Access Control

Service Usage uses Cloud Identity and Access Management to control access to services. This page explains the Cloud IAM roles and permissions related to Service Usage and how to use them to control access.

Resource model

For Service Usage, there are three relevant resources:

  1. The service you are using.

  2. The project from which you are using the service.

  3. The operation or long-running operation returned by certain methods.

Each Service Usage method requires a permission on one or more of these resources.

Cloud IAM permissions

The following table shows the required permissions for each Service Usage API method. You can also find this information in the API Reference.

Method Required Permission(s)
services.batchEnable On the project:
On the services:
services.enable On the project:
On the service:
services.disable On the project:
services.get On the project:
services.list On the project:

Cloud IAM roles

With Cloud IAM, permissions are granted by binding users to roles. See Understanding Roles for details.

The following table lists the predefined roles that apply to Service Usage.

Role Permissions
roles/editor and