Identity and Access Management (IAM) lets you give access to specific resources. To give access to a resource, you grant a specific role to a user, which gives the user certain permissions.
Required roles
Every Workload Manager API method requires the necessary IAM permissions. Permissions are assigned by granting roles to a user, group, or service account. For information about how to grant access to resources, see Manage access.
The following table shows the Workload Manager IAM roles and the permissions granted by those roles.
Workload Manager roles |
Permissions |
Workload Manager Admin Beta( Full access to Workload Manager all resources. |
|
Workload Manager Deployment Admin Beta( Full access to Workload Manager deployment resources. |
|
Workload Manager Deployment Viewer Beta( Read-only access to Workload Manager deployment resources. |
|
Workload Manager Evaluation Admin Beta( Full access to Workload Manager evaluation resources. |
|
Workload Manager Evaluation Viewer Beta( Read-only access to Workload Manager evaluation resources. |
|
Workload Manager Insights Writer Beta( The role used to write data to WLM data warehouse. |
|
Workload Manager Viewer Beta( Read-only access to Workload Manager all resources. |
|
Workload Manager Worker Beta( The role used by Workload Manager application runners to read and update workloads. |
|
Workload Manager Workload Viewer Beta( The role used to view the workload related data. |
|
Workload Manager Service Agent( Gives Workload Manager Service Agent access to CAI export functions and Cloud Monitoring. |
|
For more information about the Workload Manager API, see the Workload Manager API reference.