Binary Authorization roles and permissions

This page lists the IAM roles and permissions for Binary Authorization. To search through all roles and permissions, see the role and permission index.

Binary Authorization roles

Role Permissions

(roles/binaryauthorization.attestorsAdmin)

Administrator of Binary Authorization Attestors

binaryauthorization.attestors.*

  • binaryauthorization.attestors.create
  • binaryauthorization.attestors.delete
  • binaryauthorization.attestors.get
  • binaryauthorization.attestors.getIamPolicy
  • binaryauthorization.attestors.list
  • binaryauthorization.attestors.setIamPolicy
  • binaryauthorization.attestors.update
  • binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.attestorsEditor)

Editor of Binary Authorization Attestors

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.attestorsVerifier)

Caller of Binary Authorization Attestors VerifyImageAttested

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.attestorsViewer)

Viewer of Binary Authorization Attestors

binaryauthorization.attestors.get

binaryauthorization.attestors.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.policyAdmin)

Administrator of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.*

  • binaryauthorization.continuousValidationConfig.get
  • binaryauthorization.continuousValidationConfig.getIamPolicy
  • binaryauthorization.continuousValidationConfig.setIamPolicy
  • binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

  • binaryauthorization.platformPolicies.create
  • binaryauthorization.platformPolicies.delete
  • binaryauthorization.platformPolicies.evaluatePolicy
  • binaryauthorization.platformPolicies.get
  • binaryauthorization.platformPolicies.list
  • binaryauthorization.platformPolicies.replace

binaryauthorization.policy.*

  • binaryauthorization.policy.evaluatePolicy
  • binaryauthorization.policy.get
  • binaryauthorization.policy.getIamPolicy
  • binaryauthorization.policy.setIamPolicy
  • binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.policyEditor)

Editor of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

  • binaryauthorization.platformPolicies.create
  • binaryauthorization.platformPolicies.delete
  • binaryauthorization.platformPolicies.evaluatePolicy
  • binaryauthorization.platformPolicies.get
  • binaryauthorization.platformPolicies.list
  • binaryauthorization.platformPolicies.replace

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.policyEvaluator)

Evaluator of Binary Authorization Policy

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.policyViewer)

Viewer of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

(roles/binaryauthorization.serviceAgent)

Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

artifactregistry.dockerimages.get

artifactregistry.repositories.downloadArtifacts

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.policy.evaluatePolicy

cloudasset.assets.exportResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.listOccurrences

containeranalysis.occurrences.get

containeranalysis.occurrences.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.list

Binary Authorization permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)