This page describes the Identity and Access Management (IAM) roles and permissions that you'll need to grant to members of your team who use Producer Portal.
For more information about granting access to roles and resources, see the IAM documentation on Granting, changing, and revoking access to resources. If you don't have the permissions you need to grant roles, contact your organization's administrator and request access.
Configure access control for managing your Partner Advantage account and your organization
For users to manage your Partner Advantage account and your organization-level settings, grant them one of the following two roles:
Commerce Business Enablement Configuration Admin (
roles/commercebusinessenablement.admin)Commerce Business Enablement Configuration Viewer (
roles/commercebusinessenablement.viewer)
Configure access control for viewing, creating, and managing product listings in Producer Portal
Access control for viewing product listings
For users to view in-progress product listings that you create in
Producer Portal, grant them the
Commerce Producer Viewer
(roles/commerceproducer.viewer) role.
Access control for creating and managing product listings
For users to create and manage product listings in Producer Portal, grant them the following roles:
Commerce Producer Admin (
roles/commerceproducer.admin)- This role provides full access to all resources for your products.
Service Management Administrator (
roles/servicemanagement.admin)
Additional roles for creating and managing virtual machine (VM) and Kubernetes product listings
For users to create and manage VM or Kubernetes product listings, grant them the following role in addition to the standard roles for creating and managing product listings in Producer Portal:
- Compute Storage Admin
(
roles/compute.storageAdmin)
If you used the VM guided configuration to create your VM product's deployment package, then also grant users the following roles for the Cloud Storage bucket where you store your product's deployment package:
Storage Object Viewer (
roles/storage.objectViewer)Storage Object Creator (
roles/storage.objectCreator)
Configure access control for previewing your products in Cloud Marketplace
If you want users to be able to preview your product's listing as your customers see it in Cloud Marketplace, you must grant them the following role:
- Service Management Consumer
(
roles/servicemanagement.serviceConsumer)
Configure access control for creating and managing private offers in Producer Portal
For users to create and manage private offers in the Private offers tab of Producer Portal, grant them the following roles:
Commerce Price Management Private Offers Admin (
roles/commercepricemanagement.privateOffersAdmin)Commerce Producer Viewer (
roles/commerceproducer.viewer)
Access control for viewing key events for private offers
For users to
view the history of an offer
that your organization has published, grant them the
Commerce Price Management Events Viewer
(roles/commercepricemanagement.eventsViewer) role.
Configure access control for managing disbursements and payments in Producer Portal
For users to create payment profiles to manage disbursement and payment settings in the Payments tab of Producer Portal, grant them the following roles:
Commerce Business Enablement PaymentConfig Admin (
roles/commercebusinessenablement.paymentConfigAdmin)Commerce Producer Viewer (
roles/commerceproducer.viewer)
Configure access control for reselling of your Cloud Marketplace products
If you've allowed resellers to resell your Cloud Marketplace products, you can refer to the following guidelines for granting roles within your Google Cloud organization.
Configure access control for viewing and managing which resellers can resell your products
If you're offering discounts for resellers who resell your Cloud Marketplace products, you can grant the following roles within your Google Cloud organization.
Access control for viewing which resellers are allowed to resell your products
For users to view which resellers are allowed to resell your Cloud Marketplace products, or which resellers have been disallowed from reselling your products, grant them one of the following roles:
- Commerce Business Enablement Configuration Viewer
(
roles/commercebusinessenablement.viewer) - Commerce Business Enablement Configuration Admin
(
roles/commercebusinessenablement.admin)
Access control for managing which resellers are allowed to resell your products
For users to manage which resellers are allowed to resell your
Cloud Marketplace products, grant them the
Commerce Business Enablement Configuration Admin
(roles/commercebusinessenablement.admin) role.
Configure access control for viewing, creating, and managing reseller discounts in Producer Portal
If you're offering discounts for resellers who resell your Cloud Marketplace products, you can refer to the following guidelines for granting roles within your Google Cloud organization.
Access control for viewing reseller discounts in Producer Portal
For users to view resources and configurations related to reseller discounts in Producer Portal, grant them the following roles:
Commerce Business Enablement Reseller Discount Viewer (
roles/commercebusinessenablement.resellerDiscountViewer)Commerce Price Management Viewer (
roles/commercepricemanagement.viewer)
Access control for creating and managing reseller discounts in Producer Portal
For users to create and manage resources and configurations related to reseller discounts in Producer Portal, grant them the following roles:
Commerce Business Enablement Reseller Discount Admin (
roles/commercebusinessenablement.resellerDiscountAdmin)Commerce Price Management Viewer (
roles/commercepricemanagement.viewer)
Configure access control for managing analytics and reports in Producer Portal
For users to manage analytics, test accounts, sales lead management, and reports for your products in the Analytics, Sales lead management, and Reports tabs of Producer Portal, grant them the following roles:
Commerce Business Enablement Configuration Admin (
roles/commercebusinessenablement.admin)Commerce Producer Viewer (
roles/commerceproducer.viewer)(Reports tab only) Project Viewer(
roles/viewer)