Cloud DLP IAM roles

Standard roles

The following table describes Cloud Identity and Access Management roles that are associated with Cloud DLP, and lists permissions that are contained in each role.

Role	Description	Permissions
roles/dlp.admin	Full control over objects, including listing, creating, viewing, and deleting objects	dlp.inspectTemplates.*
		dlp.deidentifyTemplates.*
		dlp.jobs.*
		dlp.jobTriggers.*
roles/dlp.jobsEditor	Can view and edit DlpJob objects.	dlp.jobs.*
		dlp.kms.encrypt
roles/dlp.jobsReader	Can view DlpJob objects.	dlp.jobs.get
		dlp.jobs.list
roles/dlp.jobTriggersEditor	Can view and edit JobTrigger objects.	dlp.jobTriggers.*
roles/dlp.jobTriggersReader	Can view JobTrigger objects.	dlp.jobTriggers.get
		dlp.jobTriggers.list
roles/dlp.inspectTemplatesEditor	Can view and edit InspectTemplate objects.	dlp.inspectTemplates.*
roles/dlp.inspectTemplatesReader	Can view InspectTemplate objects.	dlp.inspectTemplates.get
		dlp.inspectTemplates.list
roles/dlp.deidentifyTemplatesEditor	Can view and edit DeidentifyTemplate objects.	dlp.deidentifyTemplates.*
roles/dlp.deidentifyTemplatesReader	Can view DeidentifyTemplate objects.	dlp.deidentifyTemplates.get
		dlp.deidentifyTemplates.list
roles/dlp.storedInfoTypesEditor	Can view and edit StoredInfoType objects.	dlp.storedInfoTypes.*
roles/dlp.storedInfoTypesReader	Can view and use StoredInfoType objects.	dlp.storedInfoTypes.get
		dlp.storedInfoTypes.list

Custom roles

If you want to define your own roles to contain bundles of permissions that you specify, use custom roles.