| roles/privilegedaccessmanager.folderServiceAgent |
Gives privileged access manager service account access to modify IAM policies on GCP folders |
Privileged Access Manager Folder Service Agent |
['resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.setIamPolicy'] |
|
GA |
| roles/privilegedaccessmanager.requester |
Access to request Privileged Access Manager Grants. |
Privileged Access Manager Requester |
['privilegedaccessmanager.grants.create'] |
|
BETA |
| roles/privilegedaccessmanager.admin |
Full access to Privileged Access Manager resources. |
Privileged Access Manager Admin |
['privilegedaccessmanager.entitlements.create', 'privilegedaccessmanager.entitlements.delete', 'privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.entitlements.setIamPolicy', 'privilegedaccessmanager.entitlements.update', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.grants.revoke', 'privilegedaccessmanager.locations.checkOnboardingStatus', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.delete', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'resourcemanager.projects.get'] |
|
GA |
| roles/privilegedaccessmanager.organizationServiceAgent |
Gives privileged access manager service account access to modify IAM policies on GCP organizations |
Privileged Access Manager Organization Service Agent |
['resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.setIamPolicy'] |
|
GA |
| roles/privilegedaccessmanager.approver |
Access to Approve/Deny Privileged Access Manager Grants. |
Privileged Access Manager Approver |
['privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.grants.approve', 'privilegedaccessmanager.grants.deny', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list'] |
|
ALPHA |
| roles/privilegedaccessmanager.serviceAgent |
Gives privileged access manager service account access to modify IAM policies on GCP resources |
Privileged Access Manager Service Agent |
['resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy'] |
|
GA |
| roles/privilegedaccessmanager.projectServiceAgent |
Gives privileged access manager service account access to modify IAM policies on GCP projects |
Privileged Access Manager Project Service Agent |
['resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy'] |
|
GA |
| roles/privilegedaccessmanager.viewer |
Readonly access to Privileged Access Manager resources. |
Privileged Access Manager Viewer |
['privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'resourcemanager.projects.get'] |
|
GA |