cloud.useraccounts.readonly
  • https://www.googleapis.com/auth/cloudcast
  • https://www.googleapis.com/auth/cloudcast.inapp
  • https://www.googleapis.com/auth/cloudcast.internal
  • https://www.googleapis.com/auth/cloudcast.publisher
  • https://www.googleapis.com/auth/cloudchannel.internal
  • https://www.googleapis.com/auth/cloudfunctions
  • https://www.googleapis.com/auth/cloudgroup
  • https://www.googleapis.com/auth/cloudgroup.readonly
  • https://www.googleapis.com/auth/cloudimagemanagement
  • https://www.googleapis.com/auth/cloudinsights
  • https://www.googleapis.com/auth/cloudiot
  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloudlatencytest.updatestats
  • https://www.googleapis.com/auth/cloudmarketplace
  • https://www.googleapis.com/auth/cloudmarketplace.firstparty
  • https://www.googleapis.com/auth/cloudmarketplace.firstparty.test
  • https://www.googleapis.com/auth/cloudmarketplace.readonly
  • https://www.googleapis.com/auth/cloudmarketplaceadmin
  • https://www.googleapis.com/auth/cloudmarketplaceadmin.firstparty
  • https://www.googleapis.com/auth/cloudmarketplaceadmin.firstparty.test
  • https://www.googleapis.com/auth/cloudmarketplacepartner
  • https://www.googleapis.com/auth/cloudmarketplacepartner.firstparty
  • https://www.googleapis.com/auth/cloudmarketplacepartner.firstparty.test
  • https://www.googleapis.com/auth/cloudplatformconfigpolicy
  • https://www.googleapis.com/auth/cloudplatformconfigpolicy.readonly
  • https://www.googleapis.com/auth/cloudplatformfolders
  • https://www.googleapis.com/auth/cloudplatformfolders.readonly
  • https://www.googleapis.com/auth/cloudplatformorganizations
  • https://www.googleapis.com/auth/cloudplatformorganizations.readonly
  • https://www.googleapis.com/auth/cloudplatformprojects
  • https://www.googleapis.com/auth/cloudplatformprojects.readonly
  • https://www.googleapis.com/auth/cloudprofile
  • https://www.googleapis.com/auth/cloudruntimeconfig
  • https://www.googleapis.com/auth/cloudsearch
  • https://www.googleapis.com/auth/cloudsearch.readonly
  • https://www.googleapis.com/auth/cloudsupport
  • https://www.googleapis.com/auth/compute
  • https://www.googleapis.com/auth/compute.readonly
  • https://www.googleapis.com/auth/computeaccounts
  • https://www.googleapis.com/auth/computeaccounts.readonly
  • https://www.googleapis.com/auth/datastore
  • https://www.googleapis.com/auth/datastore.overlay_basis
  • https://www.googleapis.com/auth/datastoremobile
  • https://www.googleapis.com/auth/developersquota
  • https://www.googleapis.com/auth/device_registry
  • https://www.googleapis.com/auth/devstorage.full_control
  • https://www.googleapis.com/auth/devstorage.read_only
  • https://www.googleapis.com/auth/devstorage.read_write
  • https://www.googleapis.com/auth/devstorage.write_only
  • https://www.googleapis.com/auth/dialogflow
  • https://www.googleapis.com/auth/endpoints
  • https://www.googleapis.com/auth/exacycle
  • https://www.googleapis.com/auth/exacycle.readonly
  • https://www.googleapis.com/auth/firebase.appdistribution.tester
  • https://www.googleapis.com/auth/genomics
  • https://www.googleapis.com/auth/genomics.readonly
  • https://www.googleapis.com/auth/goma
  • https://www.googleapis.com/auth/goma_internal
  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/iam.test
  • https://www.googleapis.com/auth/inquisition
  • https://www.googleapis.com/auth/kharon
  • https://www.googleapis.com/auth/learning_powerhouse
  • https://www.googleapis.com/auth/lifescience.dime
  • https://www.googleapis.com/auth/logging.admin
  • https://www.googleapis.com/auth/logging.read
  • https://www.googleapis.com/auth/logging.write
  • https://www.googleapis.com/auth/mobilecrashreporting
  • https://www.googleapis.com/auth/monitoring
  • https://www.googleapis.com/auth/monitoring.read
  • https://www.googleapis.com/auth/monitoring.readonly
  • https://www.googleapis.com/auth/monitoring.write
  • https://www.googleapis.com/auth/ndev.alerting
  • https://www.googleapis.com/auth/ndev.clouddns.readonly
  • https://www.googleapis.com/auth/ndev.clouddns.readwrite
  • https://www.googleapis.com/auth/ndev.cloudman
  • https://www.googleapis.com/auth/ndev.cloudman.agent
  • https://www.googleapis.com/auth/ndev.cloudman.readonly
  • https://www.googleapis.com/auth/ndev.cloudworkflow
  • https://www.googleapis.com/auth/ndev.licenseverification
  • https://www.googleapis.com/auth/prediction
  • https://www.googleapis.com/auth/projecthosting
  • https://www.googleapis.com/auth/pubsub
  • https://www.googleapis.com/auth/replicapool
  • https://www.googleapis.com/auth/replicapool.readonly
  • https://www.googleapis.com/auth/reportcard
  • https://www.googleapis.com/auth/sasportal
  • https://www.googleapis.com/auth/service.management
  • https://www.googleapis.com/auth/service.management.readonly
  • https://www.googleapis.com/auth/servicecontrol
  • https://www.googleapis.com/auth/source.full_control
  • https://www.googleapis.com/auth/source.read_only
  • https://www.googleapis.com/auth/source.read_write
  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/spanner.data
  • https://www.googleapis.com/auth/sqlservice
  • https://www.googleapis.com/auth/sqlservice.admin
  • https://www.googleapis.com/auth/sqlservice.agent
  • https://www.googleapis.com/auth/sqlservice.login
  • https://www.googleapis.com/auth/stackdriver-integration
  • https://www.googleapis.com/auth/stagedoor
  • https://www.googleapis.com/auth/taskqueue
  • https://www.googleapis.com/auth/taskqueue.consumer
  • https://www.googleapis.com/auth/trace.append
  • https://www.googleapis.com/auth/trace.readonly
  • https://www.googleapis.com/auth/virgil
  • https://www.googleapis.com/auth/virgil.managefleet
  • https://www.googleapis.com/auth/virgil.managevm
  • https://www.googleapis.com/auth/virgil.readonly
  • https://www.googleapis.com/auth/virtualcluster
  • https://www.googleapis.com/auth/workflow
  • https://www.googleapis.com/auth/xflume
  • https://www.googleapis.com/auth/zandor
  • https://www.googleapis.com/auth/zandor.readonly