Access control with IAM

Stay organized with collections Save and categorize content based on your preferences.

This document describes roles and permissions for Cloud Hub.

To control access to data displayed in Cloud Hub, use Identity and Access Management (IAM) to assign roles and permissions to users or groups.

The prerequisites and the required roles for Cloud Hub depend on whether or not your Google Cloud organization is configured with app-enabled folders for application management.

Before you begin

Ensure that you have followed the steps to set up Cloud Hub, including enabling the required APIs, setting up App Hub for any resources that you want to manage as App Hub applications, and aggregating your logs, metrics, and traces.

Required roles

This section lists predefined roles for viewing data.

To get the permissions that you need to view data in Cloud Hub, ask your administrator to grant you the following IAM roles:

• View data for a project: Cloud Hub Operator (roles/cloudhub.operator) on on projects that you manage
• View data for an application: App Management Viewer (roles/apphub.appManagementViewer) on the app-enabled folder.

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

The Cloud Hub Operator role is intended for users such as operators and developers who perform their work in specific projects. The App Management Viewer is intended for users such as site reliability engineers (SREs) who are responsible for monitoring the health of all applications under a folder.

For information about support for project data and application data in Cloud Hub, see Application views and project views.

Roles for taking action on data

The Cloud Hub Operator role and the other roles listed in this document only provides permissions to view data. If you want to make a change based on the data, such as opening a support case, creating an alert policy, or updating an App Hub application in App Design Center, you must have the permissions to make those changes. The specific roles or permissions you need depend on the Google Cloud resources that you are responsible for managing.

The documentation for each Cloud Hub page include links to documentation about roles and permissions for some common actions you might take to respond to data you see in Cloud Hub

What's next

• View the Cloud Hub Home page.