Predefined IAM roles

This page applies to Apigee and Apigee hybrid.

Predefined roles give granular access to specific Google Cloud resources. These roles are created and maintained by Google. Google automatically updates their permissions as necessary, such as when Google Cloud adds new features or services.

The following table lists all the predefined IAM roles for API hub:

  • API hub
IAM role Granted permissions

(roles/apihub.admin)

Full access to all API hub resources.

apihub.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apihub.attributeAdmin)

Full access to all Cloud API hub attribute's resources.

apihub.attributes.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apihub.editor)

Edit access to most of Cloud API Hub resources.

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.*

apihub.apis.*

apihub.attributes.get

apihub.attributes.list

apihub.definitions.*

apihub.dependencies.*

apihub.deployments.*

apihub.externalApis.*

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.*

apihub.locations.searchResources

apihub.operations.get

apihub.operations.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.*

apihub.styleGuides.get

apihub.versions.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apihub.pluginAdmin)

Full access to all Cloud API hub plugin's resources.

apihub.plugins.*

apihub.specs.lint

apihub.styleGuides.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apihub.provisioningAdmin)

Full access to Cloud API hub provisioning related resources.

apihub.apiHubInstances.*

apihub.hostProjectRegistrations.*

apihub.operations.*

apihub.runTimeProjectAttachments.*

resourcemanager.projects.get

resourcemanager.projects.list

(roles/apihub.viewer)

View access to all Cloud API hub resources.

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.get

apihub.apiOperations.list

apihub.apis.get

apihub.apis.list

apihub.attributes.get

apihub.attributes.list

apihub.definitions.get

apihub.definitions.list

apihub.dependencies.get

apihub.dependencies.list

apihub.deployments.get

apihub.deployments.list

apihub.externalApis.get

apihub.externalApis.list

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.get

apihub.llmEnablements.list

apihub.locations.searchResources

apihub.operations.get

apihub.operations.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.get

apihub.specs.list

apihub.styleGuides.get

apihub.versions.get

apihub.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

For more information about predefined roles, see Roles and permissions. For help choosing the most appropriate predefined roles, see Choose predefined roles.