Roles Data

Name Description Title Included Permissions Copy Stage
roles/logging.sqlAlertWriter Ability to write SQL Alerts. SQL Alert Writer ['logging.sqlAlerts.create', 'logging.sqlAlerts.update'] BETA
roles/logging.privateLogViewer Access to view all logs, including logs with private contents. Private Logs Viewer ['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.access', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get'] GA
roles/logging.viewAccessor Ability to read logs in a view. Logs View Accessor ['logging.logEntries.download', 'logging.views.access', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues'] GA
roles/logging.admin Access to all logging permissions, and dependent permissions. Logging Admin ['logging.buckets.copyLogEntries', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.fields.access', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.delete', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.deleteShared', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.share', 'logging.queries.updateShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.usage.get', 'logging.views.access', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'logging.views.setIamPolicy', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/logging.linkViewer Ability to see links for a bucket. Log Link Accessor ['logging.links.get', 'logging.links.list'] GA
roles/logging.logWriter Access to write logs. Logs Writer ['logging.logEntries.create', 'logging.logEntries.route'] GA
roles/logging.configWriter Access to configure log exporting and metrics. Logs Configuration Writer ['logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/logging.bucketWriter Ability to write logs to a log bucket. Logs Bucket Writer ['logging.buckets.write'] GA
roles/logging.viewer Access to view logs, except for logs with private contents. Logs Viewer ['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get'] GA
roles/logging.serviceAgent Grants a Cloud Logging Service Account the ability to create and link datasets. Cloud Logging Service Agent ['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.link'] GA
roles/logging.fieldAccessor Ability to read restricted fields in a log bucket. Log Field Accessor ['logging.fields.access'] GA