Runtime Configurator Access Control Options

This page describes how to set access control on your Runtime Configurator resources using Google Identity and Access Management. For information about Runtime Configurator, read the Runtime Configurator Fundamentals.

Before you begin

IAM Roles

Runtime Configurator supports basic roles for its resources. That means you can grant either the owner, editor, or viewer role to give other users the right amount of access to Runtime Configurator resources. You must grant these permissions on the project level or on the Config resource level.

There are no predefined roles for Runtime Configurator.

Permissions

With IAM, Each API method requires a specific permission in order to be called. Use the table below to determine which permissions are necessary for the desired API method.

Method Required Permission(s) Roles that allow you to call this method
projects.configs.create runtimeconfig.configs.create
  • roles/owner
  • roles/editor
projects.configs.delete runtimeconfig.configs.delete
  • roles/owner
  • roles/editor
projects.configs.get runtimeconfig.configs.get
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.list runtimeconfig.configs.list
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.update runtimeconfig.configs.update
  • roles/owner
  • roles/editor
projects.configs.operations.get runtimeconfig.configs.operations.get
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.variables.create runtimeconfig.variables.create
  • roles/owner
  • roles/editor
projects.configs.variables.delete runtimeconfig.variables.delete
  • roles/owner
  • roles/editor
projects.configs.variables.get runtimeconfig.variables.get
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.variables.list runtimeconfig.variables.list
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.variables.update runtimeconfig.variables.update
  • roles/owner
  • roles/editor
projects.configs.variables.watch runtimeconfig.variables.watch
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.waiters.create runtimeconfig.waiters.create
  • roles/owner
  • roles/editor
projects.configs.waiters.delete runtimeconfig.waiters.delete
  • roles/owner
  • roles/editor
projects.configs.waiters.get runtimeconfig.waiters.get
  • roles/owner
  • roles/editor
  • roles/viewer
projects.configs.waiters.list runtimeconfig.waiters.list
  • roles/owner
  • roles/editor
  • roles/viewer

What's next