IAM (Identity and Access Management) allows you to set permissions on invidual resources and offers a wider range of roles: editor, owner, publisher, subscriber, and viewer. This
gives you greater flexibility and allows you to set more fine-grained access control.
Grant access on a per-topic or per-subscription basis, rather than for the whole Cloud project.
Grant access with limited capabilities, such as to only publish messages to a topic, or to only to consume messages from a subscription, but not to delete the topic or subscription.
The IAM access control features described in this document are Beta,
including the API methods to get and set IAM policies, and to test IAM
permissions. Cloud Pub/Sub's use of IAM features is not covered by any
SLA or deprecation policy, and may be subject to backward-incompatible