Google Cloud offers Identity and Access Management (IAM), which lets you give granular access to specific Google Cloud resources and prevents unwanted access to other resources. This page describes the IAM roles for reCAPTCHA Enterprise.
To learn how to assign IAM roles to a user or service account, read Managing policies in the IAM documentation.
Permissions and roles
This section summarizes the permissions and roles reCAPTCHA Enterprise supports.
API permissions
The following table lists the permissions that the caller must have to call each
method in the reCAPTCHA Enterprise API, recaptchaenterprise.googleapis.com/v1
:
Method (REST/RPC) | Required Permission(s) | For resource type |
---|---|---|
recaptchaenterprise.assessments.annotate / AnnotateAssessmentRequest |
recaptchaenterprise.assessments.annotate |
project |
recaptchaenterprise.assessments.create / CreateAssessmentRequest |
recaptchaenterprise.assessments.create |
project |
recaptchaenterprise.keys.create / CreateKeyRequest |
recaptchaenterprise.keys.create |
project |
recaptchaenterprise.keys.delete / DeleteKeyRequest |
recaptchaenterprise.keys.delete |
project |
recaptchaenterprise.keys.get / GetKeyRequest |
recaptchaenterprise.keys.get |
project |
recaptchaenterprise.keys.list / ListKeysRequest |
recaptchaenterprise.keys.list |
project |
recaptchaenterprise.keys.update / UpdateKeyRequest |
recaptchaenterprise.keys.update |
project |
Roles
IAM roles include permissions and can be assigned to users, groups, and service accounts. The following roles include the listed permissions for reCAPTCHA Enterprise:
Role name | reCAPTCHA Enterprise permissions | Description |
---|---|---|
roles/recaptchaenterprise.agent Cloud reCAPTCHA Enterprise Agent |
recaptchaenterprise.assessments.create recaptchaenterprise.assessments.annotate |
Access to create and annotate reCAPTCHA Enterprise assessments. |
roles/recaptchaenterprise.viewer Cloud reCAPTCHA Enterprise Viewer |
recaptchaenterprise.keys.get recaptchaenterprise.keys.list |
Access to view reCAPTCHA Enterprise keys. |
roles/recaptchaenterprise.admin Cloud reCAPTCHA Enterprise Admin |
Permissions in recaptchaenterprise.viewer , plus:recaptchaenterprise.keys.create recaptchaenterprise.keys.delete recaptchaenterprise.keys.update |
Access to view and modify reCAPTCHA Enterprise keys. |
Custom roles
To create a custom role that includes reCAPTCHA Enterprise permissions, do the following:
- For a role granting permissions only for the reCAPTCHA Enterprise API, choose from the permissions in the preceding section, API permissions.
- For a role granting permissions for the reCAPTCHA Enterprise API and console, choose permission groups in the preceding section, Console permissions.
- To grant the ability to create and annotate assessments, include the
permission(s) in the role
roles/recaptchaenterprise.agent
in the section Roles.
For more information on custom roles, go to Creating and managing custom roles.