This page provides information on Cloud Optimization API roles and permissions.
For additional information on access controls in Cloud Optimization, see the Access control topic.
Overview
When an identity calls a Google Cloud API, Cloud Optimization API requires that the identity has the appropriate permissions to use the resource. You can grant permissions by granting roles to a user, a group, or a service account.
This page describes the Cloud Optimization IAM permissions that you can grant to identities to perform specific Cloud Optimization operations.
IAM role types
There are three types of roles in IAM:
Basic roles include the Owner, Editor, and Viewer roles. The basic roles represent the access controls that existed prior to the introduction of IAM.
Predefined roles provide granular access for a specific service and are managed by Google Cloud. Predefined roles are meant to support common use cases and access control patterns.
Custom roles provide granular access according to a user-specified list of permissions.
To determine if one or more permissions are included in a basic, predefined, or custom role, you can use one of the following methods:
- The
gcloud iam roles describe
command - The
roles.get()
method in the IAM API
When you assign both predefined and basic roles to a user, the permissions granted are a union of each role's permissions.
Cloud Optimization permissions
The following table lists operations and the permissions they require.
Operation permissions
Operation permission name | Description |
---|---|
cloudoptimization.operations.create |
Create longrunning operations through batchOptimizeTours method |
cloudoptimization.operations.get |
Get longrunning operations for operations |
What's next
- For information on Cloud Optimization predefined, basic and custom roles, as well as general information about service accounts and agents, see Access control.
- For detailed information about controlling permissions with a custom service account, see Use a custom service account in the Vertex AI documentation.
- Learn more about using IAM to access resources in the Granting, changing, and revoking access to resources topic of the IAM documentation.