This page lists the permissions required by Google Distributed Cloud Edge and the Identity and Access Management (IAM) roles that encapsulate them.
Roles
This section lists the IAM roles that encapsulate Distributed Cloud Edge permissions.
Google Cloud project roles for Distributed Cloud Edge
The following table lists the Google Cloud project roles and the Distributed Cloud Edge permissions that they encapsulate.
Role | Resources | Permissions |
---|---|---|
Edge Container Viewerroles/edgecontainer.viewer |
zones, nodes, node pools, clusters, VPN connections |
|
Edge Container Adminroles/edgecontainer.admin |
zones, nodes, node pools, clusters, VPN connections | Includes all permissions from the Edge Container Viewer role, plus the following:
|
Edge Container Machine Userroles/edgecontainer.machineUser |
machines |
|
Edge Container Offline Credential Userroles/edgecontainer.offlineCredentialUser |
clusters |
|
Edge Network Viewerroles/edgenetwork.viewer |
zones, networks, subnets, interconnects, interconnect attachments, routers, locations, operations |
|
Edge Network Adminroles/edgenetwork.admin |
zones, networks, subnets, interconnects, interconnect attachments, routers, operations | Includes all permissions from the Edge Network Viewer role, plus the following:
|
Custom roles
Google Cloud also allows you to create custom roles that encapsulate permissions specific to your business needs, such as the principle of least privilege. For instructions, see Create and manage custom roles.
Permissions
This section lists the permissions required to perform specific operations on Distributed Cloud Edge resources.
Operation and method | Resource | Permission |
---|---|---|
List regions in the Google Cloud project.locations.list |
regions | edgecontainer.locations.list on the target Google Cloud project |
Get information about a region.locations.get |
regions | edgecontainer.locations.get on the target Google Cloud project |
Create a cluster.clusters.create |
clusters | edgecontainer.clusters.create on the target Google Cloud project |
List clusters in the Google Cloud project.clusters.list |
clusters | edgecontainer.clusters.list on the target Google Cloud project |
Obtain credentials for the cluster.clusters.get |
clusters | edgecontainer.clusters.get on the target Google Cloud project |
Generate an access token for the cluster.clusters.generateAccessToken |
clusters | edgecontainer.clusters.generateAccessToken on the target Google Cloud project |
Modify a cluster.clusters.update |
clusters | edgecontainer.clusters.update on the target Google Cloud project |
Upgrade, downgrade, or pin a cluster to a specific Distributed Cloud Edge software stack version.clusters.upgrade |
clusters | edgecontainer.clusters.upgrade on the target Google Cloud project |
Generate an offline access credential for a local control plane cluster.clusters.generateOfflineCredential |
clusters | edgecontainer.clusters.generateOfflineCredential on the target Google Cloud project |
Delete a cluster.clusters.delete |
clusters | edgecontainer.clusters.delete on the target Google Cloud project |
Create a node pool.nodePools.create |
node pools | edgecontainer.nodePools.create on the target Google Cloud project |
List node pools in the Google Cloud project.nodePools.list |
node pools | edgecontainer.nodePools.list on the target Google Cloud project |
Get information about a node pool.nodePools.get |
node pools | edgecontainer.nodePools.get on the target Google Cloud project |
Modify a node pool.nodePools.update |
node pools | edgecontainer.nodePools.update on the target Google Cloud project |
Delete a node pool.nodePools.delete |
node pools | edgecontainer.nodePools.delete on the target Google Cloud project |
Create a node (machine).machines.create |
nodes | edgecontainer.machines.create on the target Google Cloud project |
List nodes (machines) in the Google Cloud project.machines.list |
nodes | edgecontainer.machines.list on the target Google Cloud project |
Get information about a node (machine).machines.get |
nodes | edgecontainer.machines.get on the target Google Cloud project |
Modify a node (machine).machines.update |
nodes | edgecontainer.machines.update on the target Google Cloud project |
Deploy a workload to a node (machine).machines.use |
nodes | edgecontainer.machines.use on the target Google Cloud project |
Delete a node (machine).machines.delete |
nodes | edgecontainer.machines.delete on the target Google Cloud project |
List workloads deployed in a zone.operations.list |
operations | edgecontainer.operations.list on the target Google Cloud project |
Get information about a workload.operations.get |
operations | edgecontainer.operations.get on the target Google Cloud project |
Cancel a workload in progress.operations.cancel |
operations | edgecontainer.operations.cancel on the target Google Cloud project |
Delete a workload.operations.delete |
operations | edgecontainer.operations.delete on the target Google Cloud project |
Get the server configuration for a cluster.serverconfig.get |
serverconfig | edgecontainer.serverconfig.get on the target Google Cloud project |
Create a VPN connection.vpnConnections.create |
VPN connections | edgecontainer.vpnConnections.create on the target Google Cloud project |
List VPN connections in the Google Cloud project.vpnConnections.list |
VPN connections | edgecontainer.vpnConnections.list on the target Google Cloud project |
Get information about a VPN connection.vpnConnections.get |
VPN connections | edgecontainer.vpnConnections.get on the target Google Cloud project |
Modify a VPN connection.vpnConnections.update |
VPN connections | edgecontainer.vpnConnections.update on the target Google Cloud project |
Delete a VPN connection.vpnConnections.delete |
VPN connections | edgecontainer.vpnConnections.delete on the target Google Cloud project |
List zones in the Google Cloud project.zones.list |
zones | edgenetwork.zones.list on the target machine Google Cloud project |
Get information about a zone.zones.get |
zones | edgenetwork.zones.get on the target machine Google Cloud project |
Initialize a zone.zones.initialize |
zones | edgenetwork.zones.initialize on the target machine Google Cloud project |
Create a network.networks.create |
networks | edgenetwork.networks.create on the target machine Google Cloud project |
List networks in the Google Cloud project.networks.list |
networks | edgenetwork.networks.list on the target machine Google Cloud project |
Get information about a network.networks.get |
networks | edgenetwork.networks.get on the target machine Google Cloud project |
Get status about a network.networks.getStatus |
networks | edgenetwork.networks.getStatus on the target machine Google Cloud project |
Delete a network.networks.delete |
networks | edgenetwork.networks.delete on the target machine Google Cloud project |
Create a subnet.subnetworks.create |
subnets | edgenetwork.subnetworks.create on the target machine Google Cloud project |
List subnets in the Google Cloud project.subnetworks.list |
subnets | edgenetwork.subnetworks.list on the target machine Google Cloud project |
Get information about a subnet.subnetworks.get |
subnets | edgenetwork.subnetworks.get on the target machine Google Cloud project |
Delete a subnet.subnetworks.delete |
subnets | edgenetwork.subnetworks.delete on the target machine Google Cloud project |
List interconnects in the Google Cloud project.interconnects.list |
interconnects | edgenetwork.interconnects.list on the target machine Google Cloud project |
Get information about an interconnect.interconnects.get |
interconnects | edgenetwork.interconnects.get on the target machine Google Cloud project |
Get diagnostic information about an interconnect.interconnects.getDiagnostics |
interconnects | edgenetwork.interconnects.getDiagnostics on the target machine Google Cloud project |
Create an interconnect attachment.interconnectAttachments.create |
interconnect attachments | edgenetwork.interconnectAttachments.create on the target machine Google Cloud project |
List interconnect attachments in the Google Cloud project.interconnectAttachments.list |
interconnect attachments | edgenetwork.interconnectAttachments.list on the target machine Google Cloud project |
Get information about an interconnect attachment.interconnectAttachments.get |
interconnect attachments | edgenetwork.interconnectAttachments.get on the target machine Google Cloud project |
Delete an interconnect attachment.interconnectAttachments.delete |
interconnect attachments | edgenetwork.interconnectAttachments.delete on the target machine Google Cloud project |
Create a router.routers.create |
routers | edgenetwork.routers.create on the target machine Google Cloud project |
List routers in the Google Cloud project.routers.list |
routers | edgenetwork.routers.list on the target machine Google Cloud project |
Get status about a router.routers.getRouterStatus |
routers | edgenetwork.routers.getRouterStatus on the target machine Google Cloud project |
Get information about a router.routers.get |
routers | edgenetwork.routers.get on the target machine Google Cloud project |
Modify a router.routers.update |
routers | edgenetwork.routers.update on the target machine Google Cloud project |
Delete a router.routers.delete |
routers | edgenetwork.routers.delete on the target machine Google Cloud project |
List workloads deployed in a zone.operations.list |
operations | edgenetwork.operations.list on the target machine Google Cloud project |
Get information about a workload.operations.get |
operations | edgenetwork.operations.get on the target machine Google Cloud project |
Cancel a workload in progress.operations.cancel |
operations | edgenetwork.operations.cancel on the target machine Google Cloud project |
Delete a workload.operations.delete |
operations | edgenetwork.operations.delete on the target machine Google Cloud project |
List locations in the machine Google Cloud project.locations.list |
locations | edgenetwork.locations.list on the target machine Google Cloud project |
Get information about a location.locations.get |
locations | edgenetwork.locations.get on the target machine Google Cloud project |