Access control with IAM

Overview

The Video Stitcher API uses Identity and Access Management (IAM) for access control.

You can configure access control for the Video Stitcher API at the project level. For example, you can grant access for developers to list and get all CDN keys registered within a project.

For a detailed description of IAM and its features, see the IAM documentation. In particular, see the section on managing IAM policies.

Every Video Stitcher API method requires the caller to have the necessary permissions. For more information, see Permissions and Roles.

Permissions

This section summarizes the Video Stitcher API permissions that IAM supports.

Required permissions

The following tables list the IAM permissions that are associated with the Video Stitcher API.

CDN keys method Required permissions
cdnKeys.create videostitcher.cdnKeys.create on the parent Google Cloud project.
cdnKeys.delete videostitcher.cdnKeys.delete on the CDN key resource.
cdnKeys.get videostitcher.cdnKeys.get on the CDN key resource.
cdnKeys.list videostitcher.cdnKeys.list on the parent Google Cloud project.
cdnKeys.update videostitcher.cdnKeys.update on the CDN key resource.
Live configs method Required permissions
liveConfigs.create videostitcher.liveConfigs.create on the parent Google Cloud project.
liveConfigs.delete videostitcher.liveConfigs.delete on the live config resource.
liveConfigs.get videostitcher.liveConfigs.get on the live config resource.
liveConfigs.list videostitcher.liveConfigs.list on the parent Google Cloud project.
liveConfigs.update videostitcher.liveConfigs.update on the live config resource.
VOD configs method Required permissions
vodConfigs.create videostitcher.vodConfigs.create on the parent Google Cloud project.
vodConfigs.delete videostitcher.vodConfigs.delete on the VOD config resource.
vodConfigs.get videostitcher.vodConfigs.get on the VOD config resource.
vodConfigs.list videostitcher.vodConfigs.list on the parent Google Cloud project.
vodConfigs.update videostitcher.vodConfigs.update on the VOD config resource.
Slates method Required permissions
slates.create videostitcher.slates.create on the parent Google Cloud project.
slates.delete videostitcher.slates.delete on the slate resource.
slates.get videostitcher.slates.get on the slate resource.
slates.list videostitcher.slates.list on the parent Google Cloud project.
slates.update videostitcher.slates.update on the slate resource.
Live sessions method Required permissions
liveSessions.create videostitcher.liveSessions.create on the parent Google Cloud project.
liveSessions.get videostitcher.liveSessions.get on the live session resource.
Live ad tag details method Required permissions
liveSessions.liveAdTagDetails.get videostitcher.liveAdTagDetails.get on the live ad tag detail resource.
liveSessions.liveAdTagDetails.list videostitcher.liveAdTagDetails.list on the parent Google Cloud project.
VOD sessions method Required permissions
vodSessions.create videostitcher.vodSessions.create on the parent Google Cloud project.
vodSessions.get videostitcher.vodSessions.get on the VOD session resource.
VOD ad tag details method Required permissions
vodSessions.vodAdTagDetails.get videostitcher.vodAdTagDetails.get on the VOD ad tag detail resource.
vodSessions.vodAdTagDetails.list videostitcher.vodAdTagDetails.list on the parent Google Cloud project.
VOD stitch details method Required permissions
vodSessions.vodStitchDetails.get videostitcher.vodStitchDetails.get on the VOD stitch detail resource.
vodSessions.vodStitchDetails.list videostitcher.vodStitchDetails.list on the parent Google Cloud project.

Roles

The following table lists the Video Stitcher API IAM roles, including the permissions associated with each role:

IAM role Permissions

(roles/videostitcher.viewer)

Read-only access to video stitcher resources.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.cdnKeys.get

videostitcher.cdnKeys.list

videostitcher.liveAdTagDetails.*

  • videostitcher.liveAdTagDetails.get
  • videostitcher.liveAdTagDetails.list

videostitcher.liveConfigs.get

videostitcher.liveConfigs.list

videostitcher.liveSessions.get

videostitcher.operations.get

videostitcher.operations.list

videostitcher.slates.get

videostitcher.slates.list

videostitcher.vodAdTagDetails.*

  • videostitcher.vodAdTagDetails.get
  • videostitcher.vodAdTagDetails.list

videostitcher.vodConfigs.get

videostitcher.vodConfigs.list

videostitcher.vodSessions.get

videostitcher.vodStitchDetails.*

  • videostitcher.vodStitchDetails.get
  • videostitcher.vodStitchDetails.list

(roles/videostitcher.user)

Full access to video stitcher sessions.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.liveSessions.*

  • videostitcher.liveSessions.create
  • videostitcher.liveSessions.get

videostitcher.vodSessions.*

  • videostitcher.vodSessions.create
  • videostitcher.vodSessions.get

(roles/videostitcher.admin)

Full access to all video stitcher resources.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.*

  • videostitcher.cdnKeys.create
  • videostitcher.cdnKeys.delete
  • videostitcher.cdnKeys.get
  • videostitcher.cdnKeys.list
  • videostitcher.cdnKeys.update
  • videostitcher.liveAdTagDetails.get
  • videostitcher.liveAdTagDetails.list
  • videostitcher.liveConfigs.create
  • videostitcher.liveConfigs.delete
  • videostitcher.liveConfigs.get
  • videostitcher.liveConfigs.list
  • videostitcher.liveSessions.create
  • videostitcher.liveSessions.get
  • videostitcher.operations.cancel
  • videostitcher.operations.delete
  • videostitcher.operations.get
  • videostitcher.operations.list
  • videostitcher.slates.create
  • videostitcher.slates.delete
  • videostitcher.slates.get
  • videostitcher.slates.list
  • videostitcher.slates.update
  • videostitcher.vodAdTagDetails.get
  • videostitcher.vodAdTagDetails.list
  • videostitcher.vodConfigs.create
  • videostitcher.vodConfigs.delete
  • videostitcher.vodConfigs.get
  • videostitcher.vodConfigs.list
  • videostitcher.vodConfigs.update
  • videostitcher.vodSessions.create
  • videostitcher.vodSessions.get
  • videostitcher.vodStitchDetails.get
  • videostitcher.vodStitchDetails.list

For more information about roles, see Understanding roles.

Recommendations

For the accounts responsible creating live or VOD sessions, the role should be set to roles/videostitcher.user.

For the accounts responsible for managing and editing CDN keys, live configs, VOD configs, and slates, the role should be set to roles/videostitcher.admin.

For the accounts with only access to view and not edit or create CDN keys, live configs, VOD configs, slates, or sessions, the role should be set to roles/videostitcher.viewer.