Cloud Config Manager API roles and permissions

This page lists the IAM roles and permissions for Cloud Config Manager API. To search through all roles and permissions, see the role and permission index.

Cloud Config Manager API roles

Role Permissions

(roles/config.admin)

Full access to Cloud Infrastructure Manager resources.

config.*

  • config.artifacts.import
  • config.deployments.create
  • config.deployments.delete
  • config.deployments.deleteState
  • config.deployments.get
  • config.deployments.getIamPolicy
  • config.deployments.getLock
  • config.deployments.getState
  • config.deployments.list
  • config.deployments.lock
  • config.deployments.setIamPolicy
  • config.deployments.unlock
  • config.deployments.update
  • config.deployments.updateState
  • config.locations.get
  • config.locations.list
  • config.operations.cancel
  • config.operations.delete
  • config.operations.get
  • config.operations.list
  • config.previews.create
  • config.previews.delete
  • config.previews.export
  • config.previews.get
  • config.previews.list
  • config.previews.upload
  • config.resourcechanges.get
  • config.resourcechanges.list
  • config.resourcedrifts.get
  • config.resourcedrifts.list
  • config.resources.get
  • config.resources.list
  • config.revisions.get
  • config.revisions.getState
  • config.revisions.list
  • config.terraformversions.get
  • config.terraformversions.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/config.agent)

Required permissions to make Cloud Infrastructure Manager work with the user-specified service account

cloudbuild.connections.list

cloudbuild.repositories.accessReadToken

cloudbuild.repositories.list

cloudquotas.quotas.get

config.artifacts.import

config.deployments.deleteState

config.deployments.getLock

config.deployments.getState

config.deployments.updateState

config.previews.upload

config.revisions.getState

logging.logEntries.create

monitoring.timeSeries.list

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.list

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

(roles/config.viewer)

Read-only access to Cloud Infrastructure Manager resources.

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

  • config.locations.get
  • config.locations.list

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

  • config.resources.get
  • config.resources.list

config.revisions.get

config.revisions.list

config.terraformversions.*

  • config.terraformversions.get
  • config.terraformversions.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Config Manager API permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Cloud Infrastructure Manager Admin (roles/config.admin)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Agent (roles/config.agent)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

App Management Viewer (roles/apphub.appManagementViewer)

Cloud Infrastructure Manager Admin (roles/config.admin)

Cloud Infrastructure Manager Viewer (roles/config.viewer)

Application Admin (roles/designcenter.applicationAdmin)

Application Editor (roles/designcenter.applicationEditor)

Application Viewer (roles/designcenter.applicationViewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles