Chrome Enterprise Premium roles and permissions

This page lists the IAM roles and permissions for Chrome Enterprise Premium. To search through all roles and permissions, see the role and permission index.

Chrome Enterprise Premium roles

Role Permissions

Role	Permissions
Cloud BeyondCorp Admin ^Beta (`roles/beyondcorp.admin`) Full access to all Cloud BeyondCorp resources.	`beyondcorp.appConnections.` `beyondcorp.appConnections.create` `beyondcorp.appConnections.delete` `beyondcorp.appConnections.get` `beyondcorp.appConnections.getIamPolicy` `beyondcorp.appConnections.list` `beyondcorp.appConnections.setIamPolicy` `beyondcorp.appConnections.update` `beyondcorp.appConnectors.` `beyondcorp.appConnectors.create` `beyondcorp.appConnectors.delete` `beyondcorp.appConnectors.get` `beyondcorp.appConnectors.getIamPolicy` `beyondcorp.appConnectors.list` `beyondcorp.appConnectors.reportStatus` `beyondcorp.appConnectors.setIamPolicy` `beyondcorp.appConnectors.update` `beyondcorp.appGateways.` `beyondcorp.appGateways.create` `beyondcorp.appGateways.delete` `beyondcorp.appGateways.get` `beyondcorp.appGateways.getIamPolicy` `beyondcorp.appGateways.list` `beyondcorp.appGateways.setIamPolicy` `beyondcorp.appGateways.update` `beyondcorp.clientConnectorServices.create` `beyondcorp.clientConnectorServices.delete` `beyondcorp.clientConnectorServices.get` `beyondcorp.clientConnectorServices.getIamPolicy` `beyondcorp.clientConnectorServices.list` `beyondcorp.clientConnectorServices.setIamPolicy` `beyondcorp.clientConnectorServices.update` `beyondcorp.clientGateways.` `beyondcorp.clientGateways.create` `beyondcorp.clientGateways.delete` `beyondcorp.clientGateways.get` `beyondcorp.clientGateways.getIamPolicy` `beyondcorp.clientGateways.list` `beyondcorp.clientGateways.setIamPolicy` `beyondcorp.locations.` `beyondcorp.locations.get` `beyondcorp.locations.list` `beyondcorp.operations.` `beyondcorp.operations.cancel` `beyondcorp.operations.delete` `beyondcorp.operations.get` `beyondcorp.operations.list` `beyondcorp.securityGateways.` `beyondcorp.securityGateways.create` `beyondcorp.securityGateways.delete` `beyondcorp.securityGateways.get` `beyondcorp.securityGateways.getIamPolicy` `beyondcorp.securityGateways.list` `beyondcorp.securityGateways.setIamPolicy` `beyondcorp.securityGateways.update` `beyondcorp.sgApplications.` `beyondcorp.sgApplications.create` `beyondcorp.sgApplications.delete` `beyondcorp.sgApplications.get` `beyondcorp.sgApplications.getIamPolicy` `beyondcorp.sgApplications.list` `beyondcorp.sgApplications.setIamPolicy` `beyondcorp.sgApplications.update` `beyondcorp.subscriptions.*` `beyondcorp.subscriptions.create` `beyondcorp.subscriptions.get` `beyondcorp.subscriptions.list` `beyondcorp.subscriptions.terminate` `beyondcorp.subscriptions.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud BeyondCorp Client Connector Admin ^Beta (`roles/beyondcorp.clientConnectorAdmin`) Full access to all BeyondCorp Client Connector resources.	`beyondcorp.clientConnectorServices.create` `beyondcorp.clientConnectorServices.delete` `beyondcorp.clientConnectorServices.get` `beyondcorp.clientConnectorServices.getIamPolicy` `beyondcorp.clientConnectorServices.list` `beyondcorp.clientConnectorServices.setIamPolicy` `beyondcorp.clientConnectorServices.update` `beyondcorp.clientGateways.*` `beyondcorp.clientGateways.create` `beyondcorp.clientGateways.delete` `beyondcorp.clientGateways.get` `beyondcorp.clientGateways.getIamPolicy` `beyondcorp.clientGateways.list` `beyondcorp.clientGateways.setIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud BeyondCorp Client Connector Service User ^Beta (`roles/beyondcorp.clientConnectorServiceUser`) Access Client Connector Service	`beyondcorp.clientConnectorServices.access`
Cloud BeyondCorp Client Connector Viewer ^Beta (`roles/beyondcorp.clientConnectorViewer`) Read-only access to all BeyondCorp Client Connector resources.	`beyondcorp.clientConnectorServices.get` `beyondcorp.clientConnectorServices.getIamPolicy` `beyondcorp.clientConnectorServices.list` `beyondcorp.clientGateways.get` `beyondcorp.clientGateways.getIamPolicy` `beyondcorp.clientGateways.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud BeyondCorp Partner Service Delegate Admin ^Beta (`roles/beyondcorp.partnerServiceDelegateAdmin`) Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.	`beyondcorp.operations.` `beyondcorp.operations.cancel` `beyondcorp.operations.delete` `beyondcorp.operations.get` `beyondcorp.operations.list` `beyondcorp.partnerTenants.` `beyondcorp.partnerTenants.create` `beyondcorp.partnerTenants.delete` `beyondcorp.partnerTenants.get` `beyondcorp.partnerTenants.list` `beyondcorp.partnerTenants.update` `beyondcorp.proxyConfigs.*` `beyondcorp.proxyConfigs.create` `beyondcorp.proxyConfigs.delete` `beyondcorp.proxyConfigs.get` `beyondcorp.proxyConfigs.list` `beyondcorp.proxyConfigs.update` `resourcemanager.organizations.get`
Cloud BeyondCorp Partner Service Delegate Viewer ^Beta (`roles/beyondcorp.partnerServiceDelegateViewer`) Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.	`beyondcorp.partnerTenants.get` `beyondcorp.partnerTenants.list` `beyondcorp.proxyConfigs.get` `beyondcorp.proxyConfigs.list` `resourcemanager.organizations.get`
Cloud BeyondCorp Subscription Admin ^Beta (`roles/beyondcorp.subscriptionAdmin`) Full access to all BeyondCorp Subscription resources.	`beyondcorp.subscriptions.*` `beyondcorp.subscriptions.create` `beyondcorp.subscriptions.get` `beyondcorp.subscriptions.list` `beyondcorp.subscriptions.terminate` `beyondcorp.subscriptions.update` `resourcemanager.organizations.get`
Cloud BeyondCorp Subscription Viewer ^Beta (`roles/beyondcorp.subscriptionViewer`) Read-only access to all BeyondCorp Subscription resources.	`beyondcorp.subscriptions.get` `beyondcorp.subscriptions.list` `resourcemanager.organizations.get`
Cloud BeyondCorp Viewer ^Beta (`roles/beyondcorp.viewer`) Read-only access to all Cloud BeyondCorp resources.	`beyondcorp.appConnections.get` `beyondcorp.appConnections.getIamPolicy` `beyondcorp.appConnections.list` `beyondcorp.appConnectors.get` `beyondcorp.appConnectors.getIamPolicy` `beyondcorp.appConnectors.list` `beyondcorp.appGateways.get` `beyondcorp.appGateways.getIamPolicy` `beyondcorp.appGateways.list` `beyondcorp.clientConnectorServices.get` `beyondcorp.clientConnectorServices.getIamPolicy` `beyondcorp.clientConnectorServices.list` `beyondcorp.clientGateways.get` `beyondcorp.clientGateways.getIamPolicy` `beyondcorp.clientGateways.list` `beyondcorp.locations.*` `beyondcorp.locations.get` `beyondcorp.locations.list` `beyondcorp.operations.get` `beyondcorp.operations.list` `beyondcorp.securityGateways.get` `beyondcorp.securityGateways.getIamPolicy` `beyondcorp.securityGateways.list` `beyondcorp.sgApplications.get` `beyondcorp.sgApplications.getIamPolicy` `beyondcorp.sgApplications.list` `beyondcorp.subscriptions.get` `beyondcorp.subscriptions.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Cloud BeyondCorp Admin ^Beta

(roles/beyondcorp.admin)

Full access to all Cloud BeyondCorp resources.

beyondcorp.appConnections.*

beyondcorp.appConnections.create
beyondcorp.appConnections.delete
beyondcorp.appConnections.get
beyondcorp.appConnections.getIamPolicy
beyondcorp.appConnections.list
beyondcorp.appConnections.setIamPolicy
beyondcorp.appConnections.update

beyondcorp.appConnectors.*

beyondcorp.appConnectors.create
beyondcorp.appConnectors.delete
beyondcorp.appConnectors.get
beyondcorp.appConnectors.getIamPolicy
beyondcorp.appConnectors.list
beyondcorp.appConnectors.reportStatus
beyondcorp.appConnectors.setIamPolicy
beyondcorp.appConnectors.update

beyondcorp.appGateways.*

beyondcorp.appGateways.create
beyondcorp.appGateways.delete
beyondcorp.appGateways.get
beyondcorp.appGateways.getIamPolicy
beyondcorp.appGateways.list
beyondcorp.appGateways.setIamPolicy
beyondcorp.appGateways.update

beyondcorp.clientConnectorServices.create

beyondcorp.clientConnectorServices.delete

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientConnectorServices.setIamPolicy

beyondcorp.clientConnectorServices.update

beyondcorp.clientGateways.*

beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy

beyondcorp.locations.*

beyondcorp.locations.get
beyondcorp.locations.list

beyondcorp.operations.*

beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list

beyondcorp.securityGateways.*

beyondcorp.securityGateways.create
beyondcorp.securityGateways.delete
beyondcorp.securityGateways.get
beyondcorp.securityGateways.getIamPolicy
beyondcorp.securityGateways.list
beyondcorp.securityGateways.setIamPolicy
beyondcorp.securityGateways.update

beyondcorp.sgApplications.*

beyondcorp.sgApplications.create
beyondcorp.sgApplications.delete
beyondcorp.sgApplications.get
beyondcorp.sgApplications.getIamPolicy
beyondcorp.sgApplications.list
beyondcorp.sgApplications.setIamPolicy
beyondcorp.sgApplications.update

beyondcorp.subscriptions.*

beyondcorp.subscriptions.create
beyondcorp.subscriptions.get
beyondcorp.subscriptions.list
beyondcorp.subscriptions.terminate
beyondcorp.subscriptions.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud BeyondCorp Client Connector Admin ^Beta

(roles/beyondcorp.clientConnectorAdmin)

Full access to all BeyondCorp Client Connector resources.

beyondcorp.clientConnectorServices.create

beyondcorp.clientConnectorServices.delete

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientConnectorServices.setIamPolicy

beyondcorp.clientConnectorServices.update

beyondcorp.clientGateways.*

beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

Cloud BeyondCorp Client Connector Service User ^Beta

(roles/beyondcorp.clientConnectorServiceUser)

Access Client Connector Service

beyondcorp.clientConnectorServices.access

Cloud BeyondCorp Client Connector Viewer ^Beta

(roles/beyondcorp.clientConnectorViewer)

Read-only access to all BeyondCorp Client Connector resources.

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientGateways.get

beyondcorp.clientGateways.getIamPolicy

beyondcorp.clientGateways.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud BeyondCorp Partner Service Delegate Admin ^Beta

(roles/beyondcorp.partnerServiceDelegateAdmin)

Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.

beyondcorp.operations.*

beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list

beyondcorp.partnerTenants.*

beyondcorp.partnerTenants.create
beyondcorp.partnerTenants.delete
beyondcorp.partnerTenants.get
beyondcorp.partnerTenants.list
beyondcorp.partnerTenants.update

beyondcorp.proxyConfigs.*

beyondcorp.proxyConfigs.create
beyondcorp.proxyConfigs.delete
beyondcorp.proxyConfigs.get
beyondcorp.proxyConfigs.list
beyondcorp.proxyConfigs.update

resourcemanager.organizations.get

Cloud BeyondCorp Partner Service Delegate Viewer ^Beta

(roles/beyondcorp.partnerServiceDelegateViewer)

Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.

beyondcorp.partnerTenants.get

beyondcorp.partnerTenants.list

beyondcorp.proxyConfigs.get

beyondcorp.proxyConfigs.list

resourcemanager.organizations.get

Cloud BeyondCorp Subscription Admin ^Beta

(roles/beyondcorp.subscriptionAdmin)

Full access to all BeyondCorp Subscription resources.

beyondcorp.subscriptions.*

beyondcorp.subscriptions.create
beyondcorp.subscriptions.get
beyondcorp.subscriptions.list
beyondcorp.subscriptions.terminate
beyondcorp.subscriptions.update

resourcemanager.organizations.get

Cloud BeyondCorp Subscription Viewer ^Beta

(roles/beyondcorp.subscriptionViewer)

Read-only access to all BeyondCorp Subscription resources.

beyondcorp.subscriptions.get

beyondcorp.subscriptions.list

resourcemanager.organizations.get

Cloud BeyondCorp Viewer ^Beta

(roles/beyondcorp.viewer)

Read-only access to all Cloud BeyondCorp resources.

beyondcorp.appConnections.get

beyondcorp.appConnections.getIamPolicy

beyondcorp.appConnections.list

beyondcorp.appConnectors.get

beyondcorp.appConnectors.getIamPolicy

beyondcorp.appConnectors.list

beyondcorp.appGateways.get

beyondcorp.appGateways.getIamPolicy

beyondcorp.appGateways.list

beyondcorp.clientConnectorServices.get

beyondcorp.clientConnectorServices.getIamPolicy

beyondcorp.clientConnectorServices.list

beyondcorp.clientGateways.get

beyondcorp.clientGateways.getIamPolicy

beyondcorp.clientGateways.list

beyondcorp.locations.*

beyondcorp.locations.get
beyondcorp.locations.list

beyondcorp.operations.get

beyondcorp.operations.list

beyondcorp.securityGateways.get

beyondcorp.securityGateways.getIamPolicy

beyondcorp.securityGateways.list

beyondcorp.sgApplications.get

beyondcorp.sgApplications.getIamPolicy

beyondcorp.sgApplications.list

beyondcorp.subscriptions.get

beyondcorp.subscriptions.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Chrome Enterprise Premium permissions

Permission	Included in roles
`beyondcorp.appConnections.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnections.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnections.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnections.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.appConnections.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnectors.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnectors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnectors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnectors.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnectors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appConnectors.reportStatus`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appConnectors.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.appConnectors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.appGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appGateways.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.appGateways.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.appGateways.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.clientConnectorServices.access`	Cloud BeyondCorp Client Connector Service User (`roles/beyondcorp.clientConnectorServiceUser`)
`beyondcorp.clientConnectorServices.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`)
`beyondcorp.clientConnectorServices.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`)
`beyondcorp.clientConnectorServices.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientConnectorServices.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientConnectorServices.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientConnectorServices.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.clientConnectorServices.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`)
`beyondcorp.clientGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`)
`beyondcorp.clientGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`)
`beyondcorp.clientGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientGateways.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Cloud BeyondCorp Client Connector Viewer (`roles/beyondcorp.clientConnectorViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.clientGateways.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Client Connector Admin (`roles/beyondcorp.clientConnectorAdmin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.partnerTenants.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.partnerTenants.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.partnerTenants.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Partner Service Delegate Viewer (`roles/beyondcorp.partnerServiceDelegateViewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.partnerTenants.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Partner Service Delegate Viewer (`roles/beyondcorp.partnerServiceDelegateViewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.partnerTenants.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.proxyConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.proxyConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.proxyConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Partner Service Delegate Viewer (`roles/beyondcorp.partnerServiceDelegateViewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.proxyConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`) Cloud BeyondCorp Partner Service Delegate Viewer (`roles/beyondcorp.partnerServiceDelegateViewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.proxyConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Partner Service Delegate Admin (`roles/beyondcorp.partnerServiceDelegateAdmin`)
`beyondcorp.securityGateways.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.securityGateways.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.securityGateways.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.securityGateways.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.securityGateways.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.securityGateways.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.securityGateways.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.sgApplications.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.sgApplications.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.sgApplications.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.sgApplications.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.sgApplications.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.sgApplications.setIamPolicy`	Owner (`roles/owner`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Security Admin (`roles/iam.securityAdmin`)
`beyondcorp.sgApplications.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`)
`beyondcorp.subscriptions.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Subscription Admin (`roles/beyondcorp.subscriptionAdmin`)
`beyondcorp.subscriptions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Subscription Admin (`roles/beyondcorp.subscriptionAdmin`) Cloud BeyondCorp Subscription Viewer (`roles/beyondcorp.subscriptionViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.subscriptions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Subscription Admin (`roles/beyondcorp.subscriptionAdmin`) Cloud BeyondCorp Subscription Viewer (`roles/beyondcorp.subscriptionViewer`) Cloud BeyondCorp Viewer (`roles/beyondcorp.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`beyondcorp.subscriptions.terminate`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Subscription Admin (`roles/beyondcorp.subscriptionAdmin`)
`beyondcorp.subscriptions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud BeyondCorp Admin (`roles/beyondcorp.admin`) Cloud BeyondCorp Subscription Admin (`roles/beyondcorp.subscriptionAdmin`)

Chrome Enterprise Premium roles and permissions