| roles/assuredworkloads.serviceAgent |
Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies. |
Assured Workloads Service Agent |
['cloudkms.cryptoKeys.create', 'cloudkms.keyRings.create', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use'] |
|
GA |
| roles/assuredworkloads.editor |
Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration |
Assured Workloads Editor |
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/assuredworkloads.reader |
Grants read access to all Assured Workloads resources and CRM resources - project/folder |
Assured Workloads Reader |
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/assuredworkloads.admin |
Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration |
Assured Workloads Administrator |
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/assuredworkloads.monitoringServiceAgent |
Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads. |
Assured Workloads Monitoring Service Agent |
['cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get'] |
|
GA |