This page lists the permissions required by Google Distributed Cloud connected and the Identity and Access Management (IAM) roles that encapsulate them.
Roles
This section lists the IAM roles that encapsulate Distributed Cloud connected permissions.
Google Cloud project roles for Distributed Cloud connected
The following table lists the Google Cloud project roles and the Distributed Cloud connected permissions that they encapsulate.
| Role | Resources | Permissions |
|---|---|---|
Edge Container Viewerroles/edgecontainer.viewer |
zones, nodes, node pools, clusters, VPN connections |
|
Edge Container Adminroles/edgecontainer.admin |
zones, nodes, node pools, clusters, VPN connections | Includes all permissions from the Edge Container Viewer role, plus the following:
|
Edge Container Machine Userroles/edgecontainer.machineUser |
machines |
|
Edge Container Offline Credential Userroles/edgecontainer.offlineCredentialUser |
clusters |
|
Edge Network Viewerroles/edgenetwork.viewer |
zones, networks, subnets, interconnects, interconnect attachments, routers, locations, operations |
|
Edge Network Adminroles/edgenetwork.admin |
zones, networks, subnets, interconnects, interconnect attachments, routers, operations | Includes all permissions from the Edge Network Viewer role, plus the following:
|
Custom roles
Google Cloud also allows you to create custom roles that encapsulate permissions specific to your business needs, such as the principle of least privilege. For instructions, see Create and manage custom roles.
Permissions
This section lists the permissions required to perform specific operations on Distributed Cloud connected resources.
| Operation and method | Resource | Permission |
|---|---|---|
List regions in the Google Cloud project.locations.list |
regions | edgecontainer.locations.liston the target Google Cloud project |
Get information about a region.locations.get |
regions | edgecontainer.locations.geton the target Google Cloud project |
Create a cluster.clusters.create |
clusters | edgecontainer.clusters.createon the target Google Cloud project |
List clusters in the Google Cloud project.clusters.list |
clusters | edgecontainer.clusters.liston the target Google Cloud project |
Obtain credentials for the cluster.clusters.get |
clusters | edgecontainer.clusters.geton the target Google Cloud project |
Generate an access token for the cluster.clusters.generateAccessToken |
clusters | edgecontainer.clusters.generateAccessTokenon the target Google Cloud project |
Modify a cluster.clusters.update |
clusters | edgecontainer.clusters.updateon the target Google Cloud project |
Upgrade, downgrade, or pin a cluster to a specific Distributed Cloud software stack version.clusters.upgrade |
clusters | edgecontainer.clusters.upgradeon the target Google Cloud project |
Generate an offline access credential for a local control plane cluster.clusters.generateOfflineCredential |
clusters | edgecontainer.clusters.generateOfflineCredentialon the target Google Cloud project |
Delete a cluster.clusters.delete |
clusters | edgecontainer.clusters.deleteon the target Google Cloud project |
Create a node pool.nodePools.create |
node pools | edgecontainer.nodePools.createon the target Google Cloud project |
List node pools in the Google Cloud project.nodePools.list |
node pools | edgecontainer.nodePools.liston the target Google Cloud project |
Get information about a node pool.nodePools.get |
node pools | edgecontainer.nodePools.geton the target Google Cloud project |
Modify a node pool.nodePools.update |
node pools | edgecontainer.nodePools.updateon the target Google Cloud project |
Delete a node pool.nodePools.delete |
node pools | edgecontainer.nodePools.deleteon the target Google Cloud project |
Create a node (machine).machines.create |
nodes | edgecontainer.machines.createon the target Google Cloud project |
List nodes (machines) in the Google Cloud project.machines.list |
nodes | edgecontainer.machines.liston the target Google Cloud project |
Get information about a node (machine).machines.get |
nodes | edgecontainer.machines.geton the target Google Cloud project |
Modify a node (machine).machines.update |
nodes | edgecontainer.machines.updateon the target Google Cloud project |
Deploy a workload to a node (machine).machines.use |
nodes | edgecontainer.machines.useon the target Google Cloud project |
Delete a node (machine).machines.delete |
nodes | edgecontainer.machines.deleteon the target Google Cloud project |
List workloads deployed in a zone.operations.list |
operations | edgecontainer.operations.liston the target Google Cloud project |
Get information about a workload.operations.get |
operations | edgecontainer.operations.geton the target Google Cloud project |
Cancel a workload in progress.operations.cancel |
operations | edgecontainer.operations.cancelon the target Google Cloud project |
Delete a workload.operations.delete |
operations | edgecontainer.operations.deleteon the target Google Cloud project |
Get the server configuration for a cluster.serverconfig.get |
serverconfig | edgecontainer.serverconfig.geton the target Google Cloud project |
Create a VPN connection.vpnConnections.create |
VPN connections | edgecontainer.vpnConnections.createon the target Google Cloud project |
List VPN connections in the Google Cloud project.vpnConnections.list |
VPN connections | edgecontainer.vpnConnections.liston the target Google Cloud project |
Get information about a VPN connection.vpnConnections.get |
VPN connections | edgecontainer.vpnConnections.geton the target Google Cloud project |
Modify a VPN connection.vpnConnections.update |
VPN connections | edgecontainer.vpnConnections.updateon the target Google Cloud project |
Delete a VPN connection.vpnConnections.delete |
VPN connections | edgecontainer.vpnConnections.deleteon the target Google Cloud project |
List zones in the Google Cloud project.zones.list |
zones | edgenetwork.zones.liston the target machine Google Cloud project |
Get information about a zone.zones.get |
zones | edgenetwork.zones.geton the target machine Google Cloud project |
Initialize a zone.zones.initialize |
zones | edgenetwork.zones.initializeon the target machine Google Cloud project |
Create a network.networks.create |
networks | edgenetwork.networks.createon the target machine Google Cloud project |
List networks in the Google Cloud project.networks.list |
networks | edgenetwork.networks.liston the target machine Google Cloud project |
Get information about a network.networks.get |
networks | edgenetwork.networks.geton the target machine Google Cloud project |
Get status about a network.networks.getStatus |
networks | edgenetwork.networks.getStatuson the target machine Google Cloud project |
Delete a network.networks.delete |
networks | edgenetwork.networks.deleteon the target machine Google Cloud project |
Create a subnet.subnetworks.create |
subnets | edgenetwork.subnetworks.createon the target machine Google Cloud project |
List subnets in the Google Cloud project.subnetworks.list |
subnets | edgenetwork.subnetworks.liston the target machine Google Cloud project |
Get information about a subnet.subnetworks.get |
subnets | edgenetwork.subnetworks.geton the target machine Google Cloud project |
Delete a subnet.subnetworks.delete |
subnets | edgenetwork.subnetworks.deleteon the target machine Google Cloud project |
List interconnects in the Google Cloud project.interconnects.list |
interconnects | edgenetwork.interconnects.liston the target machine Google Cloud project |
Get information about an interconnect.interconnects.get |
interconnects | edgenetwork.interconnects.geton the target machine Google Cloud project |
Get diagnostic information about an interconnect.interconnects.getDiagnostics |
interconnects | edgenetwork.interconnects.getDiagnosticson the target machine Google Cloud project |
Create an interconnect attachment.interconnectAttachments.create |
interconnect attachments | edgenetwork.interconnectAttachments.createon the target machine Google Cloud project |
List interconnect attachments in the Google Cloud project.interconnectAttachments.list |
interconnect attachments | edgenetwork.interconnectAttachments.liston the target machine Google Cloud project |
Get information about an interconnect attachment.interconnectAttachments.get |
interconnect attachments | edgenetwork.interconnectAttachments.geton the target machine Google Cloud project |
Delete an interconnect attachment.interconnectAttachments.delete |
interconnect attachments | edgenetwork.interconnectAttachments.deleteon the target machine Google Cloud project |
Create a router.routers.create |
routers | edgenetwork.routers.createon the target machine Google Cloud project |
List routers in the Google Cloud project.routers.list |
routers | edgenetwork.routers.liston the target machine Google Cloud project |
Get status about a router.routers.getRouterStatus |
routers | edgenetwork.routers.getRouterStatuson the target machine Google Cloud project |
Get information about a router.routers.get |
routers | edgenetwork.routers.geton the target machine Google Cloud project |
Modify a router.routers.update |
routers | edgenetwork.routers.updateon the target machine Google Cloud project |
Delete a router.routers.delete |
routers | edgenetwork.routers.deleteon the target machine Google Cloud project |
List workloads deployed in a zone.operations.list |
operations | edgenetwork.operations.liston the target machine Google Cloud project |
Get information about a workload.operations.get |
operations | edgenetwork.operations.geton the target machine Google Cloud project |
Cancel a workload in progress.operations.cancel |
operations | edgenetwork.operations.cancelon the target machine Google Cloud project |
Delete a workload.operations.delete |
operations | edgenetwork.operations.deleteon the target machine Google Cloud project |
List locations in the machine Google Cloud project.locations.list |
locations | edgenetwork.locations.liston the target machine Google Cloud project |
Get information about a location.locations.get |
locations | edgenetwork.locations.geton the target machine Google Cloud project |