This page lists the per-resource-type export permissions. These only apply to
the RESOURCE or an unspecified content type. They can be used to restrict
which resource types are allowed when using Cloud Asset API to export assets. For
example, when exporting assets with RESOURCE or an unspecified content type,
users with the cloudasset.assets.exportResource permission on a project can
export assets of any resource type. However, users with only
the cloudasset.assets.exportComputeDisks permission on a project will get
a PERMISSION_DENIED error if they try to export assets of resource types other
than compute.googleapis.com/Disk, or with unspecified resource types. For more
information on how to work with IAM permissions, see
IAM how-to guides.
| Resource Type | Per Resource Type Export Permission |
|---|---|
cloudresourcemanager.googleapis.com/Organization |
cloudasset.assets.exportCloudresourcemanagerOrganizations |
cloudresourcemanager.googleapis.com/Folder |
cloudasset.assets.exportCloudresourcemanagerFolders |
cloudresourcemanager.googleapis.com/Project |
cloudasset.assets.exportCloudresourcemanagerProjects |
compute.googleapis.com/Address |
cloudasset.assets.exportComputeAddress |
compute.googleapis.com/GlobalAddress |
cloudasset.assets.exportComputeGlobalAddress |
compute.googleapis.com/Autoscaler |
cloudasset.assets.exportComputeAutoscalers |
compute.googleapis.com/BackendBucket |
cloudasset.assets.exportComputeBackendBuckets |
compute.googleapis.com/BackendService |
cloudasset.assets.exportComputeBackendServices |
compute.googleapis.com/Disk |
cloudasset.assets.exportComputeDisks |
compute.googleapis.com/Firewall |
cloudasset.assets.exportComputeFirewalls |
compute.googleapis.com/ForwardingRule |
cloudasset.assets.exportComputeForwardingRules |
compute.googleapis.com/HealthCheck |
cloudasset.assets.exportComputeHealthChecks |
compute.googleapis.com/HttpHealthCheck |
cloudasset.assets.exportComputeHttpHealthChecks |
compute.googleapis.com/HttpsHealthCheck |
cloudasset.assets.exportComputeHttpsHealthChecks |
compute.googleapis.com/Image |
cloudasset.assets.exportComputeImages |
compute.googleapis.com/Instance |
cloudasset.assets.exportComputeInstances |
compute.googleapis.com/InstanceGroup |
cloudasset.assets.exportComputeInstanceGroups |
compute.googleapis.com/InstanceGroupManager |
cloudasset.assets.exportComputeInstanceGroupManagers |
compute.googleapis.com/InstanceTemplate |
cloudasset.assets.exportComputeInstanceTemplates |
compute.googleapis.com/Interconnect |
cloudasset.assets.exportComputeInterconnect |
compute.googleapis.com/InterconnectAttachment |
cloudasset.assets.exportComputeInterconnectAttachment |
compute.googleapis.com/License |
cloudasset.assets.exportComputeLicenses |
compute.googleapis.com/Network |
cloudasset.assets.exportComputeNetworks |
compute.googleapis.com/Project |
cloudasset.assets.exportComputeProjects |
compute.googleapis.com/RegionDisk |
cloudasset.assets.exportComputeRegionDisk |
compute.googleapis.com/Route |
cloudasset.assets.exportComputeRoutes |
compute.googleapis.com/Router |
cloudasset.assets.exportComputeRouters |
compute.googleapis.com/Snapshot |
cloudasset.assets.exportComputeSnapshots |
compute.googleapis.com/SslCertificate |
cloudasset.assets.exportComputeSslCertificates |
compute.googleapis.com/Subnetwork |
cloudasset.assets.exportComputeSubnetworks |
compute.googleapis.com/TargetHttpProxy |
cloudasset.assets.exportComputeTargetHttpProxies |
compute.googleapis.com/TargetHttpsProxy |
cloudasset.assets.exportComputeTargetHttpsProxies |
compute.googleapis.com/TargetInstance |
cloudasset.assets.exportComputeTargetInstances |
compute.googleapis.com/TargetPool |
cloudasset.assets.exportComputeTargetPools |
compute.googleapis.com/TargetTcpProxy |
cloudasset.assets.exportComputeTargetTcpProxies |
compute.googleapis.com/TargetSslProxy |
cloudasset.assets.exportComputeTargetSslProxies |
compute.googleapis.com/TargetVpnGateway |
cloudasset.assets.exportComputeTargetVpnGateways |
compute.googleapis.com/UrlMap |
cloudasset.assets.exportComputeUrlMaps |
compute.googleapis.com/VpnTunnel |
cloudasset.assets.exportComputeVpnTunnels |
appengine.googleapis.com/Application |
cloudasset.assets.exportAppengineApplications |
appengine.googleapis.com/Service |
cloudasset.assets.exportAppengineServices |
appengine.googleapis.com/Version |
cloudasset.assets.exportAppengineVersions |
cloudbilling.googleapis.com/BillingAccount |
cloudasset.assets.exportCloudbillingBillingAccounts |
storage.googleapis.com/Bucket |
cloudasset.assets.exportStorageBuckets |
osconfig.googleapis.com/PatchDeployment |
cloudasset.assets.exportPatchDeployments |
dns.googleapis.com/ManagedZone |
cloudasset.assets.exportDnsManagedZones |
dns.googleapis.com/Policy |
cloudasset.assets.exportDnsPolicies |
spanner.googleapis.com/Instance |
cloudasset.assets.exportSpannerInstances |
spanner.googleapis.com/Database |
cloudasset.assets.exportSpannerDatabases |
spanner.googleapis.com/Backup |
cloudasset.assets.exportSpannerBackups |
bigquery.googleapis.com/Dataset |
cloudasset.assets.exportBigqueryDatasets |
bigquery.googleapis.com/Table |
cloudasset.assets.exportBigqueryTables |
iam.googleapis.com/Role |
cloudasset.assets.exportIamRoles |
iam.googleapis.com/ServiceAccount |
cloudasset.assets.exportIamServiceAccounts |
pubsub.googleapis.com/Topic |
cloudasset.assets.exportPubsubTopics |
pubsub.googleapis.com/Subscription |
cloudasset.assets.exportPubsubSubscriptions |
dataproc.googleapis.com/Cluster |
cloudasset.assets.exportDataprocClusters |
dataproc.googleapis.com/Job |
cloudasset.assets.exportDataprocJobs |
cloudkms.googleapis.com/KeyRing |
cloudasset.assets.exportCloudkmsKeyRings |
cloudkms.googleapis.com/CryptoKey |
cloudasset.assets.exportCloudkmsCryptoKeys |
cloudkms.googleapis.com/CryptoKeyVersion |
cloudasset.assets.exportCloudkmsCryptoKeyVersions |
cloudkms.googleapis.com/ImportJob |
cloudasset.assets.exportCloudkmsImportJobs |
container.googleapis.com/Cluster |
cloudasset.assets.exportContainerClusters |
container.googleapis.com/NodePool |
cloudasset.assets.exportContainerNodepool |
sqladmin.googleapis.com/Instance |
cloudasset.assets.exportSqladminInstances |
bigtableadmin.googleapis.com/Cluster |
cloudasset.assets.exportBigtableCluster |
bigtableadmin.googleapis.com/Instance |
cloudasset.assets.exportBigtableInstance |
bigtableadmin.googleapis.com/Table |
cloudasset.assets.exportBigtableTable |
k8s.io/Node |
cloudasset.assets.exportContainerNode |
k8s.io/Pod |
cloudasset.assets.exportContainerPod |
k8s.io/Namespace |
cloudasset.assets.exportContainerNamespace |
rbac.authorization.k8s.io/Role |
cloudasset.assets.exportContainerRole |
rbac.authorization.k8s.io/RoleBinding |
cloudasset.assets.exportContainerRolebinding |
rbac.authorization.k8s.io/ClusterRole |
cloudasset.assets.exportContainerClusterrole |
rbac.authorization.k8s.io/ClusterRoleBinding |
cloudasset.assets.exportContainerClusterrolebinding |