Google Cloud offers Identity and Access Management (IAM) to let you provide more granular access to specific Google Cloud resources and prevent access to other resources. This page describes the roles and permissions for Service Extensions.
IAM lets you adopt the security principle of least privilege so that you need to grant only the necessary access to your resources.
Roles are collections of IAM permissions. To make permissions available to principals, including users, groups, and service accounts, you grant roles to the principals. You can control who has what permissions to which resources by setting IAM policies. IAM policies grant specific roles to principals, thereby giving them certain permissions.
For detailed information about IAM roles, see Roles and permissions.
Predefined roles and permissions for Service Extensions
Service Extensions supports IAM permissions at the project level.
The following table lists Service Extensions IAM roles and the permissions that each role includes.
Service Extensions Admin
Service Extensions Viewer
Ensure that you have the required permissions for the other Google Cloud products that you use with Service Extensions.
Manage access control
To set access controls at the project level, follow these steps:
In the Google Cloud console, go to the IAM page.
Select your project.
In New principals, enter the email address of a new principal.
Select the required role.
Verify that the principal is listed with the role that you granted.
Identify the permissions in a role
To determine whether one or more permissions are included in a role, you can use one of the following methods:
- The IAM permissions search reference
gcloud iam roles describecommand
roles.get()method in the IAM API
- See the Service Extensions overview.
- Learn how to prepare the plugin code to create plugins.
- Learn how to create a plugin.
- Learn how to manage plugins.