Control access with IAM
Cloud Profiler controls access to profiling activities in Google Cloud projects by using Identity and Access Management (IAM) roles and permissions.
Overview
To use Cloud Profiler for a Google Cloud project, you must have the appropriate IAM permissions on that project.
Permissions are not granted directly to users; permissions are instead granted indirectly through roles, which group permissions. For more information on these concepts, see the IAM documentation on roles, permissions, and related concepts.
Permissions and roles
This section summarizes the permissions and roles that apply to Profiler.
Permissions
The following table lists the permissions required for profiling activities:
| Activity | Required permissions |
|---|---|
| Create profiles | cloudprofiler.profiles.create |
| List profiles | cloudprofiler.profiles.list |
| Modify profiles | cloudprofiler.profiles.update |
Roles
IAM roles include permissions and can be assigned to users, groups, and service accounts. The following table lists the roles for Profiler:
| Role | Permissions |
|---|---|
Cloud Profiler Agent( Cloud Profiler agents are allowed to register and provide the profiling data. |
cloudprofiler.profiles.create cloudprofiler.profiles.update |
Cloud Profiler User( Cloud Profiler users are allowed to query and view the profiling data. |
cloudprofiler.profiles.list resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
To learn how to assign Identity and Access Management roles to a user or service account, see Managing Policies.