English
Deutsch
Español – América Latina
Français
Português – Brasil
中文 – 简体
日本語
한국어

Contact Us Start free

Control access with IAM

This page describes the IAM roles and permissions that are required to set up and use Audit Manager and custom compliance frameworks.

User	Task	Roles and permissions
Administrator	Set up Audit Manager access	Audit Manager Admin (`roles/auditmanager.admin`) This role grants the ability to enable auditing on a project or folder, generate an audit scope, and create or view Audit Manager reports. Storage Admin (`roles/storage.admin`) or Storage Legacy Bucket Owner (`roles/storage.legacyBucketOwner`) These roles grant the ability to create, overwrite, and delete storage buckets. Users need to specify a storage bucket when enrolling a resource for auditing. `resourcemanager.organizations.setIamPolicy` This additional permission is required to enroll an organization. `resourcemanager.folders.setIamPolicy` This additional permission is required to enroll a folder.
Auditor	Run audit and view reports	Audit Manager Auditor (`roles/auditmanager.auditor`) This role grants the ability to generate an audit scope, and to create or view Audit Manager reports. Storage Legacy Object Reader (`roles/storage.legacyObjectReader`) This role grants users the ability to read storage buckets.
Framework administrator	Create or edit custom compliance framework (Preview)	Audit Manager Custom Compliance Framework Admin (`roles/auditmanager.ccfAdmin`) This role grants the ability to create, read, update, delete, view, and list custom compliance frameworks (Preview). This role can only be assigned at the organizational level.
Framework viewer	View custom compliance frameworks (Preview)	Audit Manager Custom Compliance Framework Viewer (`roles/auditmanager.ccfViewer`) This role grants the ability to view and list custom compliance frameworks (Preview). This role is required to run audits against custom compliance frameworks (Preview). This role can only be assigned at the organizational level.

For more information about granting roles, see the IAM documentation.

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-12-19 UTC.