The following table describes the roles that are required to install Anthos Service Mesh.
| Role name | Role ID | Description |
|---|---|---|
| Project Editor | roles/editor | Permissions for actions that modify state, such as changing existing resources. |
| Compute Admin | roles/compute.admin | Full control of all Compute Engine resources. |
| Kubernetes Engine Admin | roles/container.admin | Provides access to full management of Container Clusters and their Kubernetes API objects. |
| Project IAM Admin | roles/resourcemanager.projectIamAdmin | Provides permissions to administer IAM policies on projects. |
| Service Account Admin | roles/iam.serviceAccountAdmin | Create and manage service accounts. |
| Service Account Key Admin | roles/iam.serviceAccountKeyAdmin | Create and manage (and rotate) service account keys. |
| GKE Hub Admin (Beta) | roles/gkehub.admin | Full access to GKE Hubs and related resources. |
What's next
For a list of the specific permissions in each role, copy the role and search for it Understanding roles.
To learn more about how to grant IAM roles, see Granting, changing, and revoking access to resources.