roles/cloudiot.editor
Read-write access to all Cloud IoT resources.
Cloud IoT Editor
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions
GA
roles/cloudiot.serviceAgent
Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs.
Cloud IoT Core Service Agent
['logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish']
Copy Permissions
GA
roles/cloudiot.viewer
Read-only access to all Cloud IoT resources.
Cloud IoT Viewer
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudiot.provisioner
Access to create and delete devices from registries, but not to modify the registries, and enable devices to publish to topics associated with IoT registry.
Cloud IoT Provisioner
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudiot.deviceController
Access to update the device configuration, but not to create or delete devices.
Cloud IoT Device Controller
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudiot.admin
Full control of all Cloud IoT resources and permissions.
Cloud IoT Admin
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.getIamPolicy', 'cloudiot.registries.list', 'cloudiot.registries.setIamPolicy', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions
GA