Service Usage uses Identity and Access Management to control access to services. This page explains the IAM roles and permissions related to Service Usage and how to use them to control access.
Resource model
For Service Usage, there are three relevant resources:
The service you are using.
The project from which you are using the service.
The operation or long-running operation returned by certain methods.
Each Service Usage method requires a permission on one or more of these resources.
IAM permissions
The following table shows the required permissions for each Service Usage API method. You can also find this information in the API Reference.
IAM roles
With IAM, permissions are granted by binding users to roles. See Understanding Roles for details.
The following table lists the predefined roles that apply to Service Usage.
Role | Permissions |
---|---|
roles/viewer |
serviceusage.services.get serviceusage.services.list serviceusage.quotas.get |
roles/editor androles/owner |
serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update |
roles/serviceusage.serviceUsageViewer |
serviceusage.services.get serviceusage.services.list serviceusage.quotas.get |
roles/serviceusage.serviceUsageConsumer |
serviceusage.services.get serviceusage.services.list serviceusage.services.use serviceusage.quotas.get |
roles/serviceusage.serviceUsageAdmin |
serviceusage.services.get serviceusage.services.list serviceusage.services.use serviceusage.services.enable serviceusage.services.disable serviceusage.quotas.get serviceusage.quotas.update |
roles/servicemanagement.serviceConsumer |
servicemanagement.services.bind |