Stay organized with collections
Save and categorize content based on your preferences.
Autopilot
Standard
This page describes how to grant the Backup for GKE service permissions for a Google Cloud
project, backups, or restores.
Predefined roles
Backup for GKE has the following predefined roles:
Role
Title
Description
Lowest resource
gkebackup.admin
Backup for GKE Admin
Full read-write access to all Backup for GKE resources
Project
gkebackup.backupAdmin
Backup for GKE Backup Admin
Creates and manages backup plans and backups. Can delegate manual backup creation to Delegated Backup Admins.
Project
gkebackup.delegatedBackupAdmin
Backup for GKE Delegated Backup Admin
Creates and manages backups within a backup plan.
BackupPlan
gkebackup.viewer
Backup for GKE Viewer
Read-only access to all Backup for GKE resources
Project
gkebackup.restoreAdmin
Backup for GKE Restore Admin
Creates and manages restore plans and restores. Can delegate restore creation to Delegated Restore Admins.
Project
gkebackup.delegatedRestoreAdmin
Backup for GKE Delegated Restore Admin
Creates and manages restores within a restore plan.
RestorePlan
Set project-level permissions
You can grant Identity and Access Management permissions for an entire Google Cloud project to an account
in the IAM page of the Google Cloud console or by using the
Google Cloud CLI. Adding permissions at the project level grants the
IAM permissions to an account for the following roles:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# IAM roles and permissions\n\nAutopilot Standard\n\n*** ** * ** ***\n\nThis page describes how to grant the Backup for GKE service permissions for a Google Cloud\nproject, backups, or restores.\n\nPredefined roles\n----------------\n\nBackup for GKE has the following predefined roles:\n\nSet project-level permissions\n-----------------------------\n\nYou can grant Identity and Access Management permissions for an entire Google Cloud project to an account\nin the **IAM** page of the Google Cloud console or by using the\nGoogle Cloud CLI. Adding permissions at the project level grants the\nIAM permissions to an account for the following roles:\n\n- Backup for GKE Admin\n- Backup for GKE Backup Admin\n- Backup for GKE Viewer\n- Backup for GKE Restore Admin\n\n### gcloud\n\nTo set permissions, run the following command: \n\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\\\n --role roles/\u003cvar translate=\"no\"\u003eROLE_ID\u003c/var\u003e \\\n --member \u003cvar translate=\"no\"\u003ePRINCIPAL\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID of your Google Cloud project.\n- \u003cvar translate=\"no\"\u003eROLE_ID\u003c/var\u003e: the type of role, for example `gkebackup.backupAdmin`.\n- \u003cvar translate=\"no\"\u003ePRINCIPAL\u003c/var\u003e: An identifier for the principal, which usually has the following form: `member-type:id`. For example, `user:my-user@example.com`.\n\n### Console\n\nPerform the following tasks in the Google Cloud console:\n\n1. Go to your project's IAM page.\n\n [Go to IAM](https://console.cloud.google.com/iam-admin/iam)\n2. Click the **Grant access** button below the toolbar.\n\n3. In the **New principals** box, enter the email for the account that you\n want to add.\n\n4. Select a role in the drop-down list, for example **Backup for GKE Admin.**\n\n5. Click **Save.**"]]
