| roles/securedlandingzone.serviceAgent |
Grants Secured Landing Zone service account permissions to manage resources in the customer project |
Secured Landing Zone Service Agent |
['cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.update', 'logging.logEntries.list', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.getIamPolicy', 'pubsub.topics.setIamPolicy', 'resourcemanager.projects.get', 'securitycenter.assetsecuritymarks.update', 'securitycenter.findings.list', 'securitycenter.findings.update', 'securitycenter.sources.list', 'securitycenter.sources.update', 'serviceusage.services.use'] |
|
GA |
| roles/securedlandingzone.bqdwOrgRemediator |
Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization. |
SLZ BQDW Blueprint Organization Level Remediator |
['accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.update'] |
|
BETA |
| roles/securedlandingzone.overwatchActivator |
This role can activate or suspend Overwatches |
Overwatch Activator |
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.suspend'] |
|
BETA |
| roles/securedlandingzone.bqdwProjectRemediator |
Access to modify (remediate) resources in SLZ BQDW Blueprint at Project. |
SLZ BQDW Blueprint Project Level Remediator |
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.setIamPolicy', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'resourcemanager.projects.update', 'serviceusage.services.use', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.setIamPolicy', 'storage.buckets.update'] |
|
BETA |
| roles/securedlandingzone.overwatchAdmin |
Full access to Overwatches |
Overwatch Admin |
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.create', 'securedlandingzone.overwatches.delete', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list', 'securedlandingzone.overwatches.suspend', 'securedlandingzone.overwatches.update'] |
|
BETA |
| roles/securedlandingzone.overwatchViewer |
This role can view all properties of Overwatches |
Overwatch Viewer |
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list'] |
|
BETA |