Cloud Controls Partner API roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Cloud Controls Partner API. To search through all roles and permissions, see the role and permission index.

Cloud Controls Partner API roles

Role Permissions

Role	Permissions
Cloud Controls Partner Access Approval Service Agent (`roles/cloudcontrolspartner.accessApprovalServiceAgent`) Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner. Warning: Do not grant service agent roles to any principals except service agents.	`accessapproval.requests.get` `accessapproval.requests.list`
Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Full access to Cloud Controls Partner resources.	`cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.*` `cloudcontrolspartner.customers.create` `cloudcontrolspartner.customers.delete` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Editor access to Cloud Controls Partner resources.	`cloudcontrolspartner.*` `cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.create` `cloudcontrolspartner.customers.delete` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner EKM Service Agent (`roles/cloudcontrolspartner.ekmServiceAgent`) Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information. Warning: Do not grant service agent roles to any principals except service agents.	`cloudkms.ekmConnections.get` `cloudkms.ekmConnections.getIamPolicy` `cloudkms.ekmConnections.list` `cloudkms.ekmConnections.verifyConnectivity`
Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Readonly access to Cloud Controls Partner inspectability resources.	`cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.platformcontrols.get`
Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Read-only access to Cloud Controls Partner monitoring resources.	`cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.violations.` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Monitoring Service Agent (`roles/cloudcontrolspartner.monitoringServiceAgent`) Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability. Warning: Do not grant service agent roles to any principals except service agents.	`assuredworkloads.violations.get` `assuredworkloads.violations.list`
Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Read-only access to Cloud Controls Partner resources.	`cloudcontrolspartner.accessapprovalrequests.list` `cloudcontrolspartner.customers.get` `cloudcontrolspartner.customers.list` `cloudcontrolspartner.ekmconnections.get` `cloudcontrolspartner.inspectabilityevents.get` `cloudcontrolspartner.partnerpermissions.get` `cloudcontrolspartner.partners.get` `cloudcontrolspartner.platformcontrols.get` `cloudcontrolspartner.violations.` `cloudcontrolspartner.violations.get` `cloudcontrolspartner.violations.list` `cloudcontrolspartner.workloads.` `cloudcontrolspartner.workloads.get` `cloudcontrolspartner.workloads.list`
Cloud Controls Partner Support Case Service Agent (`roles/cloudcontrolspartner.supportCaseServiceAgent`) Gives the Partner Console service account access to support cases for workloads associated with a partner. Warning: Do not grant service agent roles to any principals except service agents.	`cloudsupport.techCases.get`

Cloud Controls Partner Access Approval Service Agent

(roles/cloudcontrolspartner.accessApprovalServiceAgent)

Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner.

accessapproval.requests.get

accessapproval.requests.list

Cloud Controls Partner Admin

(roles/cloudcontrolspartner.admin)

Full access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.*

cloudcontrolspartner.customers.create
cloudcontrolspartner.customers.delete
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.list

Cloud Controls Partner Editor

(roles/cloudcontrolspartner.editor)

Editor access to Cloud Controls Partner resources.

cloudcontrolspartner.*

cloudcontrolspartner.accessapprovalrequests.list
cloudcontrolspartner.customers.create
cloudcontrolspartner.customers.delete
cloudcontrolspartner.customers.get
cloudcontrolspartner.customers.list
cloudcontrolspartner.ekmconnections.get
cloudcontrolspartner.inspectabilityevents.get
cloudcontrolspartner.partnerpermissions.get
cloudcontrolspartner.partners.get
cloudcontrolspartner.platformcontrols.get
cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list
cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner EKM Service Agent

(roles/cloudcontrolspartner.ekmServiceAgent)

Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information.

cloudkms.ekmConnections.get

cloudkms.ekmConnections.getIamPolicy

cloudkms.ekmConnections.list

cloudkms.ekmConnections.verifyConnectivity

Cloud Controls Partner Inspectability Reader

(roles/cloudcontrolspartner.inspectabilityReader)

Readonly access to Cloud Controls Partner inspectability resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.platformcontrols.get

Cloud Controls Partner Monitoring Reader

(roles/cloudcontrolspartner.monitoringReader)

Read-only access to Cloud Controls Partner monitoring resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.violations.*

cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.*

cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner Monitoring Service Agent

(roles/cloudcontrolspartner.monitoringServiceAgent)

Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability.

assuredworkloads.violations.get

assuredworkloads.violations.list

Cloud Controls Partner Reader

(roles/cloudcontrolspartner.reader)

Read-only access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.*

cloudcontrolspartner.violations.get
cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.*

cloudcontrolspartner.workloads.get
cloudcontrolspartner.workloads.list

Cloud Controls Partner Support Case Service Agent

(roles/cloudcontrolspartner.supportCaseServiceAgent)

Gives the Partner Console service account access to support cases for workloads associated with a partner.

cloudsupport.techCases.get

Cloud Controls Partner API permissions

Permission	Included in roles
`cloudcontrolspartner.accessapprovalrequests.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.customers.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`)
`cloudcontrolspartner.customers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`)
`cloudcontrolspartner.customers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.customers.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.ekmconnections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.inspectabilityevents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.partnerpermissions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.partners.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.platformcontrols.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Inspectability Reader (`roles/cloudcontrolspartner.inspectabilityReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.violations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.violations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`cloudcontrolspartner.workloads.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`)
`cloudcontrolspartner.workloads.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Controls Partner Admin (`roles/cloudcontrolspartner.admin`) Cloud Controls Partner Editor (`roles/cloudcontrolspartner.editor`) Cloud Controls Partner Monitoring Reader (`roles/cloudcontrolspartner.monitoringReader`) Cloud Controls Partner Reader (`roles/cloudcontrolspartner.reader`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)

Cloud Controls Partner API roles and permissions
Stay organized with collections Save and categorize content based on your preferences.