The following table describes the roles that are required to install Anthos Service Mesh.
|Role name||Role ID||Description|
|Project Editor||roles/editor||Permissions for actions that modify state, such as changing existing resources.|
|Compute Admin||roles/compute.admin||Full control of all Compute Engine resources.|
|Kubernetes Engine Admin||roles/container.admin||Provides access to full management of Container Clusters and their Kubernetes API objects.|
|Project IAM Admin||roles/resourcemanager.projectIamAdmin||Provides permissions to administer Cloud IAM policies on projects.|
|Service Account Admin||roles/iam.serviceAccountAdmin||Create and manage service accounts.|
|Service Account Key Admin||roles/iam.serviceAccountKeyAdmin||Create and manage (and rotate) service account keys.|
|GKE Hub Admin (Beta)||roles/gkehub.admin||Full access to GKE Hubs and related resources.|
For a list of the specific permissions in each role, copy the role and search for it on Understanding roles.