IAM permissions and roles

This page describes how you use Identity and Access Management (IAM) roles and permissions to control access to Google Cloud Carbon Footprint data.

Overview

IAM permissions and roles determine your ability to access data through the Google Cloud console and data export.

A role is a collection of permissions. You can't grant a permission to a principal (user or service account) directly; instead, you grant principals a role. When you grant a role to a principal, you grant them all the permissions that the role contains. You can grant multiple roles to the same principal.

To access Carbon Footprint data associated with a billing account, a billing account administrator must grant you one or more IAM roles on the billing account that contain the appropriate carbon data permission.

Permissions

The following table list the Identity and Access Management (IAM) permissions associated with Carbon Footprint.

Permission Description
billing.accounts.getCarbonInformation View carbon footprint of a billing account.

Curated roles

The following table describes Identity and Access Management (IAM) roles associated with Carbon Footprint, and lists the permissions that are contained in each role.

Role Description Permissions
Carbon Footprint Viewer
(roles/billing.carbonViewer)
Can list billing accounts and view carbon information.
Cannot see detailed billing data.
billing.accounts.list
billing.accounts.get
billing.accounts.getCarbonInformation
Billing Account Administrator
(roles/billing.admin)
Provides access to see and manage all aspects of billing accounts, including carbon information. See Billing IAM roles documentation for complete list of permissions of this role.
Includes but not limited to:
billing.accounts.list
billing.accounts.get
billing.accounts.getCarbonInformation
Billing Account Viewer
(roles/billing.viewer)
View billing account cost and pricing information, transactions, and billing and commitment recommendations, including carbon information. See Billing IAM roles documentation for complete list of permissions of this role.
Includes but not limited to:
billing.accounts.list
billing.accounts.get
billing.accounts.getCarbonInformation