Cloud IoT roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Cloud IoT. To search through all roles and permissions, see the role and permission index.

Cloud IoT roles

Role Permissions

Role	Permissions
Cloud IoT Core Service Agent (`roles/cloudiot.serviceAgent`) Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs. Warning: Do not grant service agent roles to any principals except service agents.	`logging.logEntries.create` `logging.logEntries.route` `pubsub.topics.publish`

Cloud IoT Core Service Agent

(roles/cloudiot.serviceAgent)

Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs.

logging.logEntries.create

logging.logEntries.route

pubsub.topics.publish

Cloud IoT permissions

Permission Included in roles

Permission	Included in roles
`cloudiottoken.tokensettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`)
`cloudiottoken.tokensettings.update`	Owner (`roles/owner`) Editor (`roles/editor`)

`cloudiottoken.tokensettings.get`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

`cloudiottoken.tokensettings.update`