roles/workstations.workstationCreator |
Grants ability to create Workstation resources. |
Cloud Workstations Creator |
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workstations.operations.get', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationConfigs.get', 'workstations.workstations.create'] |
|
GA |
roles/workstations.admin |
Grants CRUD access to all Workstation resources. |
Cloud Workstations Admin |
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workstations.operations.get', 'workstations.workstationClusters.create', 'workstations.workstationClusters.delete', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationClusters.update', 'workstations.workstationConfigs.create', 'workstations.workstationConfigs.delete', 'workstations.workstationConfigs.get', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstationConfigs.setIamPolicy', 'workstations.workstationConfigs.update', 'workstations.workstations.create', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list', 'workstations.workstations.setIamPolicy', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update'] |
|
GA |
roles/workstations.networkAdmin |
Grants ability to connect a Workstation Cluster to a shared VPC network. |
Cloud Workstations Network Admin |
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalOperations.get', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete'] |
|
GA |
roles/workstations.operationViewer |
Grants ability to view Cloud Workstations API operations. |
Cloud Workstations Operation Viewer |
['workstations.operations.get'] |
|
GA |
roles/workstations.user |
Grants runtime access to Workstation resources. |
Cloud Workstations User |
['workstations.operations.get', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update', 'workstations.workstations.use'] |
|
GA |
roles/workstations.serviceAgent |
Grants the Workstations Service Account access to manage resources in consumer project. |
Workstations Service Agent |
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalOperations.get', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.regionOperations.get', 'compute.regions.get', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.listTagBindings', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'serviceusage.services.get'] |
|
GA |