Confidential Computing roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Confidential Computing. To search through all roles and permissions, see the role and permission index.

Confidential Computing roles

Role Permissions

Role	Permissions
Confidential Space Workload User (`roles/confidentialcomputing.workloadUser`) Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.	`confidentialcomputing.*` `confidentialcomputing.challenges.create` `confidentialcomputing.challenges.verify` `confidentialcomputing.locations.get` `confidentialcomputing.locations.list` `logging.logEntries.create`

Confidential Space Workload User

(roles/confidentialcomputing.workloadUser)

Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.

confidentialcomputing.*

confidentialcomputing.challenges.create
confidentialcomputing.challenges.verify
confidentialcomputing.locations.get
confidentialcomputing.locations.list

logging.logEntries.create

Confidential Computing permissions

Permission	Included in roles
`confidentialcomputing.challenges.create`	Owner (`roles/owner`) Editor (`roles/editor`) Confidential Space Workload User (`roles/confidentialcomputing.workloadUser`)
`confidentialcomputing.challenges.verify`	Owner (`roles/owner`) Editor (`roles/editor`) Confidential Space Workload User (`roles/confidentialcomputing.workloadUser`)
`confidentialcomputing.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Confidential Space Workload User (`roles/confidentialcomputing.workloadUser`)
`confidentialcomputing.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Confidential Space Workload User (`roles/confidentialcomputing.workloadUser`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)

Confidential Computing roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

Confidential Computing roles

Confidential Space Workload User

Confidential Computing permissions

`confidentialcomputing.challenges.create`

`confidentialcomputing.challenges.verify`

`confidentialcomputing.locations.get`

`confidentialcomputing.locations.list`

Confidential Computing roles and permissions Stay organized with collections Save and categorize content based on your preferences.

Confidential Computing roles

Confidential Space Workload User

Confidential Computing permissions

confidentialcomputing.challenges.create

confidentialcomputing.challenges.verify

confidentialcomputing.locations.get

confidentialcomputing.locations.list

Confidential Computing roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

`confidentialcomputing.challenges.create`

`confidentialcomputing.challenges.verify`

`confidentialcomputing.locations.get`

`confidentialcomputing.locations.list`