| roles/privateca.certificateRequester |
Request certificates from CA Service. |
CA Service Certificate Requester |
['privateca.certificates.create'] |
|
GA |
| roles/privateca.auditor |
Read-only access to all CA Service resources. |
CA Service Auditor |
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/privateca.poolReader |
Read CA Pools in CA Service. |
CA Service Pool Reader |
['privateca.caPools.get'] |
|
GA |
| roles/privateca.caManager |
Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources. |
CA Service Operation Manager |
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.update', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.update', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create'] |
|
GA |
| roles/privateca.workloadCertificateRequester |
Request certificates from CA Service with caller's identity. |
CA Service Workload Certificate Requester |
['privateca.certificates.createForSelf'] |
|
GA |
| roles/privateca.certificateManager |
Create certificates and read-only access for CA Service resources. |
CA Service Certificate Manager |
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.create', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/privateca.templateUser |
Read, list and use certificate templates. |
CA Service Certificate Template User |
['privateca.certificateTemplates.get', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.use'] |
|
GA |
| roles/privateca.admin |
Full access to all CA Service resources. |
CA Service Admin |
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create'] |
|
GA |