This page describes how to set access control on your Runtime Configurator resources using Google Identity and Access Management. For information about Runtime Configurator, read the Runtime Configurator Fundamentals.
Before you begin
- If you want to use the command-line examples in this guide, install the `gcloud` command-line tool.
- If you want to use the API examples in this guide, set up API access.
- Understand Google Cloud console projects.
- Understand Google Identity and Access Management.
IAM Roles
Runtime Configurator supports basic roles for its resources. That means you can grant either the owner, editor, or viewer role to give other users the right amount of access to Runtime Configurator resources. You must grant these permissions on the project level or on the Config resource level.
There are no predefined roles for Runtime Configurator.
Permissions
With IAM, Each API method requires a specific permission in order to be called. Use the table below to determine which permissions are necessary for the desired API method.
| Method | Required Permission(s) | Roles that allow you to call this method | 
|---|---|---|
| projects.configs.create | runtimeconfig.configs.create | 
 | 
| projects.configs.delete | runtimeconfig.configs.delete | 
 | 
| projects.configs.get | runtimeconfig.configs.get | 
 | 
| projects.configs.list | runtimeconfig.configs.list | 
 | 
| projects.configs.update | runtimeconfig.configs.update | 
 | 
| projects.configs.operations.get | runtimeconfig.configs.operations.get | 
 | 
| projects.configs.variables.create | runtimeconfig.variables.create | 
 | 
| projects.configs.variables.delete | runtimeconfig.variables.delete | 
 | 
| projects.configs.variables.get | runtimeconfig.variables.get | 
 | 
| projects.configs.variables.list | runtimeconfig.variables.list | 
 | 
| projects.configs.variables.update | runtimeconfig.variables.update | 
 | 
| projects.configs.variables.watch | runtimeconfig.variables.watch | 
 | 
| projects.configs.waiters.create | runtimeconfig.waiters.create | 
 | 
| projects.configs.waiters.delete | runtimeconfig.waiters.delete | 
 | 
| projects.configs.waiters.get | runtimeconfig.waiters.get | 
 | 
| projects.configs.waiters.list | runtimeconfig.waiters.list | 
 | 
What's next
- Learn about IAM.
- Learn about basic roles.