This page lists the resource types on which you can set Identity and Access Management (IAM) policies.
Select a service to see which of its resource types support IAM policies:
| Service | Resources that accept IAM policies |
|---|---|
| Identity-Aware Proxy |
All web services Individual web services Tunnel Tunnel instances Tunnel zones Web service types Web service versions |
| API Gateway |
APIs Configs Gateways |
| Apigee |
Environments |
| BigQuery |
Row access policies Tables |
| BigQuery Connection API |
Connections |
| Cloud Bigtable |
Backups Instances Tables |
| Binary Authorization |
Attestors Policy |
| Cloud Billing |
Billing accounts |
| Cloud Functions |
Functions |
| Cloud IoT |
Groups Registries |
| Cloud Key Management Service |
Crypto keys Import jobs Key rings |
| Resource Manager |
Folders Organizations Projects Tag keys Tag values |
| Cloud Tasks |
Queues |
| Compute Engine |
Disks Firewall policies Images Instance templates Instances Licenses Node groups Node templates Region disks Reservations Resource policies Snapshots Subnetworks |
| Container Analysis |
Notes Occurrences |
| Data Catalog |
Entry groups Policy tags Tag templates Taxonomies |
| Cloud Data Fusion |
Instances |
| Database Migration Service |
Connection profiles Migration jobs |
| Dataproc |
Autoscaling policies Clusters Jobs Operations Workflow templates |
| Cloud Deployment Manager |
Deployments |
| Cloud Domains |
Registrations |
| Eventarc |
Triggers |
| Game Servers |
Game server deployments |
| GKE Hub |
Memberships |
| Cloud Healthcare API |
Consent stores DICOM stores Datasets FHIR stores HL7v2 stores |
| Identity and Access Management |
Service accounts |
| Managed Service for Microsoft Active Directory |
Domains |
| Dataproc Metastore |
Services |
| AI Platform |
Jobs Models |
| Network Connectivity Center |
Hubs Internal ranges Policy based routes Spokes |
| Network Management API |
Connectivity tests |
| AI Platform Notebooks |
Instances |
| Certificate Authority Service |
Certificate authorities Certificate revocation lists Reusable configs |
| Pub/Sub |
Schemas Snapshots Subscriptions Topics |
| Cloud Run |
Services |
| Secret Manager |
Secrets |
| Security Command Center |
Sources |
| Service Directory |
Namespaces Services |
| Service Management |
Consumers Services |
| Cloud Source Repositories |
Repos |
| Cloud Spanner |
Backups Databases Instances |
| Cloud Storage |
Buckets |
| Artifact Registry |
Repositories |
| AutoML |
Datasets Locations Models |