Cloud Optimization IAM Permissions

This page provides information on Cloud Optimization API roles and permissions.

For additional information on access controls in Cloud Optimization, see the Access control topic.

Overview

When an identity calls a Google Cloud API, Cloud Optimization API requires that the identity has the appropriate permissions to use the resource. You can grant permissions by granting roles to a user, a group, or a service account.

This page describes the Cloud Optimization IAM permissions that you can grant to identities to perform specific Cloud Optimization operations.

IAM role types

There are three types of roles in IAM:

  • Basic roles include the Owner, Editor, and Viewer roles. The basic roles represent the access controls that existed prior to the introduction of IAM.

  • Predefined roles provide granular access for a specific service and are managed by Google Cloud. Predefined roles are meant to support common use cases and access control patterns.

  • Custom roles provide granular access according to a user-specified list of permissions.

To determine if one or more permissions are included in a basic, predefined, or custom role, you can use one of the following methods:

When you assign both predefined and basic roles to a user, the permissions granted are a union of each role's permissions.

Cloud Optimization permissions

The following table lists operations and the permissions they require.

Operation permissions

Operation permission name Description
cloudoptimization.operations.create Create longrunning operations through batchOptimizeTours method
cloudoptimization.operations.get Get longrunning operations for operations

What's next