| roles/edgecontainer.zonalProjectAdmin |
Access to manage zonal projects. |
Edge Container Zonal Project Admin |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.zonalProjects.enable', 'edgecontainer.zonalProjects.get', 'edgecontainer.zonalProjects.list', 'edgecontainer.zones.get', 'edgecontainer.zones.list'] |
|
GA |
| roles/edgecontainer.clusterServiceAgent |
Grants the Edge Container Cluster Service Account access to manage resources. |
Edge Container Cluster Service Agent |
['cloudnotifications.activities.list', 'gkehub.endpoints.connect', 'gkehub.features.create', 'gkehub.features.get', 'gkehub.features.list', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.listEffectiveTags', 'monitoring.alertPolicies.listTagBindings', 'monitoring.alerts.get', 'monitoring.alerts.list', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.listEffectiveTags', 'monitoring.dashboards.listTagBindings', 'monitoring.dashboards.update', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.operations.get', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] |
|
GA |
| roles/edgecontainer.serviceAccountAdmin |
Access to manage Service Accounts. |
Edge Container Service Account Admin |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.serviceaccounts.create', 'edgecontainer.serviceaccounts.delete', 'edgecontainer.serviceaccounts.get', 'edgecontainer.serviceaccounts.list'] |
|
GA |
| roles/edgecontainer.admin |
Full access to Edge Container all resources. |
Edge Container Admin |
['edgecontainer.clusters.create', 'edgecontainer.clusters.delete', 'edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.generateOfflineCredential', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.clusters.setIamPolicy', 'edgecontainer.clusters.update', 'edgecontainer.clusters.upgrade', 'edgecontainer.identityproviders.create', 'edgecontainer.identityproviders.delete', 'edgecontainer.identityproviders.get', 'edgecontainer.identityproviders.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.create', 'edgecontainer.machines.delete', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.setIamPolicy', 'edgecontainer.machines.update', 'edgecontainer.machines.use', 'edgecontainer.nodePools.create', 'edgecontainer.nodePools.delete', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.nodePools.setIamPolicy', 'edgecontainer.nodePools.update', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.serviceaccounts.create', 'edgecontainer.serviceaccounts.delete', 'edgecontainer.serviceaccounts.generatekey', 'edgecontainer.serviceaccounts.get', 'edgecontainer.serviceaccounts.list', 'edgecontainer.vpnConnections.create', 'edgecontainer.vpnConnections.delete', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.vpnConnections.setIamPolicy', 'edgecontainer.vpnConnections.update', 'edgecontainer.zonalProjects.disable', 'edgecontainer.zonalProjects.enable', 'edgecontainer.zonalProjects.get', 'edgecontainer.zonalProjects.list', 'edgecontainer.zonalservices.disable', 'edgecontainer.zonalservices.enable', 'edgecontainer.zonalservices.get', 'edgecontainer.zonalservices.list', 'edgecontainer.zones.get', 'edgecontainer.zones.getZoneIamPolicy', 'edgecontainer.zones.list', 'edgecontainer.zones.setZoneIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/edgecontainer.serviceAccountKeyAdmin |
Access to manage Service Account Keys. |
Edge Container Service Account Key Admin |
['edgecontainer.serviceaccounts.generatekey', 'edgecontainer.serviceaccounts.get', 'edgecontainer.serviceaccounts.list'] |
|
GA |
| roles/edgecontainer.zonalProjectViewer |
Read-only access to zonal projects. |
Edge Container Zonal Project Viewer |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.zonalProjects.get', 'edgecontainer.zonalProjects.list', 'edgecontainer.zones.get', 'edgecontainer.zones.list'] |
|
GA |
| roles/edgecontainer.zonalServiceAdmin |
Access to mutate zonal service. |
Edge Container Zonal Service Admin |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.zonalservices.enable', 'edgecontainer.zonalservices.get', 'edgecontainer.zonalservices.list'] |
|
GA |
| roles/edgecontainer.offlineCredentialUser |
Access to get Edge Container cluster offline credentials |
Edge Container Cluster offline Credential User |
['edgecontainer.clusters.generateOfflineCredential', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/edgecontainer.zoneIamAdmin |
Access to manage Iam Policy in the zone. |
Edge Container Zone Iam Policy Admin |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.zones.getZoneIamPolicy', 'edgecontainer.zones.setZoneIamPolicy'] |
|
GA |
| roles/edgecontainer.zoneIamViewer |
Read-only access to Iam Policy in the zone. |
Edge Container Zone Iam Policy Viewer |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.zones.getZoneIamPolicy'] |
|
GA |
| roles/edgecontainer.identityProviderAdmin |
Access to manage Identity Providers. |
Edge Container Identity Provider Admin |
['edgecontainer.identityproviders.create', 'edgecontainer.identityproviders.delete', 'edgecontainer.identityproviders.get', 'edgecontainer.identityproviders.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list'] |
|
GA |
| roles/edgecontainer.serviceAccountViewer |
Read-only access to Service Accounts. |
Edge Container Service Account Viewer |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.serviceaccounts.get', 'edgecontainer.serviceaccounts.list'] |
|
GA |
| roles/edgecontainer.zoneViewer |
Read-only access to zones. |
Edge Container Zone Viewer |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.zones.get', 'edgecontainer.zones.list'] |
|
GA |
| roles/edgecontainer.viewer |
Read-only access to Edge Container all resources. |
Edge Container Viewer |
['edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.identityproviders.get', 'edgecontainer.identityproviders.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.serviceaccounts.generatekey', 'edgecontainer.serviceaccounts.get', 'edgecontainer.serviceaccounts.list', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.zonalProjects.get', 'edgecontainer.zonalProjects.list', 'edgecontainer.zonalservices.get', 'edgecontainer.zonalservices.list', 'edgecontainer.zones.get', 'edgecontainer.zones.getZoneIamPolicy', 'edgecontainer.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/edgecontainer.identityProviderViewer |
Read-only access to Identity Providers. |
Edge Container Identity Provider Viewer |
['edgecontainer.identityproviders.get', 'edgecontainer.identityproviders.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list'] |
|
GA |
| roles/edgecontainer.zonalServiceViewer |
Read-only access to zonal services. |
Edge Container Zonal Service Viewer |
['edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.zonalservices.get', 'edgecontainer.zonalservices.list'] |
|
GA |
| roles/edgecontainer.machineUser |
Access to use Edge Container Machine resources. |
Edge Container Machine User |
['edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/edgecontainer.serviceAgent |
Grants the Edge Container Service Account access to manage resources. |
Edge Container Service Agent |
['compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.use', 'compute.globalOperations.get', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regionOperations.get', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.list', 'compute.routers.update', 'compute.routers.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.operations.cancel', 'gkehub.operations.get', 'serviceusage.services.get', 'serviceusage.services.list'] |
|
GA |