This page describes how to control access to Workflows resources.
Overview
Workflows uses Identity and Access Management (IAM) for access control.
For a detailed description of IAM and its features, see the IAM overview page. To learn more about using IAM for access control, see Granting, changing, and revoking access to resources.
Every Workflows method requires the caller to have the necessary permissions. For a list of the permissions and roles Workflows supports, see the Roles section.
Workflows permissions
This table describes the permissions available in Workflows.
| Permission | Definition |
|---|---|
workflows.workflows.create |
Create and deploy a new workflow. |
workflows.workflows.delete |
Delete an existing workflow. |
workflows.workflows.list |
List the workflows in a project. |
workflows.workflows.get |
Get a workflow's settings, including source code, labels, and description. |
workflows.workflows.update |
Update a workflow's settings, including its source code, labels, and description. |
workflows.workflows.getIamPolicy |
Get a workflow's IAM policy. |
workflows.workflows.setIamPolicy |
Set a workflow's IAM policy. |
workflows.locations.list |
List the locations where the service is available. |
workflows.locations.get |
Get the location of a workflow. |
workflows.executions.get |
Get the latest state of workflow execution operations. |
workflows.executions.create |
Trigger a workflow execution. |
workflows.executions.list |
List the workflow's execution operations. |
workflows.executions.cancel |
Cancel a workflow execution, without deleting traces. |
workflows.operations.list |
Get a list of long running operations. |
workflows.operations.get |
Get details of long running operations. |
Roles
The following table lists the Workflows predefined IAM roles with a corresponding list of all the permissions each role includes.
The available roles address most typical use cases. If your use case isn't covered by the available roles, you can create a IAM custom role.
| Role | Permissions | Descriptions |
|---|---|---|
roles/workflows.viewer |
workflows.workflows.listworkflows.workflows.getworkflows.locations.listworkflows.locations.getworkflows.operations.getworkflows.operations.listworkflows.executions.getworkflows.executions.listworkflows.workflows. |
View workflows, including the source code, without any write permissions. |
roles/workflows.editor |
workflows.workflows.createworkflows.workflows.deleteworkflows.workflows.listworkflows.workflows.getworkflows.workflows.updateworkflows.locations.listworkflows.locations.getworkflows.executions.createworkflows.executions.getworkflows.executions.listworkflows.executions.cancelworkflows.executions.deleteworkflows.operations.getworkflows.operations.listworkflows.operations.cancelworkflows.workflows. |
Create and update a workflow definition, including changing the source code. |
roles/workflows.invoker |
workflows.executions.createworkflows.executions.cancelworkflows.executions.getworkflows.executions.listworkflows.operations.getworkflows.operations.listworkflows.operations.cancel |
Trigger workflow execution and see results in the logs. |
roles/workflows.admin |
workflows.* |
Administers all workflows within a project. Can create new workflows and set IAM policies. Intended for project administrators. |
What's next
Learn more about IAM.
Learn how to grant, change, and revoke access to resources.
Learn about using custom roles to control access.