Transfer Appliance uses Identity and Access Management (IAM) permissions and roles to control who can access Transfer Appliance resources.
To grant access to a resource, you assign one or more permissions or roles to a user, group, or a service account.
We strongly encourage using predefined roles to assign permissions. All of the permissions included in those roles are required by Transfer Appliance and Google Cloud console in order to properly render pages and retrieve or update resources.
Permissions
The following resources exist for Transfer Appliance:
appliancesordersoperationslocations
Appliance permissions
The following table describes permissions for Transfer Appliance appliances
resources:
| Permission | Description |
|---|---|
transferappliance.appliances.list |
Permission to view a list of appliances and information related to them, including the ID, order status, appliance type and model, firmware version, activation status, and connection status. |
transferappliance.appliances.get |
Permission to view detailed information about any appliance. In addition to the information allowed by `transferappliance.appliances.list`, this permission allows access to the appliance's region, transfer job IDs, Cloud Storage destination, encryption type, key resource name, online functionality setting, and detailed order-related information such as tracking number. |
transferappliance.appliances.create |
Permission to create an appliance resource. Required, along with
transferappliance.orders.create, to create and submit an
appliance order. |
transferappliance.appliances.update |
Permission to update any appliance's metadata. |
transferappliance.appliances.delete |
Permission to delete appliance resources that are in a
DRAFT state. |
Order permissions
The following table describes permissions for Transfer Appliance orders
resources:
| Permission | Description |
|---|---|
transferappliance.orders.list |
Permission to list orders. |
transferappliance.orders.get |
Permission to retrieve detailed order information. |
transferappliance.orders.create |
Permission to create an order resource. Required, along with
transferappliance.appliances.create, to create and submit an
appliance order. |
transferappliance.orders.update |
Permission to update an existing order. |
transferappliance.orders.delete |
Permission to delete an order. |
Operation permissions
The following table describes permissions for Transfer Appliance operations
resources:
| Permission | Description |
|---|---|
transferappliance.operations.list |
Permission to list operations. |
transferappliance.operations.get |
Permission to retrieve detailed operation information. |
transferappliance.operations.cancel |
Permission to cancel an existing operation. |
transferappliance.operations.delete |
Permission to delete an operation. |
Location permissions
The following table describes permissions for Transfer Appliance locations
resources:
| Permission | Description |
|---|---|
transferappliance.orders.list |
Permission to list locations. |
transferappliance.orders.get |
Permission to retrieve detailed location information. |
Predefined roles
This section describes the predefined roles for Storage Transfer Service. Roles are the preferred way of setting IAM permissions.
Role details
The following table describes in detail the predefined roles for Storage Transfer Service:
| Role | Description | Included Permissions | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Transfer Appliance Admin ( roles/transferappliance.)
|
Provides all Transfer Appliance permissions, including the ability to order new appliances and update existing appliance metadata. |
|
||||||||||
|
Transfer Appliance Viewer ( roles/transferappliance.)
|
Grants the required permissions for read-only access to all Transfer Appliance resources. |
|