Cloud DLP IAM roles

IAM Roles

Standard roles

The following table describes Cloud Identity and Access Management roles that are associated with Cloud DLP, and lists permissions that are contained in each role.

Role Description Permissions
roles/dlp.admin

Full control over objects, including listing, creating, viewing, and deleting objects

dlp.inspectTemplates.*
dlp.deidentifyTemplates.*
dlp.jobs.*
dlp.jobTriggers.*
roles/dlp.jobsEditor Can view and edit DlpJob objects. dlp.jobs.*
dlp.kms.encrypt
roles/dlp.jobsReader Can view DlpJob objects. dlp.jobs.get
dlp.jobs.list
roles/dlp.jobTriggersEditor Can view and edit JobTrigger objects. dlp.jobTriggers.*
roles/dlp.jobTriggersReader Can view JobTrigger objects. dlp.jobTriggers.get
dlp.jobTriggers.list
roles/dlp.inspectTemplatesEditor Can view and edit InspectTemplate objects. dlp.inspectTemplates.*
roles/dlp.inspectTemplatesReader Can view InspectTemplate objects. dlp.inspectTemplates.get
dlp.inspectTemplates.list
roles/dlp.deidentifyTemplatesEditor Can view and edit DeidentifyTemplate objects. dlp.deidentifyTemplates.*
roles/dlp.deidentifyTemplatesReader Can view DeidentifyTemplate objects. dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
roles/dlp.storedInfoTypesEditor Can view and edit StoredInfoType objects. dlp.storedInfoTypes.*
roles/dlp.storedInfoTypesReader Can view and use StoredInfoType objects. dlp.storedInfoTypes.get
dlp.storedInfoTypes.list

Custom roles

If you want to define your own roles to contain bundles of permissions that you specify, use custom roles.

Was this page helpful? Let us know how we did:

Send feedback about...

Data Loss Prevention Documentation