roles/securesourcemanager.repoAdmin
A repoAdmin has the ability to CRUD a repository and its children as well as assign users to a repository. They can also set, get, or check IAM policies on the repository.
Secure Source Manager Repository Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions
BETA
roles/securesourcemanager.admin
Full access to all Secure Source Manager resources.
Secure Source Manager Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
BETA
roles/securesourcemanager.repoCreator
A repoCreator has access to create repostiory in a project, the creator will then become the repoAdmin on this repository.
Secure Source Manager Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.repositories.create']
Copy Permissions
BETA
roles/securesourcemanager.sshKeyUser
An sshKeyUser can create SSH keys for themselves and list/delete SSH keys they own.
Secure Source Manager SSH Key User
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
BETA
roles/securesourcemanager.instanceManager
Read-write access to all Secure Source Manager resources (full control except for the ability to modify permissions).
Secure Source Manager Instance Manager
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.list', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
BETA
roles/securesourcemanager.repoPullRequestApprover
An pull request approver can approve pull requests in a repository.
Secure Source Manager Repository Pull Request Approver
['resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/securesourcemanager.repoWriter
A repoWriter has read/write access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Writer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions
BETA
roles/securesourcemanager.instanceAccessor
An instance accessor can access an instance, but not necessarily create resources in the instance.
Secure Source Manager Instance Accessor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
BETA
roles/securesourcemanager.instanceRepositoryCreator
An instance repository creator can connect to a Cloud Git instance via IAP (HTTPS) and create repositories in the instance.
Secure Source Manager Instance Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions
BETA
roles/securesourcemanager.instanceOwner
Full control over Secure Source Manager instances, including listing, creating, and deleting them. Also enables instance user management.
Secure Source Manager Instance Owner
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions
BETA
roles/securesourcemanager.serviceAgent
Gives Secure Source Manager service account access to managed resources.
Secure Source Manager Service Agent
['iam.serviceAccounts.signJwt', 'securesourcemanager.instances.access', 'serviceusage.services.use']
Copy Permissions
GA
roles/securesourcemanager.repoReader
A repoReader has read access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Reader
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests']
Copy Permissions
BETA