Resource types that accept IAM policies

This page lists the resource types on which you can set Identity and Access Management (IAM) policies.

Select a service to see which of its resource types support IAM policies:

Service	Resources that accept IAM policies
AI Platform	Jobs (training) Jobs (predicting) Models
AI Platform Notebooks	Instances
Apigee	Environments
Artifact Registry	Repositories
AutoML	Datasets Locations Models
BigQuery	Connections
Cloud Bigtable	Backups Instances Tables
Binary Authorization	Attestors Policy
Cloud Billing	Accounts
Cloud Data Fusion	Instances
Cloud Deployment Manager	Deployments
Cloud Functions	Functions
Cloud Healthcare API	Datasets DICOM stores FHIR stores H17v2 stores
Cloud IoT	Registries
Cloud Key Management Service	Cryptographic keys Import jobs Key rings
Cloud Run	Services
Cloud Runtime Configuration API	Configs
Cloud Source Repositories	Repos
Cloud Spanner	Backups Databases Instances
Cloud Storage	Buckets
Cloud Tasks	Queues
Compute Engine	Backend buckets Disks Images Instance templates Instances Licenses Machine images Node groups Node templates Region disks Reservations Resource policies Snapshots Subnetworks
Container Analysis	Notes Occurrences
Data Catalog	Entries Entry groups Policy tags Tag templates Taxonomies
Dataproc	Autoscaling policies (for locations) Autoscaling policies (for regions) Clusters Jobs Operations Workflow templates (for locations) Workflow templates (for regions)
Game Servers	Game server deployments
Identity and Access Management	Service accounts
Identity-Aware Proxy	Tunnel Tunnel instances Tunnel zones Web Web service versions Web services Web types
Managed Service for Microsoft Active Directory	Domains
Network Management API	Connectivity tests
Pub/Sub	Snapshots Subscriptions Topics
Resource Manager	Folders Organizations Projects
Secret Manager	Secrets
Security Command Center	Sources
Service Directory	Namespaces Services
Service Management	Consumers Services