Config Controller roles and permissions
This page describes the Identity and Access Management (IAM) roles and permissions for Config Controller. To help you control access, Config Controller uses IAM roles and permissions. IAM lets you grant granular access to specific Google Cloud resources and helps prevent access to other resources.
Roles
Config Controller has predefined roles. The following table lists these roles and the permissions that the roles include:
Role | Permissions |
---|---|
Config Controller Admin( Full access to all Config Controller resources. |
krmapihosting.*
resourcemanager.projects.get resourcemanager.projects.list |
Config Controller Viewer( Read-only access to all Config Controller resources. |
krmapihosting.krmApiHosts.get krmapihosting. krmapihosting.krmApiHosts.list krmapihosting.locations.*
krmapihosting.operations.get krmapihosting.operations.list resourcemanager.projects.get resourcemanager.projects.list |
For more information on how you should assign roles, see Choose predefined roles. You can also create your own custom roles that contain exactly the permissions that you specify.
Permissions
Permissions granted by roles
The following table lists the permissions that the caller must have to call each Config Controller method and which roles grant the permissions:
Permission | Granted by roles |
---|---|
krmapihosting.krmApiHosts.create
|
|
krmapihosting.krmApiHosts.delete
|
|
krmapihosting.krmApiHosts.get
|
|
krmapihosting.krmApiHosts.getIamPolicy
|
|
krmapihosting.krmApiHosts.list
|
|
krmapihosting.krmApiHosts.setIamPolicy
|
|
krmapihosting.krmApiHosts.update
|
|
krmapihosting.locations.get
|
|
krmapihosting.locations.list
|
|
krmapihosting.operations.cancel
|
|
krmapihosting.operations.delete
|
|
krmapihosting.operations.get
|
|
krmapihosting.operations.list
|
|
Permissions needed for actions
The following table lists which permission you need to perform specific actions.
Required permission | Method |
---|---|
krmapihosting.krmApiHosts.create |
projects.locations.krmApiHosts.create |
krmapihosting.krmApiHosts.delete |
projects.locations.krmApiHosts.delete |
krmapihosting.krmApiHosts.get |
projects.locations.krmApiHosts.get |
krmapihosting.krmApiHosts.list |
projects.locations.krmApiHosts.list |
krmapihosting.krmApiHosts.update |
projects.locations.krmApiHosts.update |
krmapihosting.operations.get |
projects.locations.operations.get |
krmapihosting.operations.list |
projects.locations.operations.list |
What's next
- Learn about IAM.