Google Cloud offers Identity and Access Management (IAM) to let you provide more granular access to specific Google Cloud resources and prevent access to other resources. This page describes the roles and permissions for Service Extensions.
IAM lets you adopt the security principle of least privilege so that you need to grant only the necessary access to your resources.
Roles are collections of IAM permissions. To make permissions available to principals, including users, groups, and service accounts, you grant roles to the principals. You can control who has what permissions to which resources by setting IAM policies. IAM policies grant specific roles to principals, thereby giving them certain permissions.
For detailed information about IAM roles, see Roles and permissions.
Predefined roles and permissions for Service Extensions
Service Extensions supports IAM permissions at the project level.
The following table lists Service Extensions IAM roles and the permissions that each role includes.
Roles | Permissions |
Service Extensions Admin ( |
For plugins:
For callouts: |
---|---|
Service Extensions Viewer ( |
For plugins:
For callouts: |
Ensure that you have the required permissions for the other Google Cloud products that you use with Service Extensions.
Manage access control
To set access controls at the project level, follow these steps:
In the Google Cloud console, go to the IAM page.
Select your project.
Click Add.
In New principals, enter the email address of a new principal.
Select the required role.
Click Save.
Verify that the principal is listed with the role that you granted.
Identify the permissions in a role
To determine whether one or more permissions are included in a role, you can use one of the following methods:
- The IAM permissions search reference
- The
gcloud iam roles describe
command - The
roles.get()
method in the IAM API
What's next
- See the Service Extensions overview.
- Learn how to prepare the plugin code to create plugins.
- Learn how to create a plugin.
- Learn how to manage plugins.