Policy Simulator roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Policy Simulator. To search through all roles and permissions, see the role and permission index.

Policy Simulator roles

Role Permissions

Role	Permissions
Simulator Admin ^Beta (`roles/policysimulator.admin`) Admin user that can run and access replays.	`policysimulator.accessPolicySimulationResults.list` `policysimulator.accessPolicySimulations.` `policysimulator.accessPolicySimulations.create` `policysimulator.accessPolicySimulations.get` `policysimulator.accessPolicySimulations.list` `policysimulator.replayResults.list` `policysimulator.replays.` `policysimulator.replays.create` `policysimulator.replays.get` `policysimulator.replays.list` `policysimulator.replays.run`
OrgPolicy Simulator Admin ^Beta (`roles/policysimulator.orgPolicyAdmin`) OrgPolicy Admin that can run and access simulations.	`cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.searchAllResources` `orgpolicy.customConstraints.get` `orgpolicy.customConstraints.list` `orgpolicy.policies.list` `orgpolicy.policy.get` `policysimulator.orgPolicyViolations.list` `policysimulator.orgPolicyViolationsPreviews.*` `policysimulator.orgPolicyViolationsPreviews.create` `policysimulator.orgPolicyViolationsPreviews.get` `policysimulator.orgPolicyViolationsPreviews.list` `resourcemanager.organizations.get`

Simulator Admin ^Beta

(roles/policysimulator.admin)

Admin user that can run and access replays.

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.*

policysimulator.accessPolicySimulations.create
policysimulator.accessPolicySimulations.get
policysimulator.accessPolicySimulations.list

policysimulator.replayResults.list

policysimulator.replays.*

policysimulator.replays.create
policysimulator.replays.get
policysimulator.replays.list
policysimulator.replays.run

OrgPolicy Simulator Admin ^Beta

(roles/policysimulator.orgPolicyAdmin)

OrgPolicy Admin that can run and access simulations.

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

orgpolicy.customConstraints.get

orgpolicy.customConstraints.list

orgpolicy.policies.list

orgpolicy.policy.get

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.*

policysimulator.orgPolicyViolationsPreviews.create
policysimulator.orgPolicyViolationsPreviews.get
policysimulator.orgPolicyViolationsPreviews.list

resourcemanager.organizations.get

Policy Simulator permissions

Permission	Included in roles
`policysimulator.accessPolicySimulationResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Deny Admin (`roles/iam.denyAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.accessPolicySimulations.create`	Owner (`roles/owner`) Deny Admin (`roles/iam.denyAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.accessPolicySimulations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Deny Admin (`roles/iam.denyAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.accessPolicySimulations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Deny Admin (`roles/iam.denyAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.orgPolicyViolations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.replayResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.create`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.run`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)

Policy Simulator roles and permissions
Stay organized with collections Save and categorize content based on your preferences.