IAM permissions and roles
This page describes how you use Identity and Access Management (IAM) roles and permissions to control access to Google Cloud Carbon Footprint data.
Overview
IAM permissions and roles determine your ability to access data through the Google Cloud console and data export.
A role is a collection of permissions. You can't grant a permission to a principal (user or service account) directly; instead, you grant principals a role. When you grant a role to a principal, you grant them all the permissions that the role contains. You can grant multiple roles to the same principal.
To access Carbon Footprint data associated with a billing account, a billing account administrator must grant you one or more IAM roles on the billing account that contain the appropriate carbon data permission.
Permissions
The following table list the Identity and Access Management (IAM) permissions associated with Carbon Footprint.
| Permission | Description |
|---|---|
billing.accounts.getCarbonInformation |
View carbon footprint of a billing account. |
Curated roles
The following table describes Identity and Access Management (IAM) roles associated with Carbon Footprint, and lists the permissions that are contained in each role.
| Role | Description | Permissions |
|---|---|---|
| Carbon Footprint Viewer ( roles/billing.carbonViewer) |
Can list billing accounts and view carbon information. Cannot see detailed billing data. | billing.accounts.listbilling.accounts.getbilling.accounts.getCarbonInformation |
| Billing Account Administrator ( roles/billing.admin) |
Provides access to see and manage all aspects of billing accounts, including carbon information. | See Billing IAM roles documentation for complete list of permissions of this role. Includes but not limited to: billing.accounts.listbilling.accounts.getbilling.accounts.getCarbonInformation |
| Billing Account Viewer ( roles/billing.viewer) |
View billing account cost and pricing information, transactions, and billing and commitment recommendations, including carbon information. | See Billing IAM roles documentation for complete list of permissions of this role. Includes but not limited to: billing.accounts.listbilling.accounts.getbilling.accounts.getCarbonInformation |