Roles Data

Name Description Title Included Permissions Copy Stage
roles/dspm.admin Full access to Data Security Posture Management resources. Data Security Posture Management Admin ['dspm.locations.computeAggregation', 'dspm.locations.fetchDspmGovernedProjects', 'dspm.locations.fetchGovernedResourceMetrics', 'dspm.locations.fetchLineageConnections', 'dspm.locations.get', 'dspm.locations.list', 'dspm.operations.cancel', 'dspm.operations.delete', 'dspm.operations.get', 'dspm.operations.list', 'resourcemanager.organizations.get'] GA
roles/dspm.serviceAgent Gives DSPM Service Account access to consumer resources. DSPM Service Agent ['aiplatform.artifacts.list', 'aiplatform.contexts.list', 'aiplatform.dataItems.list', 'aiplatform.datasets.get', 'aiplatform.datasets.list', 'aiplatform.endpoints.list', 'aiplatform.entityTypes.list', 'aiplatform.executions.list', 'aiplatform.metadataSchemas.list', 'aiplatform.modelEvaluations.list', 'aiplatform.models.list', 'aiplatform.trainingPipelines.list', 'aiplatform.tuningJobs.list', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.jobs.create', 'bigquery.tables.createTagBinding', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.update', 'cloudsecuritycompliance.cloudControlDeployments.create', 'cloudsecuritycompliance.cloudControlDeployments.delete', 'cloudsecuritycompliance.cloudControlDeployments.get', 'cloudsecuritycompliance.cloudControlDeployments.list', 'cloudsecuritycompliance.cloudControls.get', 'cloudsecuritycompliance.cloudControls.list', 'cloudsecuritycompliance.frameworkDeployments.create', 'cloudsecuritycompliance.frameworkDeployments.delete', 'cloudsecuritycompliance.frameworkDeployments.get', 'cloudsecuritycompliance.frameworkDeployments.list', 'cloudsecuritycompliance.frameworks.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.tagKeys.create', 'resourcemanager.tagKeys.delete', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.update', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.create', 'resourcemanager.tagValues.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securityposture.operations.get', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postures.create', 'securityposture.postures.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings'] GA
roles/dspm.viewer Readonly access to Data Security Posture Management resources. Data Security Posture Management Viewer ['dspm.locations.computeAggregation', 'dspm.locations.fetchDspmGovernedProjects', 'dspm.locations.fetchGovernedResourceMetrics', 'dspm.locations.fetchLineageConnections', 'dspm.locations.get', 'dspm.locations.list', 'dspm.operations.get', 'dspm.operations.list', 'resourcemanager.organizations.get'] GA