This page describes the permissions and roles that are required to use and configure Blockchain Node Engine.
The blockchain nodes themselves expose an API endpoint. Google does not define this API, but is part of the third party software we run. You can see an example of this at Ethereum's JSON-RPC Server. This endpoint requires an API key to access. API keys are managed in Google Cloud, and as such use the permissions defined on Access control with IAM. These permissions have been added to the admin role.
Roles
This section lists all curated roles provided by Blockchain Node Engine service.
Viewer
Grants read access to all Blockchain Node Engine resources. Intended for engineers who use but do not manage nodes. API keys are expected to be provided from an admin. The viewer does not have direct access to look up API keys.
Blockchain Node Engine actions:
blockchainnodeengine.googleapis.com/blockchainNodes.getblockchainnodeengine.googleapis.com/blockchainNodes.listblockchainnodeengine.googleapis.com/locations.getblockchainnodeengine.googleapis.com/locations.listblockchainnodeengine.googleapis.com/operations.getblockchainnodeengine.googleapis.com/operations.list
cloudresourcemanager.googleapis.com/projects.getcloudresourcemanager.googleapis.com/projects.list
serviceusage.googleapis.com/services.get
Admin
Grants full access to all Blockchain Node Engine resources. Intended for blockchain node administrators.
Administrators have all permissions available to
blockchainnodeengine.googleapis.com/viewer plus:
apikeys.googleapis.com/keys.updateapikeys.googleapis.com/keys.createapikeys.googleapis.com/keys.deleteapikeys.googleapis.com/keys.getapikeys.googleapis.com/keys.getKeyStringapikeys.googleapis.com/keys.listapikeys.googleapis.com/keys.undelete
Blockchain Node Engine actions:
blockchainnodeengine.googleapis.com/blockchainNodes.createblockchainnodeengine.googleapis.com/blockchainNodes.deleteblockchainnodeengine.googleapis.com/operations.cancelblockchainnodeengine.googleapis.com/operations.delete
serviceusage.googleapis.com/services.enable
See also
- Access control with IAM - API keys
- Access Control with IAM - Service usage
- IAM basic and predefined roles reference
- IAM permissions reference
- Manage access to projects, folders, and organizations
- Roles and permissions