Stay organized with collections
Save and categorize content based on your preferences.
An Application Operator (AO) is a member of the development team within the
Platform Administrator (PA) organization. AOs interact with project-level
resources. You can assign the following predefined roles to team members:
K8s Network Policy Admin: Manages network policies in user clusters.
KMS Admin: Manages KMS keys in a project, including the AEADKey and
SigningKey keys. This role can also import and export keys.
KMS Creator: Has create and read access on KMS keys in a project.
KMS Developer: Has access to perform crypto operations using keys in
projects.
KMS Key Export Admin: Has access to export KMS keys as wrapped keys
from the KMS.
KMS Key Import Admin: Has access to import KMS keys as wrapped keys to
the KMS.
KMS Viewer: Has read-only access to KMS keys in their project, and can
view key import and export.
Marketplace Editor: Has create, update, and delete access on service
instances in a project.
MonitoringRule Editor: Has read and write access to MonitoringRule
resources.
MonitoringRule Viewer: Has read-only access to MonitoringRule
custom resources.
MonitoringTarget Editor: Has read and write access to MonitoringTarget
custom resources.
MonitoringTarget Viewer: Has read-only access to MonitoringTarget
custom resources.
Namespace Admin: Manages all resources within the project namespace.
NAT Viewer: Has read-only access to deployments in user clusters.
ObservabilityPipeline Editor: Has read and write access on
ObservabilityPipeine custom resources.
ObservabilityPipeline Viewer: Has read-only access on
ObservabilityPipeline custom resources.
Project Bucket Admin: Manages the storage buckets and objects within
buckets.
Project Bucket Object Admin: Has read-only access on buckets within a
project, and read-write access on the objects in those buckets.
Project Bucket Object Viewer: Has read-only access on buckets within a
project and the objects in those buckets.
Project IAM Admin: Manages the IAM
allow policies of projects.
Project NetworkPolicy Admin: Manages the project network policies in
the project namespace.
Project DB Admin: Administers Database Service for a project.
Project DB Editor: Has read-write access to Database Service for a project.
Project DB Viewer: Has read-only access to Database Service for a project.
Project Viewer: Has read-only access to all resources within project
namespaces.
Project VirtualMachine Admin: Manages VMs in the project namespace.
Project VirtualMachine Image Admin: Manages VM images in the project
namespace.
Secret Admin: Manages Kubernetes secrets in projects.
Secret Viewer: Views Kubernetes secrets in projects.
Service Configuration Admin: Has read and write access to service
configurations within a project namespace.
Service Configuration Viewer: Has read access to service configurations
within a project namespace.
Vertex AI Optical Character Recognition (OCR)
Developer: Accesses the OCR service.
Vertex AI Speech-to-Text Developer: Accesses the
Speech-to-Text service.
Vertex AI Translation Developer: Accesses
the Translation service.
Vertex AI Prediction User: Accesses the Online Prediction service.
Workbench Notebooks Admin: Has read-write access to all notebook
resources within a project namespace.
Workbench Notebooks Viewer: Has read-only access to all notebook
resources within a project namespace.
Common roles
The following predefined common roles apply to all authenticated users:
AI Platform Viewer: Grants permissions to view pre-trained services.
DB Options Viewer: Views all configuration options that can be used in
Database Service.
DB UI Viewer: Grants permissions to authenticated users to view the
Database Service UI.
DNS Suffix Viewer: Accesses the domain name service (DNS) suffix config
map.
Flow Log Admin: Has read and write access to all Flow Log resources.
Flow Log Viewer: Has read-only access to all Flow Log resources.
Marketplace Viewer: Has read-only access on service versions and
service instances.
Pricing Calculator User: Has read-only access to stock keeping unit
(SKU) descriptions.
Project Discovery Viewer: Has read access for all authenticated users to
the project view.
Public Image Viewer: Has read access for all authenticated users on the
public VM images in the namespace vm-images.
Virtual Machine Type Viewer: Has read access to cluster-scoped virtual
machine types.
VM Type Viewer: Has read access to the predefined virtual machine types.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-30 UTC."],[],[]]