roles/logging.sqlAlertWriter |
Ability to write SQL Alerts. |
SQL Alert Writer |
['logging.sqlAlerts.create', 'logging.sqlAlerts.update'] |
|
BETA |
roles/logging.privateLogViewer |
Access to view all logs, including logs with private contents. |
Private Logs Viewer |
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.access', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get'] |
|
GA |
roles/logging.viewAccessor |
Ability to read logs in a view. |
Logs View Accessor |
['logging.logEntries.download', 'logging.views.access', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues'] |
|
GA |
roles/logging.admin |
Access to all logging permissions, and dependent permissions. |
Logging Admin |
['logging.buckets.copyLogEntries', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.fields.access', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.delete', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.deleteShared', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.share', 'logging.queries.updateShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.usage.get', 'logging.views.access', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'logging.views.setIamPolicy', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
roles/logging.linkViewer |
Ability to see links for a bucket. |
Log Link Accessor |
['logging.links.get', 'logging.links.list'] |
|
GA |
roles/logging.logWriter |
Access to write logs. |
Logs Writer |
['logging.logEntries.create', 'logging.logEntries.route'] |
|
GA |
roles/logging.configWriter |
Access to configure log exporting and metrics. |
Logs Configuration Writer |
['logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
roles/logging.bucketWriter |
Ability to write logs to a log bucket. |
Logs Bucket Writer |
['logging.buckets.write'] |
|
GA |
roles/logging.viewer |
Access to view logs, except for logs with private contents. |
Logs Viewer |
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get'] |
|
GA |
roles/logging.serviceAgent |
Grants a Cloud Logging Service Account the ability to create and link datasets. |
Cloud Logging Service Agent |
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.link'] |
|
GA |
roles/logging.fieldAccessor |
Ability to read restricted fields in a log bucket. |
Log Field Accessor |
['logging.fields.access'] |
|
GA |