This page describes how you can control Discovery for Media access and permissions using Identity and Access Management (IAM).
Overview
Google Cloud offers Identity and Access Management (IAM), which lets you give more granular access to specific Google Cloud resources and prevents unwanted access to other resources. This page describes the Discovery for Media IAM roles and permissions. For a detailed description of Google Cloud IAM, see the IAM documentation.
Discovery for Media provides a set of predefined roles designed to help you easily control access to your Discovery for Media resources. You can also create your own custom roles, if the predefined roles do not provide the sets of permissions you need. In addition, the older basic roles (Editor, Viewer, and Owner) are also still available to you, although they do not provide the same fine-grained control as the Discovery for Media roles. In particular, the basic roles provide access to resources across Google Cloud rather than just for Discovery for Media. See the basic roles documentation for more information.
Predefined roles
Discovery for Media provides some predefined roles that you can use to provide finer-grained permissions to principals. The role you grant to a principal controls what actions the principal can take. Principals can be individuals, groups, or service accounts.
You can grant multiple roles to the same principal, and you can change the roles granted to a principal at any time, provided you have the permissions to do so.
The broader roles include the more narrowly defined roles. For example, the Discovery Engine Editor role includes all of the permissions of the Discovery Engine Viewer role, along with the addition permissions of the Discovery Engine Editor role. Likewise, the Discovery Engine Admin role includes all of the permissions of the Discovery Engine Editor role, along with its additional permissions.
The following table lists the Discovery Engine IAM roles with a corresponding list of all the permissions that each role.
You can also use basic roles to make DNS changes.
Role | Permissions |
---|---|
Discovery Engine Admin( Grants full access to all discoveryengine resources. |
|
Discovery Engine Editor( Grants read and write access to all discovery engine resources. |
|
Discovery Engine Viewer( Grants read access to all discovery engine resources. |
|
Manage Discovery for Media IAM
You can get and set IAM allow policies and IAM roles using the Google Cloud Console. For more information, see Manage access to projects, folders, and organizations.
What's next
- Learn how to manage access to projects, folders, and organizations.
- Learn more about IAM.
- Learn more about basic roles.
- Learn more about custom roles.