Config Controller roles and permissions

This page describes the Identity and Access Management (IAM) roles and permissions for Config Controller. To help you control access, Config Controller uses IAM roles and permissions. IAM lets you grant granular access to specific Google Cloud resources and helps prevent access to other resources.

Roles

Config Controller has predefined roles. The following table lists these roles and the permissions that the roles include:

Role Permissions

Config Controller Admin
(roles/krmapihosting.admin)

Full access to all Config Controller resources.

  • krmapihosting.*
  • resourcemanager.projects.get
  • resourcemanager.projects.list

Config Controller Viewer
(roles/krmapihosting.viewer)

Read-only access to all Config Controller resources.

  • krmapihosting.krmApiHosts.get
  • krmapihosting.krmApiHosts.getIamPolicy
  • krmapihosting.krmApiHosts.list
  • krmapihosting.locations.*
  • krmapihosting.operations.get
  • krmapihosting.operations.list
  • resourcemanager.projects.get
  • resourcemanager.projects.list

For more information on how you should assign roles, see Choose predefined roles. You can also create your own custom roles that contain exactly the permissions that you specify.

Permissions

The following table lists the permissions that the caller must have to call each Config Controller method and which roles grant the permissions:

Permission Granted by roles
krmapihosting.krmApiHosts.create
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.krmApiHosts.delete
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.krmApiHosts.get
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.krmApiHosts.getIamPolicy
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Security Admin (roles/iam.securityAdmin)
  • Security Reviewer (roles/iam.securityReviewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.krmApiHosts.list
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Security Admin (roles/iam.securityAdmin)
  • Security Reviewer (roles/iam.securityReviewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.krmApiHosts.setIamPolicy
  • Owner (roles/owner)
  • Security Admin (roles/iam.securityAdmin)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.krmApiHosts.update
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.locations.get
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Viewer (roles/viewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.locations.list
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Viewer (roles/viewer)
  • Security Admin (roles/iam.securityAdmin)
  • Security Reviewer (roles/iam.securityReviewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.operations.cancel
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.operations.delete
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Config Controller Admin (roles/krmapihosting.admin)
krmapihosting.operations.get
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Viewer (roles/viewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)
krmapihosting.operations.list
  • Owner (roles/owner)
  • Editor (roles/editor)
  • Viewer (roles/viewer)
  • Security Admin (roles/iam.securityAdmin)
  • Security Reviewer (roles/iam.securityReviewer)
  • Config Controller Admin (roles/krmapihosting.admin)
  • Config Controller Viewer (roles/krmapihosting.viewer)

What's next

  • Learn about IAM.