Access control with IAM

To get the permissions that you need to fully access Unified Maintenance logs in Cloud Logging, ask your administrator to grant you the following IAM roles on your project:

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to fully access Unified Maintenance logs in Cloud Logging. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to fully access Unified Maintenance logs in Cloud Logging:

  • To view logs: Logs Viewer (roles/logging.viewer)
  • To view alerting policies: Monitoring AlertPolicy Viewer (roles/monitoring.alertPolicyViewer)
  • To create alerting policies:
    • Logs Configuration Writer (roles/logging.configWriter)
    • Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)
  • To edit alerting policies: Monitoring AlertPolicy Editor (roles/monitoring.alertPolicyEditor)
  • To create an alerting policy with a notification: Monitoring NotificationChannel Viewer (roles/monitoring.notificationChannelViewer)

You might also be able to get these permissions with custom roles or other predefined roles.