Stay organized with collections
Save and categorize content based on your preferences.
To use the GKE attached clusters API, users must have specific Identity and Access Management
(IAM) permissions on their Google Cloud account for access
to GKE Multi-Cloud resources. GKE attached clusters includes two
predefined roles that bundle together two commonly-used sets of permissions:
gkemulticloud.viewer (for read-only access) and
gkemulticloud.admin(to grant administrative control).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Attached clusters API access control\n\nTo use the GKE attached clusters API, users must have specific Identity and Access Management\n(IAM) permissions on their Google Cloud account for access\nto GKE Multi-Cloud resources. GKE attached clusters includes two\npredefined roles that bundle together two commonly-used sets of permissions:\n\n- `gkemulticloud.viewer` (for read-only access) and\n- `gkemulticloud.admin`(to grant administrative control).\n\nThe permissions in these roles are:\n\n### gkemulticloud.admin\n\n- gkemulticloud.\\*\n- resourcemanager.projects.get\n- resourcemanager.projects.list\n\n### gkemulticloud.viewer\n\n- gkemulticloud.attachedClusters.get\n- gkemulticloud.attachedClusters.list\n- gkemulticloud.attachedServerConfigs.get\n- gkemulticloud.attachedClusters.generateInstallManifest\n- gkemulticloud.awsClusters.generateAccessToken\n- gkemulticloud.awsClusters.get\n- gkemulticloud.awsClusters.list\n- gkemulticloud.awsNodePools.get\n- gkemulticloud.awsNodePools.list\n- gkemulticloud.awsServerConfigs.get\n- gkemulticloud.azureClients.get\n- gkemulticloud.azureClients.list\n- gkemulticloud.azureClusters.generateAccessToken\n- gkemulticloud.azureClusters.get\n- gkemulticloud.azureClusters.list\n- gkemulticloud.azureNodePools.get\n- gkemulticloud.azureNodePools.list\n- gkemulticloud.azureServerConfigs.get\n- gkemulticloud.operations.get\n- gkemulticloud.operations.list\n- gkemulticloud.operations.wait\n- resourcemanager.projects.get\n- resourcemanager.projects.list\n\nTo learn about granting and revoking these permissions, see\n[Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access)."]]