Access to view reCAPTCHA Enterprise keys and metrics
monitoring.timeSeries.list
recaptchaenterprise.firewallpolicies.get
recaptchaenterprise.firewallpolicies.list
recaptchaenterprise.keys.get
recaptchaenterprise.keys.list
recaptchaenterprise.keys.listEffectiveTags
recaptchaenterprise.keys.listTagBindings
recaptchaenterprise.metrics.get
recaptchaenterprise.projectmetadata.get
resourcemanager.projects.get
resourcemanager.projects.list
Custom roles
You might require custom roles for use cases such as regulatory requirements.
To create a custom role that includes reCAPTCHA permissions,
perform the appropriate action as shown in the following table:
Role description
Action
Role that only grants permissions for the reCAPTCHA Enterprise API
The following table lists the permissions that the caller must have to call each
method in the reCAPTCHA Enterprise API, recaptchaenterprise.googleapis.com/v1:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Access control with IAM\n\nreCAPTCHA offers Role-Based Access Control (RBAC) with\n[Identity and Access Management (IAM)](/iam/docs) and\naccess control for reCAPTCHA APIs using [VPC Service Controls](/vpc-service-controls/docs).\n\nRole-based access control with IAM\n----------------------------------\n\nIAM lets you give granular access to specific\nGoogle Cloud resources and prevents unwanted access to other resources,\nsuch as logs and analytics.\n\nThis section describes the IAM roles for reCAPTCHA.\n\nTo learn how to assign IAM roles to a user or service account,\nread [Granting, changing, and revoking access to resources](/iam/docs/granting-changing-revoking-access)\nin the IAM documentation.\n\n### Roles and permissions\n\nThe following table lists the necessary IAM roles and their permissions for\nreCAPTCHA: \n\n### Custom roles\n\nYou might require custom roles for use cases such as regulatory requirements.\nTo create a custom role that includes reCAPTCHA permissions,\nperform the appropriate action as shown in the following table:\n\nFor more information on custom roles, go to\n[Creating and managing custom roles](/iam/docs/creating-custom-roles).\n\n### API permissions\n\nThe following table lists the permissions that the caller must have to call each\nmethod in the reCAPTCHA Enterprise API, `recaptchaenterprise.googleapis.com/v1`:\n\nVPC Service Controls\n--------------------\n\nVPC Service Controls support reCAPTCHA to provide additional\naccess control for reCAPTCHA\nAPIs. For more information, see\n[Supported products and limitations \\\u003e reCAPTCHA Enterprise](/vpc-service-controls/docs/supported-products#table_recaptcha_enterprise)."]]
