Confidential Computing roles and permissions

This page lists the IAM roles and permissions for Confidential Computing. To search through all roles and permissions, see the role and permission index.

Confidential Computing roles

Role Permissions

(roles/confidentialcomputing.workloadUser)

Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.

confidentialcomputing.*

  • confidentialcomputing.challenges.create
  • confidentialcomputing.challenges.verify
  • confidentialcomputing.locations.get
  • confidentialcomputing.locations.list

logging.logEntries.create

Confidential Computing permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Owner (roles/owner)

Editor (roles/editor)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)