roles/securesourcemanager.repoAdmin
A repoAdmin has the ability to CRUD a repository and its children as well as assign users to a repository. They can also set, get, or check IAM policies on the repository.
Secure Source Manager Repository Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.hooks.create', 'securesourcemanager.hooks.delete', 'securesourcemanager.hooks.get', 'securesourcemanager.hooks.list', 'securesourcemanager.hooks.update', 'securesourcemanager.issuecomments.create', 'securesourcemanager.issuecomments.delete', 'securesourcemanager.issuecomments.get', 'securesourcemanager.issuecomments.list', 'securesourcemanager.issuecomments.update', 'securesourcemanager.issues.close', 'securesourcemanager.issues.create', 'securesourcemanager.issues.delete', 'securesourcemanager.issues.get', 'securesourcemanager.issues.list', 'securesourcemanager.issues.open', 'securesourcemanager.issues.update', 'securesourcemanager.prcomments.create', 'securesourcemanager.prcomments.delete', 'securesourcemanager.prcomments.get', 'securesourcemanager.prcomments.list', 'securesourcemanager.prcomments.resolve', 'securesourcemanager.prcomments.unresolve', 'securesourcemanager.prcomments.update', 'securesourcemanager.pullRequests.close', 'securesourcemanager.pullRequests.create', 'securesourcemanager.pullRequests.get', 'securesourcemanager.pullRequests.list', 'securesourcemanager.pullRequests.listFileDiffs', 'securesourcemanager.pullRequests.merge', 'securesourcemanager.pullRequests.open', 'securesourcemanager.pullRequests.update', 'securesourcemanager.repositories.approvePullRequests', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions
GA
roles/securesourcemanager.admin
Full access to all Secure Source Manager resources.
Secure Source Manager Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.hooks.create', 'securesourcemanager.hooks.delete', 'securesourcemanager.hooks.get', 'securesourcemanager.hooks.list', 'securesourcemanager.hooks.update', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.issuecomments.create', 'securesourcemanager.issuecomments.delete', 'securesourcemanager.issuecomments.get', 'securesourcemanager.issuecomments.list', 'securesourcemanager.issuecomments.update', 'securesourcemanager.issues.close', 'securesourcemanager.issues.create', 'securesourcemanager.issues.delete', 'securesourcemanager.issues.get', 'securesourcemanager.issues.list', 'securesourcemanager.issues.open', 'securesourcemanager.issues.update', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.prcomments.create', 'securesourcemanager.prcomments.delete', 'securesourcemanager.prcomments.get', 'securesourcemanager.prcomments.list', 'securesourcemanager.prcomments.resolve', 'securesourcemanager.prcomments.unresolve', 'securesourcemanager.prcomments.update', 'securesourcemanager.pullRequests.close', 'securesourcemanager.pullRequests.create', 'securesourcemanager.pullRequests.get', 'securesourcemanager.pullRequests.list', 'securesourcemanager.pullRequests.listFileDiffs', 'securesourcemanager.pullRequests.merge', 'securesourcemanager.pullRequests.open', 'securesourcemanager.pullRequests.update', 'securesourcemanager.repositories.approvePullRequests', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
GA
roles/securesourcemanager.repoCreator
A repoCreator has access to create repostiory in a project, the creator will then become the repoAdmin on this repository.
Secure Source Manager Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.repositories.create']
Copy Permissions
GA
roles/securesourcemanager.sshKeyUser
An sshKeyUser can create SSH keys for themselves and list/delete SSH keys they own.
Secure Source Manager SSH Key User
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
GA
roles/securesourcemanager.instanceManager
Read-write access to all Secure Source Manager resources (full control except for the ability to modify permissions).
Secure Source Manager Instance Manager
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.list', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
GA
roles/securesourcemanager.repoPullRequestApprover
A pull request approver can approve pull requests in a repository.
Secure Source Manager Repository Pull Request Approver
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.repositories.approvePullRequests']
Copy Permissions
GA
roles/securesourcemanager.repoWriter
A repoWriter has read/write access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Writer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.hooks.get', 'securesourcemanager.hooks.list', 'securesourcemanager.issuecomments.create', 'securesourcemanager.issuecomments.delete', 'securesourcemanager.issuecomments.get', 'securesourcemanager.issuecomments.list', 'securesourcemanager.issuecomments.update', 'securesourcemanager.issues.close', 'securesourcemanager.issues.create', 'securesourcemanager.issues.delete', 'securesourcemanager.issues.get', 'securesourcemanager.issues.list', 'securesourcemanager.issues.open', 'securesourcemanager.issues.update', 'securesourcemanager.prcomments.create', 'securesourcemanager.prcomments.delete', 'securesourcemanager.prcomments.get', 'securesourcemanager.prcomments.list', 'securesourcemanager.prcomments.resolve', 'securesourcemanager.prcomments.unresolve', 'securesourcemanager.prcomments.update', 'securesourcemanager.pullRequests.close', 'securesourcemanager.pullRequests.create', 'securesourcemanager.pullRequests.get', 'securesourcemanager.pullRequests.list', 'securesourcemanager.pullRequests.listFileDiffs', 'securesourcemanager.pullRequests.merge', 'securesourcemanager.pullRequests.open', 'securesourcemanager.pullRequests.update', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions
GA
roles/securesourcemanager.instanceAccessor
An instance accessor can access an instance, but not necessarily create resources in the instance.
Secure Source Manager Instance Accessor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
GA
roles/securesourcemanager.instanceRepositoryCreator
An instance repository creator can connect to a Cloud Git instance via IAP (HTTPS) and create repositories in the instance.
Secure Source Manager Instance Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
GA
roles/securesourcemanager.instanceOwner
Full control over Secure Source Manager instances, including listing, creating, and deleting them. Also enables instance user management.
Secure Source Manager Instance Owner
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
GA
roles/securesourcemanager.serviceAgent
Gives Secure Source Manager service account access to managed resources.
Secure Source Manager Service Agent
['iam.serviceAccounts.signJwt', 'securesourcemanager.instances.access', 'serviceusage.services.use']
Copy Permissions
GA
roles/securesourcemanager.repoReader
A repoReader has read access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Reader
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.hooks.get', 'securesourcemanager.hooks.list', 'securesourcemanager.issuecomments.get', 'securesourcemanager.issuecomments.list', 'securesourcemanager.issues.get', 'securesourcemanager.issues.list', 'securesourcemanager.prcomments.get', 'securesourcemanager.prcomments.list', 'securesourcemanager.pullRequests.get', 'securesourcemanager.pullRequests.list', 'securesourcemanager.pullRequests.listFileDiffs', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests']
Copy Permissions
GA