To enable the Video Stitcher API for your project, please reach out to your Account Representative or contact Sales to learn more.

Access control with IAM

Overview

The Video Stitcher API uses Identity and Access Management (IAM) for access control.

You can configure access control for the Video Stitcher API at the project level. For example, you can grant access for developers to list and get all CDN keys registered within a project.

For a detailed description of IAM and its features, see the IAM documentation. In particular, see the section on managing IAM policies.

Every Video Stitcher API method requires the caller to have the necessary permissions. For more information, see Permissions and Roles.

Permissions

This section summarizes the Video Stitcher API permissions that IAM supports.

Required permissions

The following tables list the IAM permissions that are associated with the Video Stitcher API.

CDN keys method	Required permissions
`cdnKeys.create`	`videostitcher.cdnKeys.create` on the parent Google Cloud project.
`cdnKeys.delete`	`videostitcher.cdnKeys.delete` on the CDN key resource.
`cdnKeys.get`	`videostitcher.cdnKeys.get` on the CDN key resource.
`cdnKeys.list`	`videostitcher.cdnKeys.list` on the parent Google Cloud project.
`cdnKeys.update`	`videostitcher.cdnKeys.update` on the CDN key resource.

Live configs method	Required permissions
`liveConfigs.create`	`videostitcher.liveConfigs.create` on the parent Google Cloud project.
`liveConfigs.delete`	`videostitcher.liveConfigs.delete` on the live config resource.
`liveConfigs.get`	`videostitcher.liveConfigs.get` on the live config resource.
`liveConfigs.list`	`videostitcher.liveConfigs.list` on the parent Google Cloud project.
`liveConfigs.update`	`videostitcher.liveConfigs.update` on the live config resource.

VOD configs method	Required permissions
`vodConfigs.create`	`videostitcher.vodConfigs.create` on the parent Google Cloud project.
`vodConfigs.delete`	`videostitcher.vodConfigs.delete` on the VOD config resource.
`vodConfigs.get`	`videostitcher.vodConfigs.get` on the VOD config resource.
`vodConfigs.list`	`videostitcher.vodConfigs.list` on the parent Google Cloud project.
`vodConfigs.update`	`videostitcher.vodConfigs.update` on the VOD config resource.

Slates method	Required permissions
`slates.create`	`videostitcher.slates.create` on the parent Google Cloud project.
`slates.delete`	`videostitcher.slates.delete` on the slate resource.
`slates.get`	`videostitcher.slates.get` on the slate resource.
`slates.list`	`videostitcher.slates.list` on the parent Google Cloud project.
`slates.update`	`videostitcher.slates.update` on the slate resource.

Live sessions method	Required permissions
`liveSessions.create`	`videostitcher.liveSessions.create` on the parent Google Cloud project.
`liveSessions.get`	`videostitcher.liveSessions.get` on the live session resource.

Live ad tag details method	Required permissions
`liveSessions.liveAdTagDetails.get`	`videostitcher.liveAdTagDetails.get` on the live ad tag detail resource.
`liveSessions.liveAdTagDetails.list`	`videostitcher.liveAdTagDetails.list` on the parent Google Cloud project.

VOD sessions method	Required permissions
`vodSessions.create`	`videostitcher.vodSessions.create` on the parent Google Cloud project.
`vodSessions.get`	`videostitcher.vodSessions.get` on the VOD session resource.

VOD ad tag details method	Required permissions
`vodSessions.vodAdTagDetails.get`	`videostitcher.vodAdTagDetails.get` on the VOD ad tag detail resource.
`vodSessions.vodAdTagDetails.list`	`videostitcher.vodAdTagDetails.list` on the parent Google Cloud project.

VOD stitch details method	Required permissions
`vodSessions.vodStitchDetails.get`	`videostitcher.vodStitchDetails.get` on the VOD stitch detail resource.
`vodSessions.vodStitchDetails.list`	`videostitcher.vodStitchDetails.list` on the parent Google Cloud project.

Roles

The following table lists the Video Stitcher API IAM roles, including the permissions associated with each role:

IAM role Permissions

IAM role	Permissions
Video Stitcher Viewer (`roles/videostitcher.viewer`) Read-only access to video stitcher resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `videostitcher.cdnKeys.get` `videostitcher.cdnKeys.list` `videostitcher.liveAdTagDetails.` `videostitcher.liveAdTagDetails.get` `videostitcher.liveAdTagDetails.list` `videostitcher.liveConfigs.get` `videostitcher.liveConfigs.list` `videostitcher.liveSessions.get` `videostitcher.operations.get` `videostitcher.operations.list` `videostitcher.slates.get` `videostitcher.slates.list` `videostitcher.vodAdTagDetails.` `videostitcher.vodAdTagDetails.get` `videostitcher.vodAdTagDetails.list` `videostitcher.vodConfigs.get` `videostitcher.vodConfigs.list` `videostitcher.vodSessions.get` `videostitcher.vodStitchDetails.*` `videostitcher.vodStitchDetails.get` `videostitcher.vodStitchDetails.list`
Video Stitcher User (`roles/videostitcher.user`) Full access to video stitcher sessions.	`resourcemanager.projects.get` `resourcemanager.projects.list` `videostitcher.liveSessions.` `videostitcher.liveSessions.create` `videostitcher.liveSessions.get` `videostitcher.vodSessions.` `videostitcher.vodSessions.create` `videostitcher.vodSessions.get`
Video Stitcher Admin (`roles/videostitcher.admin`) Full access to all video stitcher resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `videostitcher.*` `videostitcher.cdnKeys.create` `videostitcher.cdnKeys.delete` `videostitcher.cdnKeys.get` `videostitcher.cdnKeys.list` `videostitcher.cdnKeys.update` `videostitcher.liveAdTagDetails.get` `videostitcher.liveAdTagDetails.list` `videostitcher.liveConfigs.create` `videostitcher.liveConfigs.delete` `videostitcher.liveConfigs.get` `videostitcher.liveConfigs.list` `videostitcher.liveSessions.create` `videostitcher.liveSessions.get` `videostitcher.operations.cancel` `videostitcher.operations.delete` `videostitcher.operations.get` `videostitcher.operations.list` `videostitcher.slates.create` `videostitcher.slates.delete` `videostitcher.slates.get` `videostitcher.slates.list` `videostitcher.slates.update` `videostitcher.vodAdTagDetails.get` `videostitcher.vodAdTagDetails.list` `videostitcher.vodConfigs.create` `videostitcher.vodConfigs.delete` `videostitcher.vodConfigs.get` `videostitcher.vodConfigs.list` `videostitcher.vodConfigs.update` `videostitcher.vodSessions.create` `videostitcher.vodSessions.get` `videostitcher.vodStitchDetails.get` `videostitcher.vodStitchDetails.list`

Video Stitcher Viewer

(roles/videostitcher.viewer)

Read-only access to video stitcher resources.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.cdnKeys.get

videostitcher.cdnKeys.list

videostitcher.liveAdTagDetails.*

videostitcher.liveAdTagDetails.get
videostitcher.liveAdTagDetails.list

videostitcher.liveConfigs.get

videostitcher.liveConfigs.list

videostitcher.liveSessions.get

videostitcher.operations.get

videostitcher.operations.list

videostitcher.slates.get

videostitcher.slates.list

videostitcher.vodAdTagDetails.*

videostitcher.vodAdTagDetails.get
videostitcher.vodAdTagDetails.list

videostitcher.vodConfigs.get

videostitcher.vodConfigs.list

videostitcher.vodSessions.get

videostitcher.vodStitchDetails.*

videostitcher.vodStitchDetails.get
videostitcher.vodStitchDetails.list

Video Stitcher User

(roles/videostitcher.user)

Full access to video stitcher sessions.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.liveSessions.*

videostitcher.liveSessions.create
videostitcher.liveSessions.get

videostitcher.vodSessions.*

videostitcher.vodSessions.create
videostitcher.vodSessions.get

Video Stitcher Admin

(roles/videostitcher.admin)

Full access to all video stitcher resources.

resourcemanager.projects.get

resourcemanager.projects.list

videostitcher.*

videostitcher.cdnKeys.create
videostitcher.cdnKeys.delete
videostitcher.cdnKeys.get
videostitcher.cdnKeys.list
videostitcher.cdnKeys.update
videostitcher.liveAdTagDetails.get
videostitcher.liveAdTagDetails.list
videostitcher.liveConfigs.create
videostitcher.liveConfigs.delete
videostitcher.liveConfigs.get
videostitcher.liveConfigs.list
videostitcher.liveSessions.create
videostitcher.liveSessions.get
videostitcher.operations.cancel
videostitcher.operations.delete
videostitcher.operations.get
videostitcher.operations.list
videostitcher.slates.create
videostitcher.slates.delete
videostitcher.slates.get
videostitcher.slates.list
videostitcher.slates.update
videostitcher.vodAdTagDetails.get
videostitcher.vodAdTagDetails.list
videostitcher.vodConfigs.create
videostitcher.vodConfigs.delete
videostitcher.vodConfigs.get
videostitcher.vodConfigs.list
videostitcher.vodConfigs.update
videostitcher.vodSessions.create
videostitcher.vodSessions.get
videostitcher.vodStitchDetails.get
videostitcher.vodStitchDetails.list

For more information about roles, see Understanding roles.

Recommendations

For the accounts responsible creating live or VOD sessions, the role should be set to roles/videostitcher.user.

For the accounts responsible for managing and editing CDN keys, live configs, VOD configs, and slates, the role should be set to roles/videostitcher.admin.

For the accounts with only access to view and not edit or create CDN keys, live configs, VOD configs, slates, or sessions, the role should be set to roles/videostitcher.viewer.