This page lists the permissions required by Distributed Cloud Edge and the Identity and Access Management roles that encapsulate them.
Permissions
This section lists the permissions required to perform specific operations on Distributed Cloud Edge resources.
Operation and method | Resource | Permission |
---|---|---|
List Zones in the Cloud projectlocations.list |
Zones | edgecontainer.locations.list on the target Cloud project.
|
Get information about a Zonelocations.get |
Zones | edgecontainer.locations.get on the target Cloud project.
|
Create a Clusterclusters.create |
Clusters | edgecontainer.clusters.create on the target Cloud project.
|
List Clusters in the Cloud projectclusters.list |
Clusters | edgecontainer.clusters.list on the target Cloud project.
|
Obtain credentials for the Clusterclusters.get |
Clusters | edgecontainer.clusters.get on the target Cloud project.
|
Generate an Access Token for the clusterclusters.generateAccessToken |
Clusters | edgecontainer.clusters.generateAccessToken on the target Cloud project.
|
Modify a Clusterclusters.update |
Clusters | edgecontainer.clusters.update on the target Cloud project.
|
Delete a Clusterclusters.delete |
Clusters | edgecontainer.clusters.delete on the target Cloud project.
|
Create a NodePoolnodePools.create |
NodePools | edgecontainer.nodePools.create on the target Cloud project.
|
List NodePools in the Cloud projectnodePools.list |
NodePools | edgecontainer.nodePools.list on the target Cloud project.
|
Get information abut a NodePoolnodePools.get |
NodePools | edgecontainer.nodePools.get on the target Cloud project.
|
Modify a NodePoolnodePools.update |
NodePools | edgecontainer.nodePools.update on the target Cloud project.
|
Delete a NodePoolnodePools.delete |
NodePools | edgecontainer.nodePools.delete on the target Cloud project.
|
Create a Node (Machine)machines.create |
Nodes | edgecontainer.machines.create on the target Cloud project.
|
List Nodes (Machines) in the Cloud projectmachines.list |
Nodes | edgecontainer.machines.list on the target Cloud project.
|
Get information about a Node (Machine)machines.get |
Nodes | edgecontainer.machines.get on the target Cloud project.
|
Modify a Node (Machine)machines.update |
Nodes | edgecontainer.machines.update on the target Cloud project.
|
Deploy a workload to a Node (Machine)machines.use |
Nodes | edgecontainer.machines.use on the target Cloud project.
|
Delete a Node (Machine)machines.delete |
Nodes | edgecontainer.machines.delete on the target Cloud project.
|
List workloads deployed in a Zoneoperations.list |
Operations | edgecontainer.operations.list on the target Cloud project.
|
Get information about a workloadoperations.get |
Operations | edgecontainer.operations.get on the target Cloud project.
|
Cancel a workload in progressoperations.cancel |
Operations | edgecontainer.operations.cancel on the target Cloud project.
|
Delete a workloadoperations.delete |
Operations | edgecontainer.operations.delete on the target Cloud project.
|
Create a VPN ConnectionvpnConnections.create |
VPN Connections | edgecontainer.vpnConnections.create on the target Cloud project.
|
List VPN Connections in the Cloud projectvpnConnections.list |
VPN Connections | edgecontainer.vpnConnections.list on the target Cloud project.
|
Get information abut a VPN ConnectionvpnConnections.get |
VPN Connections | edgecontainer.vpnConnections.get on the target Cloud project.
|
Modify a VPN ConnectionvpnConnections.update |
VPN Connections | edgecontainer.vpnConnections.update on the target Cloud project.
|
Delete a VPN ConnectionvpnConnections.delete |
VPN Connections | edgecontainer.vpnConnections.delete on the target Cloud project.
|
Roles
This section lists the IAM roles that encapsulate Distributed Cloud Edge permissions.
Cloud project roles for Distributed Cloud Edge
The following table lists the Cloud project roles and the Distributed Cloud Edge permissions they encapsulate.
Role | Resources | Permissions |
---|---|---|
GDCE Vieweredgecontainer.viewer |
Zones, Nodes, NodePools, Clusters, VPN Connections |
|
GDCE Adminedgecontainer.admin |
Zones, Nodes, NodePools, Clusters, VPN Connections | Includes all permissions from the GDCE Viewer role, plus the following:
|
GDCE Machine Useredgecontainer.machineUser |
Machines |
|
Custom roles
Google Cloud also allows you to create custom roles that encapsulate permissions specific to your business needs, such as the principle of least privilege. For instructions, see Creating and managing custom roles.