Stay organized with collections
Save and categorize content based on your preferences.
Control access with IAM
Cloud Profiler controls access to profiling activities
in Google Cloud projects by using Identity and Access Management (IAM)
roles and permissions.
Overview
To use Cloud Profiler for a Google Cloud project, you must have the
appropriate IAM permissions on that project.
Permissions are not granted directly to users; permissions are instead
granted indirectly through roles, which group permissions.
For more information on these concepts, see the
IAM documentation on roles, permissions, and related
concepts.
Permissions and roles
This section summarizes the permissions and roles that apply to
Profiler.
Permissions
The following table lists the permissions required for profiling activities:
Activity
Required permissions
Create profiles
cloudprofiler.profiles.create
List profiles
cloudprofiler.profiles.list
Modify profiles
cloudprofiler.profiles.update
Roles
IAM roles include permissions and can be assigned to users,
groups, and service accounts. The following table lists the roles for
Profiler:
Role
Permissions
Cloud Profiler Agent
(roles/cloudprofiler.agent)
Cloud Profiler agents are allowed to register and provide the profiling data.
cloudprofiler.profiles.create
cloudprofiler.profiles.update
Cloud Profiler User
(roles/cloudprofiler.user)
Cloud Profiler users are allowed to query and view the profiling data.
cloudprofiler.profiles.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
To learn how to assign Identity and Access Management roles to a user or service account, see
Managing Policies.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Control access with IAM\n=======================\n\nCloud Profiler controls access to profiling activities\nin Google Cloud projects by using [Identity and Access Management (IAM)](/iam/docs/overview)\nroles and permissions.\n| **Note:** Cloud Profiler doesn't support [Workload identity federation](/iam/docs/workload-identity-federation). You can't use Cloud Profiler in an environment that relies exclusively on Workload identity federation for authentication.\n\nOverview\n--------\n\nTo use Cloud Profiler for a Google Cloud project, you must have the\nappropriate IAM permissions on that project.\n\nPermissions are not granted directly to users; permissions are instead\ngranted indirectly through roles, which group permissions.\nFor more information on these concepts, see the\nIAM documentation on [roles, permissions, and related\nconcepts](/iam/docs/overview#concepts_related_to_access_management).\n\nPermissions and roles\n---------------------\n\nThis section summarizes the permissions and roles that apply to\nProfiler.\n\n### Permissions\n\nThe following table lists the permissions required for profiling activities:\n\n### Roles\n\nIAM roles include permissions and can be assigned to users,\ngroups, and service accounts. The following table lists the roles for\nProfiler:\n\nTo learn how to assign Identity and Access Management roles to a user or service account, see\n[Managing Policies](/iam/docs/managing-policies)."]]
