This reference details the predefined roles and permissions available in Google Distributed Cloud (GDC) air-gapped. This information is intended for audiences within the platform administrator group (such as IT admins) and the application operator group (such as DevOps teams) when managing access to resources within their deployments. For more information, see Audiences for GDC documentation.
About the predefined role tables
One subject can be bound to multiple roles in the global API server. Permissions are purely additive; there are no deny rules.
The role tables are organized by the level at which the roles are granted:
Each table displays the following role details:
Role name and description: Lists the predefined role name displayed in the user interface (UI), the name of the corresponding Kubernetes custom resource, and a description of the role.
You might see the same UI display name used for different roles. These roles are distinct, each uniquely identified by its Kubernetes custom resource name and set of permissions. This occurs when roles offer related functionalities or different levels of access to a service.
Permissions: Lists the specific API operations the role grants. The scope labels indicate where those operations can be performed, which is determined by which API server manages the target resources:
- Global: Resources managed by the global API server.
- Zonal: Resources managed within a specific zone by the zonal management API server.
- Kubernetes cluster: Resources managed within a Kubernetes cluster by its Kubernetes API server.
For more information on how resources are managed within these scopes, see Global and zonal resources and Kubernetes clusters in GDC.
All roles listed have the role type IAMRole, which is a Kubernetes custom
resource that defines a set of permissions. To grant these permissions to a user
or group, create an IAMRoleBinding resource, which links the user to the
IAMRole. For information on how to set up a role binding, see
Grant and revoke access.
Both IAMRole and IAMRoleBinding resources are managed within the global API
server. This means they are global resources and their bindings are applied
across all zones within your GDC organization. While
roles are defined globally, the permissions they grant are exercised within a
specific context, such as a project. For example, a "project-level role"
grants permissions to resources within a project. Such resources might be
managed at the global, zonal, or Kubernetes cluster scope.
Organization-level roles and permissions
The following roles are granted across an entire organization.
| Role name and description | Permissions |
|---|---|
|
AI Platform Admin ( ai-platform-admin)
Manages the AI Platform UI. |
Zonal
aiplatform/ui.istio.resourcemanager.gdc.goog.create
aiplatform/ui.istio.resourcemanager.gdc.goog.delete aiplatform/ui.istio.resourcemanager.gdc.goog.deletecollection aiplatform/ui.istio.resourcemanager.gdc.goog.get aiplatform/ui.istio.resourcemanager.gdc.goog.list aiplatform/ui.istio.resourcemanager.gdc.goog.patch aiplatform/ui.istio.resourcemanager.gdc.goog.update aiplatform/ui.istio.resourcemanager.gdc.goog.watch |
|
Audit Logs Platform Bucket Viewer ( audit-logs-platform-bucket-viewer)
|
Zonal
buckets.object.gdc.goog.get
buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch secrets.get secrets.list secrets.watch |
|
Audit Logs Platform Restore Bucket Creator ( audit-logs-platform-restore-bucket-creator)
|
Zonal
buckets.object.gdc.goog.create
buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object secrets.get secrets.list secrets.watch |
|
Billing Viewer ( billing-viewer)
Predefined authorization role in the Org Admin Cluster. |
Zonal
skudescriptions.billing.gdc.goog.get
skudescriptions.billing.gdc.goog.list skudescriptions.billing.gdc.goog.watch |
|
Bucket Admin ( bucket-admin)
|
Global
bucketlocations.object.global.gdc.goog.get
bucketlocations.object.global.gdc.goog.list buckets.object.global.gdc.goog.create buckets.object.global.gdc.goog.delete buckets.object.global.gdc.goog.get buckets.object.global.gdc.goog.list buckets.object.global.gdc.goog.patch buckets.object.global.gdc.goog.read-object buckets.object.global.gdc.goog.update buckets.object.global.gdc.goog.watch buckets.object.global.gdc.goog.write-object Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list bucketinfos.object.gdc.goog.patch bucketinfos.object.gdc.goog.update bucketinfos.object.gdc.goog.watch buckets.object.gdc.goog.create buckets.object.gdc.goog.delete buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.patch buckets.object.gdc.goog.read-object buckets.object.gdc.goog.update buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object |
|
Bucket Object Admin ( bucket-object-admin)
|
Global
buckets.object.global.gdc.goog.get
buckets.object.global.gdc.goog.list buckets.object.global.gdc.goog.read-object buckets.object.global.gdc.goog.watch buckets.object.global.gdc.goog.write-object Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list bucketinfos.object.gdc.goog.patch bucketinfos.object.gdc.goog.update bucketinfos.object.gdc.goog.watch buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object |
|
Bucket Object Viewer ( bucket-object-viewer)
|
Global
buckets.object.global.gdc.goog.get
buckets.object.global.gdc.goog.list buckets.object.global.gdc.goog.read-object buckets.object.global.gdc.goog.watch Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch |
|
CTM Key Editor ( ctmkey-editor)
Reads and deletes CTM keys. |
Zonal
ctmkeys.hsm.gdc.goog.delete
ctmkeys.hsm.gdc.goog.get ctmkeys.hsm.gdc.goog.list ctmkeys.hsm.gdc.goog.watch |
|
CTM Key Viewer ( ctmkey-viewer)
Reads CTM keys. |
Zonal
ctmkeys.hsm.gdc.goog.get
ctmkeys.hsm.gdc.goog.list ctmkeys.hsm.gdc.goog.watch |
|
ConfigMap Editor ( observabilitypipeline-configmap-editor)
|
Zonal
configmaps.create
configmaps.get configmaps.list configmaps.patch configmaps.update configmaps.watch |
|
Custom Role Org Admin ( custom-role-org-admin)
|
Global
clusterroles.rbac.authorization.k8s.io.get
customroles.iam.global.gdc.goog.create customroles.iam.global.gdc.goog.delete customroles.iam.global.gdc.goog.get customroles.iam.global.gdc.goog.list customroles.iam.global.gdc.goog.patch customroles.iam.global.gdc.goog.update customroles.iam.global.gdc.goog.watch iamroles.iam.global.gdc.goog.get iamroles.iam.global.gdc.goog.list projects.resourcemanager.global.gdc.goog.list roles.rbac.authorization.k8s.io.get Zonal
clusterroles.rbac.authorization.k8s.io.get
customroles.iam.gdc.goog.create customroles.iam.gdc.goog.delete customroles.iam.gdc.goog.get customroles.iam.gdc.goog.list customroles.iam.gdc.goog.patch customroles.iam.gdc.goog.update customroles.iam.gdc.goog.watch organizationroles.resourcemanager.gdc.goog.get projectroles.resourcemanager.gdc.goog.get projects.resourcemanager.gdc.goog.list roles.rbac.authorization.k8s.io.get |
|
DR Backup Admin ( dr-backup-admin)
|
Zonal
backupplans.backup.gdc.goog.create
backupplans.backup.gdc.goog.delete backupplans.backup.gdc.goog.get backupplans.backup.gdc.goog.list backupplans.backup.gdc.goog.patch backuprepositories.backup.gdc.goog.create backuprepositories.backup.gdc.goog.delete backuprepositories.backup.gdc.goog.get backuprepositories.backup.gdc.goog.list backuprepositories.backup.gdc.goog.patch backups.backup.gdc.goog.get backups.backup.gdc.goog.list manualbackuprequests.backup.gdc.goog.create manualbackuprequests.backup.gdc.goog.delete manualbackuprequests.backup.gdc.goog.get manualbackuprequests.backup.gdc.goog.list manualbackuprequests.backup.gdc.goog.patch |
|
DR System Admin ( dr-system-admin)
|
Zonal
buckets.object.gdc.goog.create
buckets.object.gdc.goog.delete buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.patch buckets.object.gdc.goog.read-object buckets.object.gdc.goog.update buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.patch rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.patch roles.rbac.authorization.k8s.io.watch secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch serviceaccounts.create serviceaccounts.delete serviceaccounts.get serviceaccounts.list serviceaccounts.patch serviceaccounts.update serviceaccounts.watch |
|
Dashboard PA Creator ( dashboard-pa-creator)
|
Zonal
dashboards.observability.gdc.goog.create
dashboards.observability.gdc.goog.get dashboards.observability.gdc.goog.list dashboards.observability.gdc.goog.watch |
|
Dashboard PA Editor ( dashboard-pa-editor)
|
Zonal
dashboards.observability.gdc.goog.delete
dashboards.observability.gdc.goog.get dashboards.observability.gdc.goog.list dashboards.observability.gdc.goog.patch dashboards.observability.gdc.goog.update dashboards.observability.gdc.goog.watch |
|
Dashboard PA Viewer ( dashboard-pa-viewer)
|
Zonal
dashboards.observability.gdc.goog.get
dashboards.observability.gdc.goog.list dashboards.observability.gdc.goog.watch |
|
Flow Log Admin ( flowlog-admin)
|
Zonal
flowlogs.networking.gdc.goog.create
flowlogs.networking.gdc.goog.delete flowlogs.networking.gdc.goog.get flowlogs.networking.gdc.goog.list flowlogs.networking.gdc.goog.patch flowlogs.networking.gdc.goog.update flowlogs.networking.gdc.goog.watch flowlogs/status.networking.gdc.goog.create flowlogs/status.networking.gdc.goog.delete flowlogs/status.networking.gdc.goog.get flowlogs/status.networking.gdc.goog.list flowlogs/status.networking.gdc.goog.patch flowlogs/status.networking.gdc.goog.update flowlogs/status.networking.gdc.goog.watch |
|
Flow Log Viewer ( flowlog-viewer)
|
Zonal
flowlogs.networking.gdc.goog.get
flowlogs.networking.gdc.goog.list flowlogs.networking.gdc.goog.watch flowlogs/status.networking.gdc.goog.get flowlogs/status.networking.gdc.goog.list flowlogs/status.networking.gdc.goog.watch |
|
GDCHRestrictByAttributes Policy Admin ( gdchrestrictbyattributes-policy-admin)
|
Global
gdchrestrictbyattributes.constraints.global.gatekeeper.sh.create
gdchrestrictbyattributes.constraints.global.gatekeeper.sh.delete gdchrestrictbyattributes.constraints.global.gatekeeper.sh.get gdchrestrictbyattributes.constraints.global.gatekeeper.sh.list gdchrestrictbyattributes.constraints.global.gatekeeper.sh.patch gdchrestrictbyattributes.constraints.global.gatekeeper.sh.update Zonal
gdchrestrictbyattributes.constraints.gatekeeper.sh.create
gdchrestrictbyattributes.constraints.gatekeeper.sh.delete gdchrestrictbyattributes.constraints.gatekeeper.sh.get gdchrestrictbyattributes.constraints.gatekeeper.sh.list gdchrestrictbyattributes.constraints.gatekeeper.sh.patch gdchrestrictbyattributes.constraints.gatekeeper.sh.update gdchrestrictbyattributes.constraints.global.gatekeeper.sh.create gdchrestrictbyattributes.constraints.global.gatekeeper.sh.delete gdchrestrictbyattributes.constraints.global.gatekeeper.sh.get gdchrestrictbyattributes.constraints.global.gatekeeper.sh.list gdchrestrictbyattributes.constraints.global.gatekeeper.sh.patch gdchrestrictbyattributes.constraints.global.gatekeeper.sh.update |
|
GDCHRestrictedService Policy Admin ( gdchrestrictedservice-policy-admin)
|
Global
gdchrestrictedservice.constraints.global.gatekeeper.sh.create
gdchrestrictedservice.constraints.global.gatekeeper.sh.delete gdchrestrictedservice.constraints.global.gatekeeper.sh.get gdchrestrictedservice.constraints.global.gatekeeper.sh.list gdchrestrictedservice.constraints.global.gatekeeper.sh.patch gdchrestrictedservice.constraints.global.gatekeeper.sh.update Zonal
gdchrestrictedservice.constraints.gatekeeper.sh.create
gdchrestrictedservice.constraints.gatekeeper.sh.delete gdchrestrictedservice.constraints.gatekeeper.sh.get gdchrestrictedservice.constraints.gatekeeper.sh.list gdchrestrictedservice.constraints.gatekeeper.sh.patch gdchrestrictedservice.constraints.gatekeeper.sh.update gdchrestrictedservice.constraints.global.gatekeeper.sh.create gdchrestrictedservice.constraints.global.gatekeeper.sh.delete gdchrestrictedservice.constraints.global.gatekeeper.sh.get gdchrestrictedservice.constraints.global.gatekeeper.sh.list gdchrestrictedservice.constraints.global.gatekeeper.sh.patch gdchrestrictedservice.constraints.global.gatekeeper.sh.update |
|
Identity Provider Federation Admin ( idp-federation-admin)
Manages the identity provider configurations |
Global
identityproviderconfigs.iam.global.gdc.goog.create
identityproviderconfigs.iam.global.gdc.goog.delete identityproviderconfigs.iam.global.gdc.goog.get identityproviderconfigs.iam.global.gdc.goog.list identityproviderconfigs.iam.global.gdc.goog.patch identityproviderconfigs.iam.global.gdc.goog.update secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update Zonal
identityproviderconfigs.iam.gdc.goog.create
identityproviderconfigs.iam.gdc.goog.delete identityproviderconfigs.iam.gdc.goog.get identityproviderconfigs.iam.gdc.goog.list identityproviderconfigs.iam.gdc.goog.patch identityproviderconfigs.iam.gdc.goog.update secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update |
|
Infra PKI Admin ( infra-pki-admin)
|
Zonal
certificateauthorities.pki.security.gdc.goog.create
certificateauthorities.pki.security.gdc.goog.delete certificateauthorities.pki.security.gdc.goog.get certificateauthorities.pki.security.gdc.goog.list certificateauthorities.pki.security.gdc.goog.patch certificateauthorities.pki.security.gdc.goog.update certificateauthorities.pki.security.gdc.goog.watch certificateissuers.pki.security.gdc.goog.create certificateissuers.pki.security.gdc.goog.delete certificateissuers.pki.security.gdc.goog.get certificateissuers.pki.security.gdc.goog.list certificateissuers.pki.security.gdc.goog.patch certificateissuers.pki.security.gdc.goog.update certificateissuers.pki.security.gdc.goog.watch secrets.get secrets.list |
|
Interconnect Admin ( interconnect-admin-mp)
Create and manage InterconnectAttachment and AttachmentGroup resources. |
Zonal
attachmentgroups.system.private.gdc.goog.create
attachmentgroups.system.private.gdc.goog.delete attachmentgroups.system.private.gdc.goog.get attachmentgroups.system.private.gdc.goog.list attachmentgroups.system.private.gdc.goog.patch attachmentgroups.system.private.gdc.goog.update attachmentgroups.system.private.gdc.goog.watch interconnectattachments.system.private.gdc.goog.create interconnectattachments.system.private.gdc.goog.delete interconnectattachments.system.private.gdc.goog.get interconnectattachments.system.private.gdc.goog.list interconnectattachments.system.private.gdc.goog.patch interconnectattachments.system.private.gdc.goog.update interconnectattachments.system.private.gdc.goog.watch |
|
KMS Rotation Job Admin ( kms-rotationjob-admin)
Manages RotationJob resources for an organization. |
Zonal
rotationjobs.kms.gdc.goog.create
rotationjobs.kms.gdc.goog.delete rotationjobs.kms.gdc.goog.get rotationjobs.kms.gdc.goog.list rotationjobs.kms.gdc.goog.patch rotationjobs.kms.gdc.goog.update rotationjobs.kms.gdc.goog.watch |
|
Log Querier ( log-query-api-querier-pa)
Access the Log Query API to query PA logs in platform-obs project. |
Zonal
labels.goog.gdc.logging.v1.get
labels.goog.gdc.logging.v1.list labelvalues.goog.gdc.logging.v1.get labelvalues.goog.gdc.logging.v1.list listlabelsrequests.goog.gdc.logging.v1.get listlabelsrequests.goog.gdc.logging.v1.list listlabelsresponses.goog.gdc.logging.v1.get listlabelsresponses.goog.gdc.logging.v1.list listlabelvaluesrequests.goog.gdc.logging.v1.get listlabelvaluesrequests.goog.gdc.logging.v1.list listlabelvaluesresponses.goog.gdc.logging.v1.get listlabelvaluesresponses.goog.gdc.logging.v1.list listlogsfilters.goog.gdc.logging.v1.get listlogsfilters.goog.gdc.logging.v1.list listlogsrequests.goog.gdc.logging.v1.get listlogsrequests.goog.gdc.logging.v1.list listlogsresponses.goog.gdc.logging.v1.get listlogsresponses.goog.gdc.logging.v1.list logs.goog.gdc.logging.v1.get logs.goog.gdc.logging.v1.list |
|
LoggingRule PA Creator ( loggingrule-pa-creator)
|
Zonal
loggingrules.logging.gdc.goog.create
loggingrules.logging.gdc.goog.get loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.watch |
|
LoggingRule PA Editor ( loggingrule-pa-editor)
|
Zonal
loggingrules.logging.private.gdc.goog.delete
loggingrules.logging.private.gdc.goog.get loggingrules.logging.private.gdc.goog.list loggingrules.logging.private.gdc.goog.patch loggingrules.logging.private.gdc.goog.update loggingrules.logging.private.gdc.goog.watch |
|
LoggingRule PA Viewer ( loggingrule-pa-viewer)
|
Zonal
loggingrules.logging.gdc.goog.get
loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.watch |
|
LoggingTarget PA Creator ( loggingtarget-pa-creator)
|
Zonal
loggingtargets.logging.gdc.goog.create
loggingtargets.logging.gdc.goog.get loggingtargets.logging.gdc.goog.list loggingtargets.logging.gdc.goog.watch |
|
LoggingTarget PA Editor ( loggingtarget-pa-editor)
|
Zonal
loggingtargets.logging.private.gdc.goog.delete
loggingtargets.logging.private.gdc.goog.get loggingtargets.logging.private.gdc.goog.list loggingtargets.logging.private.gdc.goog.patch loggingtargets.logging.private.gdc.goog.update loggingtargets.logging.private.gdc.goog.watch |
|
LoggingTarget PA Viewer ( loggingtarget-pa-viewer)
|
Zonal
loggingtargets.logging.gdc.goog.get
loggingtargets.logging.gdc.goog.list loggingtargets.logging.gdc.goog.watch |
|
MP OCLCM Debugger ( mp-oclcm-debugger)
|
Zonal
componentoverrides.lcm.private.gdc.goog.create
componentoverrides.lcm.private.gdc.goog.get componentoverrides.lcm.private.gdc.goog.list componentoverrides.lcm.private.gdc.goog.patch componentoverrides.lcm.private.gdc.goog.update componentrollouts.lcm.private.gdc.goog.get componentrollouts.lcm.private.gdc.goog.list componentrollouts.lcm.private.gdc.goog.patch componentrollouts.lcm.private.gdc.goog.update components.lcm.private.gdc.goog.create components.lcm.private.gdc.goog.get components.lcm.private.gdc.goog.list subcomponentoverrides.lcm.private.gdc.goog.create subcomponentoverrides.lcm.private.gdc.goog.get subcomponentoverrides.lcm.private.gdc.goog.list subcomponentoverrides.lcm.private.gdc.goog.patch subcomponentoverrides.lcm.private.gdc.goog.update subcomponents.lcm.private.gdc.goog.get subcomponents.lcm.private.gdc.goog.list subcomponents.lcm.private.gdc.goog.patch subcomponents.lcm.private.gdc.goog.update |
|
MP OCLCM Viewer ( mp-oclcm-viewer)
|
Zonal
componentoverrides.lcm.private.gdc.goog.get
componentoverrides.lcm.private.gdc.goog.list componentrollouts.lcm.private.gdc.goog.get componentrollouts.lcm.private.gdc.goog.list components.lcm.private.gdc.goog.get components.lcm.private.gdc.goog.list subcomponentoverrides.lcm.private.gdc.goog.get subcomponentoverrides.lcm.private.gdc.goog.list subcomponents.lcm.private.gdc.goog.get subcomponents.lcm.private.gdc.goog.list |
|
Marketplace Artifact Uploader ( marketplace-artifact-uploader)
Views marketplace Harbor instance and creates Harbor projects. |
Zonal
harborinstanceprojects.artifactregistry.gdc.goog.create
harborinstanceprojects.artifactregistry.gdc.goog.get harborinstanceprojects.artifactregistry.gdc.goog.list harborinstanceprojects.artifactregistry.gdc.goog.watch harborinstances.artifactregistry.gdc.goog.get harborinstances.artifactregistry.gdc.goog.list harborinstances.artifactregistry.gdc.goog.watch |
|
Marketplace Catalog Publisher ( marketplace-catalog-publisher)
Views, lists, creates, updates and deletes service catalog bindings. |
Zonal
projects.resourcemanager.gdc.goog.get
projects.resourcemanager.gdc.goog.list projects.resourcemanager.gdc.goog.watch servicecatalogbindings.marketplace.global.gdc.goog.create servicecatalogbindings.marketplace.global.gdc.goog.delete servicecatalogbindings.marketplace.global.gdc.goog.get servicecatalogbindings.marketplace.global.gdc.goog.list servicecatalogbindings.marketplace.global.gdc.goog.patch servicecatalogbindings.marketplace.global.gdc.goog.update servicecatalogbindings.marketplace.global.gdc.goog.watch |
|
MonitoringRule PA Creator ( monitoringrule-pa-creator)
|
Zonal
monitoringrules.monitoring.gdc.goog.create
monitoringrules.monitoring.gdc.goog.get monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.watch |
|
MonitoringRule PA Editor ( monitoringrule-pa-editor)
|
Zonal
monitoringrules.monitoring.gdc.goog.delete
monitoringrules.monitoring.gdc.goog.get monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.patch monitoringrules.monitoring.gdc.goog.update monitoringrules.monitoring.gdc.goog.watch |
|
MonitoringRule PA Viewer ( monitoringrule-pa-viewer)
|
Zonal
monitoringrules.monitoring.gdc.goog.get
monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.watch |
|
MonitoringTarget PA Creator ( monitoringtarget-pa-creator)
|
Zonal
monitoringtargets.monitoring.gdc.goog.create
monitoringtargets.monitoring.gdc.goog.get monitoringtargets.monitoring.gdc.goog.list monitoringtargets.monitoring.gdc.goog.watch |
|
MonitoringTarget PA Editor ( monitoringtarget-pa-editor)
|
Zonal
monitoringtargets.monitoring.gdc.goog.delete
monitoringtargets.monitoring.gdc.goog.get monitoringtargets.monitoring.gdc.goog.list monitoringtargets.monitoring.gdc.goog.patch monitoringtargets.monitoring.gdc.goog.update monitoringtargets.monitoring.gdc.goog.watch |
|
MonitoringTarget PA Viewer ( monitoringtarget-pa-viewer)
|
Zonal
monitoringtargets.monitoring.gdc.goog.get
monitoringtargets.monitoring.gdc.goog.list monitoringtargets.monitoring.gdc.goog.watch |
|
ObservabilityPipeline PA Creator ( observabilitypipeline-pa-creator)
|
Zonal
observabilitypipelines.observability.gdc.goog.create
observabilitypipelines.observability.gdc.goog.get observabilitypipelines.observability.gdc.goog.list observabilitypipelines.observability.gdc.goog.watch |
|
ObservabilityPipeline PA Editor ( observabilitypipeline-pa-editor)
|
Zonal
observabilitypipelines.observability.gdc.goog.delete
observabilitypipelines.observability.gdc.goog.get observabilitypipelines.observability.gdc.goog.list observabilitypipelines.observability.gdc.goog.patch observabilitypipelines.observability.gdc.goog.update observabilitypipelines.observability.gdc.goog.watch |
|
ObservabilityPipeline PA Viewer ( observabilitypipeline-pa-viewer)
|
Zonal
observabilitypipelines.observability.gdc.goog.get
observabilitypipelines.observability.gdc.goog.list observabilitypipelines.observability.gdc.goog.watch |
|
Org Network Policy Admin ( org-network-policy-admin)
|
Zonal
organizationnetworkpolicies.networking.gdc.goog.*
|
|
Org Session Admin ( org-session-admin)
Grants access to revoke user sessions |
Zonal
iam-admin-session-manager-backend/iam-admin-session-manager-backend.istio.resourcemanager.gdc.goog.*
|
|
Organization Backup Admin ( organization-backup-admin)
|
Zonal
backupplans.backup.gdc.goog.create
backupplans.backup.gdc.goog.delete backupplans.backup.gdc.goog.get backupplans.backup.gdc.goog.list backupplans.backup.gdc.goog.watch backuprepositories.backup.gdc.goog.create backuprepositories.backup.gdc.goog.delete backuprepositories.backup.gdc.goog.get backuprepositories.backup.gdc.goog.list backuprepositories.backup.gdc.goog.watch backuprepositorymanagers.backup.gdc.goog.create backuprepositorymanagers.backup.gdc.goog.delete backuprepositorymanagers.backup.gdc.goog.get backuprepositorymanagers.backup.gdc.goog.list backuprepositorymanagers.backup.gdc.goog.patch backuprepositorymanagers.backup.gdc.goog.update backuprepositorymanagers.backup.gdc.goog.watch backups.backup.gdc.goog.get backups.backup.gdc.goog.list backups.backup.gdc.goog.watch clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list deletebackuprequests.backup.gdc.goog.create deletebackuprequests.backup.gdc.goog.delete deletebackuprequests.backup.gdc.goog.get deletebackuprequests.backup.gdc.goog.list deletebackuprequests.backup.gdc.goog.watch manualbackuprequests.backup.gdc.goog.create manualbackuprequests.backup.gdc.goog.delete manualbackuprequests.backup.gdc.goog.get manualbackuprequests.backup.gdc.goog.list manualbackuprequests.backup.gdc.goog.watch secrets.create virtualmachinebackupplans.virtualmachine.gdc.goog.create virtualmachinebackupplans.virtualmachine.gdc.goog.delete virtualmachinebackupplans.virtualmachine.gdc.goog.get virtualmachinebackupplans.virtualmachine.gdc.goog.list virtualmachinebackupplans.virtualmachine.gdc.goog.watch virtualmachinebackupplantemplates.virtualmachine.gdc.goog.create virtualmachinebackupplantemplates.virtualmachine.gdc.goog.delete virtualmachinebackupplantemplates.virtualmachine.gdc.goog.get virtualmachinebackupplantemplates.virtualmachine.gdc.goog.list virtualmachinebackupplantemplates.virtualmachine.gdc.goog.watch virtualmachinebackuprequests.virtualmachine.gdc.goog.create virtualmachinebackuprequests.virtualmachine.gdc.goog.delete virtualmachinebackuprequests.virtualmachine.gdc.goog.get virtualmachinebackuprequests.virtualmachine.gdc.goog.list virtualmachinebackuprequests.virtualmachine.gdc.goog.watch virtualmachinebackups.virtualmachine.gdc.goog.delete virtualmachinebackups.virtualmachine.gdc.goog.get virtualmachinebackups.virtualmachine.gdc.goog.list virtualmachinebackups.virtualmachine.gdc.goog.watch virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.create virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.delete virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.get virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.list virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.watch virtualmachinerestorerequests.virtualmachine.gdc.goog.create virtualmachinerestorerequests.virtualmachine.gdc.goog.delete virtualmachinerestorerequests.virtualmachine.gdc.goog.get virtualmachinerestorerequests.virtualmachine.gdc.goog.list virtualmachinerestorerequests.virtualmachine.gdc.goog.watch virtualmachinerestores.virtualmachine.gdc.goog.delete virtualmachinerestores.virtualmachine.gdc.goog.get virtualmachinerestores.virtualmachine.gdc.goog.list virtualmachinerestores.virtualmachine.gdc.goog.watch volumebackups.backup.gdc.goog.get volumebackups.backup.gdc.goog.list volumebackups.backup.gdc.goog.watch |
|
Organization Billing Account Administrator ( organization-billing-account-admin)
|
Global
billingaccounts.billing.global.gdc.goog.bind
billingaccounts.billing.global.gdc.goog.create billingaccounts.billing.global.gdc.goog.get billingaccounts.billing.global.gdc.goog.list billingaccounts.billing.global.gdc.goog.patch billingaccounts.billing.global.gdc.goog.update billingaccounts.billing.global.gdc.goog.watch Zonal
billingaccountreplicas.billing.global.gdc.goog.create
billingaccountreplicas.billing.global.gdc.goog.get billingaccountreplicas.billing.global.gdc.goog.list billingaccountreplicas.billing.global.gdc.goog.patch billingaccountreplicas.billing.global.gdc.goog.update billingaccountreplicas.billing.global.gdc.goog.watch |
|
Organization Billing Account User ( organization-billing-account-user)
|
Global
billingaccounts.billing.global.gdc.goog.bind
billingaccounts.billing.global.gdc.goog.get billingaccounts.billing.global.gdc.goog.list billingaccounts.billing.global.gdc.goog.watch |
|
Organization Billing Manager ( organization-billing-manager)
|
Global
billingaccountbindings.billing.global.gdc.goog.create
billingaccountbindings.billing.global.gdc.goog.get billingaccountbindings.billing.global.gdc.goog.list billingaccountbindings.billing.global.gdc.goog.patch billingaccountbindings.billing.global.gdc.goog.update billingaccountbindings.billing.global.gdc.goog.watch Zonal
billingaccountbindingreplicas.billing.global.gdc.goog.create
billingaccountbindingreplicas.billing.global.gdc.goog.get billingaccountbindingreplicas.billing.global.gdc.goog.list billingaccountbindingreplicas.billing.global.gdc.goog.patch billingaccountbindingreplicas.billing.global.gdc.goog.update billingaccountbindingreplicas.billing.global.gdc.goog.watch |
|
Organization Cluster Backup Admin ( organization-cluster-backup-admin)
|
Zonal
clusterbackupplans.backup.gdc.goog.create
clusterbackupplans.backup.gdc.goog.delete clusterbackupplans.backup.gdc.goog.get clusterbackupplans.backup.gdc.goog.list clusterbackupplans.backup.gdc.goog.patch clusterbackupplans.backup.gdc.goog.update clusterbackupplans.backup.gdc.goog.watch clusterbackuprepositories.backup.gdc.goog.create clusterbackuprepositories.backup.gdc.goog.delete clusterbackuprepositories.backup.gdc.goog.get clusterbackuprepositories.backup.gdc.goog.list clusterbackuprepositories.backup.gdc.goog.patch clusterbackuprepositories.backup.gdc.goog.update clusterbackuprepositories.backup.gdc.goog.watch clusterbackups.backup.gdc.goog.get clusterbackups.backup.gdc.goog.list clusterbackups.backup.gdc.goog.watch clusterrestoreplans.backup.gdc.goog.create clusterrestoreplans.backup.gdc.goog.delete clusterrestoreplans.backup.gdc.goog.get clusterrestoreplans.backup.gdc.goog.list clusterrestoreplans.backup.gdc.goog.patch clusterrestoreplans.backup.gdc.goog.update clusterrestoreplans.backup.gdc.goog.watch clusterrestores.backup.gdc.goog.create clusterrestores.backup.gdc.goog.delete clusterrestores.backup.gdc.goog.get clusterrestores.backup.gdc.goog.list clusterrestores.backup.gdc.goog.watch clustervolumebackups.backup.gdc.goog.get clustervolumebackups.backup.gdc.goog.list clustervolumebackups.backup.gdc.goog.watch clustervolumerestores.backup.gdc.goog.get clustervolumerestores.backup.gdc.goog.list clustervolumerestores.backup.gdc.goog.watch deleteclusterbackuprequests.backup.gdc.goog.create deleteclusterbackuprequests.backup.gdc.goog.delete deleteclusterbackuprequests.backup.gdc.goog.get deleteclusterbackuprequests.backup.gdc.goog.list deleteclusterbackuprequests.backup.gdc.goog.watch manualclusterbackuprequests.backup.gdc.goog.create manualclusterbackuprequests.backup.gdc.goog.delete manualclusterbackuprequests.backup.gdc.goog.get manualclusterbackuprequests.backup.gdc.goog.list manualclusterbackuprequests.backup.gdc.goog.watch manualclusterrestorerequests.backup.gdc.goog.create manualclusterrestorerequests.backup.gdc.goog.delete manualclusterrestorerequests.backup.gdc.goog.get manualclusterrestorerequests.backup.gdc.goog.list manualclusterrestorerequests.backup.gdc.goog.watch secrets.create |
|
Organization DB Admin ( organization-db-admin)
|
Zonal
backupplans.alloydbomni.dbadmin.gdc.goog.create
backupplans.alloydbomni.dbadmin.gdc.goog.delete backupplans.alloydbomni.dbadmin.gdc.goog.get backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.patch backupplans.alloydbomni.dbadmin.gdc.goog.update backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.create backupplans.oracle.dbadmin.gdc.goog.delete backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.patch backupplans.oracle.dbadmin.gdc.goog.update backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.create backupplans.postgresql.dbadmin.gdc.goog.delete backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.patch backupplans.postgresql.dbadmin.gdc.goog.update backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch configmaps.get dbclusters.alloydbomni.dbadmin.gdc.goog.create dbclusters.alloydbomni.dbadmin.gdc.goog.delete dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.patch dbclusters.alloydbomni.dbadmin.gdc.goog.update dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.create dbclusters.oracle.dbadmin.gdc.goog.delete dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.patch dbclusters.oracle.dbadmin.gdc.goog.update dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.create dbclusters.postgresql.dbadmin.gdc.goog.delete dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.patch dbclusters.postgresql.dbadmin.gdc.goog.update dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.create exports.alloydbomni.dbadmin.gdc.goog.delete exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.create exports.oracle.dbadmin.gdc.goog.delete exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.create exports.postgresql.dbadmin.gdc.goog.delete exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.create externalservers.alloydbomni.dbadmin.gdc.goog.delete externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.patch externalservers.alloydbomni.dbadmin.gdc.goog.update externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.create externalservers.postgresql.dbadmin.gdc.goog.delete externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.patch externalservers.postgresql.dbadmin.gdc.goog.update externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.create failovers.fleet.dbadmin.gdc.goog.delete failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.create imports.alloydbomni.dbadmin.gdc.goog.delete imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.create imports.oracle.dbadmin.gdc.goog.delete imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.create imports.postgresql.dbadmin.gdc.goog.delete imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch maintenancepolicies.fleet.dbadmin.gdc.goog.patch maintenancepolicies.fleet.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.create migrations.alloydbomni.dbadmin.gdc.goog.delete migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.patch migrations.alloydbomni.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.create migrations.postgresql.dbadmin.gdc.goog.delete migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.patch migrations.postgresql.dbadmin.gdc.goog.update migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.create replications.postgresql.dbadmin.gdc.goog.delete replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.patch replications.postgresql.dbadmin.gdc.goog.update replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.create restores.alloydbomni.dbadmin.gdc.goog.delete restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.create restores.oracle.dbadmin.gdc.goog.delete restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.create restores.postgresql.dbadmin.gdc.goog.delete restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch secrets.get softwarelibraries.fleet.dbadmin.gdc.goog.patch softwarelibraries.fleet.dbadmin.gdc.goog.update |
|
Organization Grafana Viewer ( organization-grafana-viewer)
|
Zonal
platform-obs-org-grafana-system/grafana.istio.resourcemanager.gdc.goog.*
|
|
Organization IAM Admin ( organization-iam-admin)
Manages permissions for the organization |
Global
clusterrolebindings.rbac.authorization.k8s.io.create
clusterrolebindings.rbac.authorization.k8s.io.delete clusterrolebindings.rbac.authorization.k8s.io.get clusterrolebindings.rbac.authorization.k8s.io.list clusterrolebindings.rbac.authorization.k8s.io.patch clusterrolebindings.rbac.authorization.k8s.io.update clusterrolebindings.rbac.authorization.k8s.io.watch clusterroles.rbac.authorization.k8s.io.create clusterroles.rbac.authorization.k8s.io.delete clusterroles.rbac.authorization.k8s.io.get clusterroles.rbac.authorization.k8s.io.list clusterroles.rbac.authorization.k8s.io.patch clusterroles.rbac.authorization.k8s.io.update clusterroles.rbac.authorization.k8s.io.watch customroles.iam.global.gdc.goog.create customroles.iam.global.gdc.goog.delete customroles.iam.global.gdc.goog.get customroles.iam.global.gdc.goog.list customroles.iam.global.gdc.goog.patch customroles.iam.global.gdc.goog.update customroles.iam.global.gdc.goog.watch iamrolebindings.iam.global.gdc.goog.create iamrolebindings.iam.global.gdc.goog.delete iamrolebindings.iam.global.gdc.goog.get iamrolebindings.iam.global.gdc.goog.list iamrolebindings.iam.global.gdc.goog.patch iamrolebindings.iam.global.gdc.goog.update iamrolebindings.iam.global.gdc.goog.watch iamroles.iam.global.gdc.goog.create iamroles.iam.global.gdc.goog.delete iamroles.iam.global.gdc.goog.get iamroles.iam.global.gdc.goog.list iamroles.iam.global.gdc.goog.patch iamroles.iam.global.gdc.goog.update iamroles.iam.global.gdc.goog.watch identityproviderconfigs.iam.global.gdc.goog.create identityproviderconfigs.iam.global.gdc.goog.delete identityproviderconfigs.iam.global.gdc.goog.get identityproviderconfigs.iam.global.gdc.goog.list identityproviderconfigs.iam.global.gdc.goog.patch identityproviderconfigs.iam.global.gdc.goog.update identityproviderconfigs.iam.global.gdc.goog.watch projectserviceaccounts.resourcemanager.global.gdc.goog.create projectserviceaccounts.resourcemanager.global.gdc.goog.delete projectserviceaccounts.resourcemanager.global.gdc.goog.get projectserviceaccounts.resourcemanager.global.gdc.goog.list projectserviceaccounts.resourcemanager.global.gdc.goog.patch projectserviceaccounts.resourcemanager.global.gdc.goog.update rolebindings.rbac.authorization.k8s.io.create rolebindings.rbac.authorization.k8s.io.delete rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.patch rolebindings.rbac.authorization.k8s.io.update rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.create roles.rbac.authorization.k8s.io.delete roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.patch roles.rbac.authorization.k8s.io.update roles.rbac.authorization.k8s.io.watch Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterrolebindings.rbac.authorization.k8s.io.create clusterrolebindings.rbac.authorization.k8s.io.delete clusterrolebindings.rbac.authorization.k8s.io.get clusterrolebindings.rbac.authorization.k8s.io.list clusterrolebindings.rbac.authorization.k8s.io.patch clusterrolebindings.rbac.authorization.k8s.io.update clusterrolebindings.rbac.authorization.k8s.io.watch clusterroles.rbac.authorization.k8s.io.create clusterroles.rbac.authorization.k8s.io.delete clusterroles.rbac.authorization.k8s.io.get clusterroles.rbac.authorization.k8s.io.list clusterroles.rbac.authorization.k8s.io.patch clusterroles.rbac.authorization.k8s.io.update clusterroles.rbac.authorization.k8s.io.watch customroles.iam.gdc.goog.create customroles.iam.gdc.goog.delete customroles.iam.gdc.goog.get customroles.iam.gdc.goog.list customroles.iam.gdc.goog.patch customroles.iam.gdc.goog.update customroles.iam.gdc.goog.watch identityproviderconfigs.iam.gdc.goog.create identityproviderconfigs.iam.gdc.goog.delete identityproviderconfigs.iam.gdc.goog.get identityproviderconfigs.iam.gdc.goog.list identityproviderconfigs.iam.gdc.goog.patch identityproviderconfigs.iam.gdc.goog.update identityproviderconfigs.iam.gdc.goog.watch organizationrolebindings.resourcemanager.gdc.goog.create organizationrolebindings.resourcemanager.gdc.goog.delete organizationrolebindings.resourcemanager.gdc.goog.get organizationrolebindings.resourcemanager.gdc.goog.list organizationrolebindings.resourcemanager.gdc.goog.patch organizationrolebindings.resourcemanager.gdc.goog.update organizationrolebindings.resourcemanager.gdc.goog.watch organizationroles.resourcemanager.gdc.goog.create organizationroles.resourcemanager.gdc.goog.delete organizationroles.resourcemanager.gdc.goog.get organizationroles.resourcemanager.gdc.goog.list organizationroles.resourcemanager.gdc.goog.patch organizationroles.resourcemanager.gdc.goog.update organizationroles.resourcemanager.gdc.goog.watch projectrolebindings.resourcemanager.gdc.goog.create projectrolebindings.resourcemanager.gdc.goog.delete projectrolebindings.resourcemanager.gdc.goog.get projectrolebindings.resourcemanager.gdc.goog.list projectrolebindings.resourcemanager.gdc.goog.patch projectrolebindings.resourcemanager.gdc.goog.update projectrolebindings.resourcemanager.gdc.goog.watch projectroles.resourcemanager.gdc.goog.create projectroles.resourcemanager.gdc.goog.delete projectroles.resourcemanager.gdc.goog.get projectroles.resourcemanager.gdc.goog.list projectroles.resourcemanager.gdc.goog.patch projectroles.resourcemanager.gdc.goog.update projectroles.resourcemanager.gdc.goog.watch projectserviceaccounts.resourcemanager.gdc.goog.create projectserviceaccounts.resourcemanager.gdc.goog.delete projectserviceaccounts.resourcemanager.gdc.goog.get projectserviceaccounts.resourcemanager.gdc.goog.list projectserviceaccounts.resourcemanager.gdc.goog.patch projectserviceaccounts.resourcemanager.gdc.goog.update projectserviceaccounts.resourcemanager.gdc.goog.watch rolebindings.rbac.authorization.k8s.io.create rolebindings.rbac.authorization.k8s.io.delete rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.patch rolebindings.rbac.authorization.k8s.io.update rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.create roles.rbac.authorization.k8s.io.delete roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.patch roles.rbac.authorization.k8s.io.update roles.rbac.authorization.k8s.io.watch |
|
Organization IAM Viewer ( organization-iam-viewer)
Grants read access to all resources accessible to the Organization IAM Administrator |
Global
clusterrolebindings.rbac.authorization.k8s.io.get
clusterrolebindings.rbac.authorization.k8s.io.list clusterrolebindings.rbac.authorization.k8s.io.watch clusterroles.rbac.authorization.k8s.io.get clusterroles.rbac.authorization.k8s.io.list clusterroles.rbac.authorization.k8s.io.watch customroles.iam.global.gdc.goog.get customroles.iam.global.gdc.goog.list customroles.iam.global.gdc.goog.watch iamrolebindings.iam.global.gdc.goog.get iamrolebindings.iam.global.gdc.goog.list iamrolebindings.iam.global.gdc.goog.watch iamroles.iam.global.gdc.goog.get iamroles.iam.global.gdc.goog.list iamroles.iam.global.gdc.goog.watch rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.watch Zonal
clusterrolebindings.rbac.authorization.k8s.io.get
clusterrolebindings.rbac.authorization.k8s.io.list clusterrolebindings.rbac.authorization.k8s.io.watch clusterroles.rbac.authorization.k8s.io.get clusterroles.rbac.authorization.k8s.io.list clusterroles.rbac.authorization.k8s.io.watch customroles.iam.gdc.goog.get customroles.iam.gdc.goog.list customroles.iam.gdc.goog.watch organizationrolebindings.resourcemanager.gdc.goog.get organizationrolebindings.resourcemanager.gdc.goog.list organizationrolebindings.resourcemanager.gdc.goog.watch organizationroles.resourcemanager.gdc.goog.get organizationroles.resourcemanager.gdc.goog.list organizationroles.resourcemanager.gdc.goog.watch rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.watch |
|
Organization Quota Administrator ( organization-quota-admin)
Manages Global Quota Resources for an Organization |
Global
quotavalues.quotamanagement.global.gdc.goog.create
quotavalues.quotamanagement.global.gdc.goog.delete quotavalues.quotamanagement.global.gdc.goog.get quotavalues.quotamanagement.global.gdc.goog.list quotavalues.quotamanagement.global.gdc.goog.patch quotavalues.quotamanagement.global.gdc.goog.update quotavalues.quotamanagement.global.gdc.goog.watch |
|
Organization Quota Administrator ( zonal-organization-quota-admin)
Manages Zonal Quota Resources for an Organization |
Zonal
quotavaluereplicas.quotamanagement.global.gdc.goog.create
quotavaluereplicas.quotamanagement.global.gdc.goog.delete quotavaluereplicas.quotamanagement.global.gdc.goog.get quotavaluereplicas.quotamanagement.global.gdc.goog.list quotavaluereplicas.quotamanagement.global.gdc.goog.patch quotavaluereplicas.quotamanagement.global.gdc.goog.update quotavaluereplicas.quotamanagement.global.gdc.goog.watch |
|
Organization Upgrade Viewer ( organization-upgrade-viewer)
|
Zonal
componentreleasemetadata.upgrade.private.gdc.goog.get
componentreleasemetadata.upgrade.private.gdc.goog.list maintenancewindows.upgrade.gdc.goog.get maintenancewindows.upgrade.gdc.goog.list maintenancewindows.upgrade.gdc.goog.watch |
|
Project Creator ( project-creator)
|
Global
projects.resourcemanager.global.gdc.goog.create
projects.resourcemanager.global.gdc.goog.get projects.resourcemanager.global.gdc.goog.list projects.resourcemanager.global.gdc.goog.watch Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list namespaces.create namespaces.get namespaces.list namespaces.watch projectbindings.resourcemanager.gdc.goog.create projects.resourcemanager.gdc.goog.create projects.resourcemanager.gdc.goog.get projects.resourcemanager.gdc.goog.list projects.resourcemanager.gdc.goog.watch |
|
Project Editor ( project-editor)
|
Global
projects.resourcemanager.global.gdc.goog.delete
projects.resourcemanager.global.gdc.goog.get projects.resourcemanager.global.gdc.goog.list projects.resourcemanager.global.gdc.goog.patch projects.resourcemanager.global.gdc.goog.update projects.resourcemanager.global.gdc.goog.watch zones.location.mz.global.private.gdc.goog.get zones.location.mz.global.private.gdc.goog.list zones.location.mz.global.private.gdc.goog.watch Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list namespaces.delete namespaces.get namespaces.list namespaces.watch projectbindings.resourcemanager.gdc.goog.delete projectbindings.resourcemanager.gdc.goog.get projectbindings.resourcemanager.gdc.goog.list projectbindings.resourcemanager.gdc.goog.patch projectbindings.resourcemanager.gdc.goog.update projects.resourcemanager.gdc.goog.delete projects.resourcemanager.gdc.goog.get projects.resourcemanager.gdc.goog.list projects.resourcemanager.gdc.goog.patch projects.resourcemanager.gdc.goog.update projects.resourcemanager.gdc.goog.watch |
|
Project Quota Adjudicator ( project-quota-adjudicator)
Adjudicates Global Project Level Quota Resources of An Organization |
Global
quotavalues.quotamanagement.global.gdc.goog.get
quotavalues.quotamanagement.global.gdc.goog.list quotavalues.quotamanagement.global.gdc.goog.watch |
|
Project Quota Adjudicator ( zonal-project-quota-adjudicator)
Adjudicates Zonal Project Level Quota Resources of An Organization |
Zonal
quotavaluereplicas.quotamanagement.global.gdc.goog.get
quotavaluereplicas.quotamanagement.global.gdc.goog.list quotavaluereplicas.quotamanagement.global.gdc.goog.watch |
|
Subnet Organization Admin ( subnet-org-admin)
|
Global
subnets.ipam.global.gdc.goog.create
subnets.ipam.global.gdc.goog.delete subnets.ipam.global.gdc.goog.get subnets.ipam.global.gdc.goog.list subnets.ipam.global.gdc.goog.manage subnets.ipam.global.gdc.goog.patch subnets.ipam.global.gdc.goog.update subnets.ipam.global.gdc.goog.watch Zonal
subnets.ipam.gdc.goog.create
subnets.ipam.gdc.goog.delete subnets.ipam.gdc.goog.get subnets.ipam.gdc.goog.list subnets.ipam.gdc.goog.manage subnets.ipam.gdc.goog.patch subnets.ipam.gdc.goog.update subnets.ipam.gdc.goog.use subnets.ipam.gdc.goog.watch |
|
Subnet Platform Viewer ( subnet-platform-viewer)
|
Zonal
subnets.ipam.gdc.goog.get
subnets.ipam.gdc.goog.list |
|
System Cluster Backup Repository Admin ( system-cluster-backup-repository-admin)
|
Kubernetes cluster
backuprepositories.backup.gdc.goog.create
backuprepositories.backup.gdc.goog.delete backuprepositories.backup.gdc.goog.get backuprepositories.backup.gdc.goog.list backuprepositories.backup.gdc.goog.watch |
|
System Cluster CRD Viewer ( system-cluster-crd-viewer)
|
Kubernetes cluster
customresourcedefinitions.apiextensions.k8s.io.get
customresourcedefinitions.apiextensions.k8s.io.list |
|
Tag Admin ( tag-admin)
|
Zonal
roles.rbac.authorization.k8s.io.bind
tagkeys.resourcemanager.gdc.goog.bind-tag tagkeys.resourcemanager.gdc.goog.create tagkeys.resourcemanager.gdc.goog.delete tagkeys.resourcemanager.gdc.goog.get tagkeys.resourcemanager.gdc.goog.list tagkeys.resourcemanager.gdc.goog.patch tagkeys.resourcemanager.gdc.goog.update tagvalues.resourcemanager.gdc.goog.bind-tag tagvalues.resourcemanager.gdc.goog.create tagvalues.resourcemanager.gdc.goog.delete tagvalues.resourcemanager.gdc.goog.get tagvalues.resourcemanager.gdc.goog.list tagvalues.resourcemanager.gdc.goog.patch tagvalues.resourcemanager.gdc.goog.update |
|
Transfer Appliance Request Creator ( transfer-appliance-request-creator)
|
Zonal
transferappliancerequests.system.private.gdc.goog.create
transferappliancerequests.system.private.gdc.goog.get transferappliancerequests.system.private.gdc.goog.list transferappliancerequests.system.private.gdc.goog.watch transferappliancerequests/status.system.private.gdc.goog.patch |
|
Trust Store Admin ( trust-store-admin)
|
Zonal
secrets.create
secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch |
|
Trust Store Viewer ( trust-store-viewer)
|
Zonal
secrets.get
|
|
User Cluster Admin ( user-cluster-admin)
|
Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list clusterinfos.resourcemanager.private.gdc.goog.watch clusters.baremetal.cluster.gke.io.get clusters.baremetal.cluster.gke.io.list clusters.baremetal.cluster.gke.io.watch clusters.cluster.gdc.goog.create clusters.cluster.gdc.goog.delete clusters.cluster.gdc.goog.get clusters.cluster.gdc.goog.list clusters.cluster.gdc.goog.patch clusters.cluster.gdc.goog.update clusters.cluster.gdc.goog.watch componentreleasemetadata.upgrade.private.gdc.goog.get componentreleasemetadata.upgrade.private.gdc.goog.list harborclusters.goharbor.io.get inventorymachines.baremetal.cluster.gke.io.get inventorymachines.baremetal.cluster.gke.io.list machineclasses.baremetal.cluster.gke.io.get machineclasses.baremetal.cluster.gke.io.list machineclasses.baremetal.cluster.gke.io.watch nodepoolclaims.baremetal.cluster.gke.io.get nodepoolclaims.baremetal.cluster.gke.io.list nodepoolclaims.baremetal.cluster.gke.io.watch nodepools.baremetal.cluster.gke.io.get nodepools.baremetal.cluster.gke.io.list nodepools.baremetal.cluster.gke.io.watch nodeupgrades.upgrade.private.gdc.goog.create nodeupgrades.upgrade.private.gdc.goog.get nodeupgrades.upgrade.private.gdc.goog.list nodeupgrades.upgrade.private.gdc.goog.patch nodeupgrades.upgrade.private.gdc.goog.update projectbindings.resourcemanager.gdc.goog.create projectbindings.resourcemanager.gdc.goog.delete projectbindings.resourcemanager.gdc.goog.get projectbindings.resourcemanager.gdc.goog.list projectbindings.resourcemanager.gdc.goog.watch projects.resourcemanager.gdc.goog.get projects.resourcemanager.gdc.goog.list projects.resourcemanager.gdc.goog.watch userclustermetadata.upgrade.private.gdc.goog.get userclustermetadata.upgrade.private.gdc.goog.list userclustermetadata.upgrade.private.gdc.goog.watch userclusterupgraderequests.cluster.gdc.goog.create userclusterupgraderequests.cluster.gdc.goog.delete userclusterupgraderequests.cluster.gdc.goog.get userclusterupgraderequests.cluster.gdc.goog.list userclusterupgraderequests.cluster.gdc.goog.patch userclusterupgraderequests.cluster.gdc.goog.update userclusterupgraderequests.cluster.gdc.goog.watch userclusterupgrades.upgrade.private.gdc.goog.create userclusterupgrades.upgrade.private.gdc.goog.delete userclusterupgrades.upgrade.private.gdc.goog.get userclusterupgrades.upgrade.private.gdc.goog.list userclusterupgrades.upgrade.private.gdc.goog.patch userclusterupgrades.upgrade.private.gdc.goog.update userclusterupgrades.upgrade.private.gdc.goog.watch virtualmachinetypes.virtualmachine.gdc.goog.get virtualmachinetypes.virtualmachine.gdc.goog.list virtualmachinetypes.virtualmachine.gdc.goog.watch |
|
User Cluster Backup Admin ( user-cluster-backup-admin)
|
Kubernetes cluster
backupplans.backup.gdc.goog.create
backupplans.backup.gdc.goog.delete backupplans.backup.gdc.goog.get backupplans.backup.gdc.goog.list backupplans.backup.gdc.goog.patch backupplans.backup.gdc.goog.update backupplans.backup.gdc.goog.watch backuprepositories.backup.gdc.goog.create backuprepositories.backup.gdc.goog.delete backuprepositories.backup.gdc.goog.get backuprepositories.backup.gdc.goog.list backuprepositories.backup.gdc.goog.watch backups.backup.gdc.goog.get backups.backup.gdc.goog.list backups.backup.gdc.goog.watch clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list clusterinfos.resourcemanager.private.gdc.goog.watch deletebackuprequests.backup.gdc.goog.create deletebackuprequests.backup.gdc.goog.delete deletebackuprequests.backup.gdc.goog.get deletebackuprequests.backup.gdc.goog.list deletebackuprequests.backup.gdc.goog.watch manualbackuprequests.backup.gdc.goog.create manualbackuprequests.backup.gdc.goog.delete manualbackuprequests.backup.gdc.goog.get manualbackuprequests.backup.gdc.goog.list manualbackuprequests.backup.gdc.goog.watch manualrestorerequests.backup.gdc.goog.create manualrestorerequests.backup.gdc.goog.delete manualrestorerequests.backup.gdc.goog.get manualrestorerequests.backup.gdc.goog.list manualrestorerequests.backup.gdc.goog.watch restoreplans.backup.gdc.goog.create restoreplans.backup.gdc.goog.delete restoreplans.backup.gdc.goog.get restoreplans.backup.gdc.goog.list restoreplans.backup.gdc.goog.patch restoreplans.backup.gdc.goog.update restoreplans.backup.gdc.goog.watch restores.backup.gdc.goog.create restores.backup.gdc.goog.delete restores.backup.gdc.goog.get restores.backup.gdc.goog.list restores.backup.gdc.goog.watch volumebackups.backup.gdc.goog.get volumebackups.backup.gdc.goog.list volumebackups.backup.gdc.goog.watch volumerestores.backup.gdc.goog.get volumerestores.backup.gdc.goog.list volumerestores.backup.gdc.goog.watch |
|
User Cluster CRD Viewer ( user-cluster-crd-viewer)
|
Kubernetes cluster
customresourcedefinitions.apiextensions.k8s.io.get
customresourcedefinitions.apiextensions.k8s.io.list |
|
User Cluster Developer ( user-cluster-developer)
|
Kubernetes cluster
*.constraints.gatekeeper.sh.get
*.constraints.gatekeeper.sh.list *.templates.gatekeeper.sh/v1.get *.templates.gatekeeper.sh/v1.list apiservices.apiregistration.k8s.io.get apiservices.apiregistration.k8s.io.list backupjobs.gkebackup.gke.io.get backupjobs.gkebackup.gke.io.list backuprepositories.backup.gdc.goog.get backuprepositories.backup.gdc.goog.list certificatesigningrequests.certificates.k8s.io.get certificatesigningrequests.certificates.k8s.io.list ciliumclusterwidenetworkpolicies.cilium.io.get ciliumclusterwidenetworkpolicies.cilium.io.list ciliumegressgatewaypolicies.cilium.io.get ciliumegressgatewaypolicies.cilium.io.list ciliumegressnatpolicies.cilium.io.get ciliumegressnatpolicies.cilium.io.list ciliumexternalworkloads.cilium.io.get ciliumexternalworkloads.cilium.io.list ciliumidentities.cilium.io.get ciliumidentities.cilium.io.list ciliumnodes.cilium.io.get ciliumnodes.cilium.io.list clustercidrconfigs.networking.gke.io.get clustercidrconfigs.networking.gke.io.list clusterdns.networking.gke.io.get clusterdns.networking.gke.io.list clusterissuers.cert-manager.io.get clusterissuers.cert-manager.io.list clusterrolebindings.rbac.authorization.k8s.io.get clusterrolebindings.rbac.authorization.k8s.io.list clusterroles.rbac.authorization.k8s.io.get clusterroles.rbac.authorization.k8s.io.list csidrivers.storage.k8s.io.get csidrivers.storage.k8s.io.list csinodes.storage.k8s.io.get csinodes.storage.k8s.io.list customresourcedefinitions.apiextensions.k8s.io.get customresourcedefinitions.apiextensions.k8s.io.list egressnatpolicies.networking.gke.io.get egressnatpolicies.networking.gke.io.list flatipmodes.networking.gke.io.get flatipmodes.networking.gke.io.list ingressclasses.networking.gke.io.get ingressclasses.networking.gke.io.list metricsserver.addons.gke.io.get metricsserver.addons.gke.io.list mutatingwebhookconfigurations.admissionregistration.k8s.io/v1.get mutatingwebhookconfigurations.admissionregistration.k8s.io/v1.list namespaces.get namespaces.list networkloggings.networking.gke.io.get networkloggings.networking.gke.io.list networks.networking.gke.io.get networks.networking.gke.io.list nodes.get nodes.list nodes.update objectbuckets.objectbucket.io.get objectbuckets.objectbucket.io.list persistentvolumes.get persistentvolumes.list priorityclasses.scheduling.k8s.io.get priorityclasses.scheduling.k8s.io.list restorejobs.gkebackup.gke.io.get restorejobs.gkebackup.gke.io.list runtimeclasses.node.k8s.io.get runtimeclasses.node.k8s.io.list storageclasses.storage.k8s.io.get storageclasses.storage.k8s.io.list validatingwebhookconfigurations.admissionregistration.k8s.io/v1.get validatingwebhookconfigurations.admissionregistration.k8s.io/v1.list vmruntimes.virtualmachine.private.gdc.goog.get vmruntimes.virtualmachine.private.gdc.goog.list volumeattachments.storage.k8s.io.get volumeattachments.storage.k8s.io.list volumesnapshotclasses.snapshot.storage.k8s.io.get volumesnapshotclasses.snapshot.storage.k8s.io.list volumesnapshotcontents.snapshot.storage.k8s.io.get volumesnapshotcontents.snapshot.storage.k8s.io.list |
|
User Cluster Node Viewer ( user-cluster-node-viewer)
|
Kubernetes cluster
nodes.get
nodes.list nodes.watch |
|
VPN Admin ( vpn-admin)
|
Zonal
peergateways.networking.gdc.goog.create
peergateways.networking.gdc.goog.delete peergateways.networking.gdc.goog.get peergateways.networking.gdc.goog.list peergateways.networking.gdc.goog.patch peergateways.networking.gdc.goog.update peergateways.networking.gdc.goog.watch peergateways/status.networking.gdc.goog.create peergateways/status.networking.gdc.goog.delete peergateways/status.networking.gdc.goog.get peergateways/status.networking.gdc.goog.list peergateways/status.networking.gdc.goog.patch peergateways/status.networking.gdc.goog.update peergateways/status.networking.gdc.goog.watch secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch vpnbgppeers.networking.gdc.goog.create vpnbgppeers.networking.gdc.goog.delete vpnbgppeers.networking.gdc.goog.get vpnbgppeers.networking.gdc.goog.list vpnbgppeers.networking.gdc.goog.patch vpnbgppeers.networking.gdc.goog.update vpnbgppeers.networking.gdc.goog.watch vpnbgppeers/status.networking.gdc.goog.create vpnbgppeers/status.networking.gdc.goog.delete vpnbgppeers/status.networking.gdc.goog.get vpnbgppeers/status.networking.gdc.goog.list vpnbgppeers/status.networking.gdc.goog.patch vpnbgppeers/status.networking.gdc.goog.update vpnbgppeers/status.networking.gdc.goog.watch vpngateways.networking.gdc.goog.create vpngateways.networking.gdc.goog.delete vpngateways.networking.gdc.goog.get vpngateways.networking.gdc.goog.list vpngateways.networking.gdc.goog.patch vpngateways.networking.gdc.goog.update vpngateways.networking.gdc.goog.watch vpngateways/status.networking.gdc.goog.create vpngateways/status.networking.gdc.goog.delete vpngateways/status.networking.gdc.goog.get vpngateways/status.networking.gdc.goog.list vpngateways/status.networking.gdc.goog.patch vpngateways/status.networking.gdc.goog.update vpngateways/status.networking.gdc.goog.watch vpntunnels.networking.gdc.goog.create vpntunnels.networking.gdc.goog.delete vpntunnels.networking.gdc.goog.get vpntunnels.networking.gdc.goog.list vpntunnels.networking.gdc.goog.patch vpntunnels.networking.gdc.goog.update vpntunnels.networking.gdc.goog.watch vpntunnels/status.networking.gdc.goog.create vpntunnels/status.networking.gdc.goog.delete vpntunnels/status.networking.gdc.goog.get vpntunnels/status.networking.gdc.goog.list vpntunnels/status.networking.gdc.goog.patch vpntunnels/status.networking.gdc.goog.update vpntunnels/status.networking.gdc.goog.watch |
|
VPN Viewer ( vpn-viewer)
|
Zonal
peergateways.networking.gdc.goog.get
peergateways.networking.gdc.goog.list peergateways.networking.gdc.goog.watch peergateways/status.networking.gdc.goog.get peergateways/status.networking.gdc.goog.list peergateways/status.networking.gdc.goog.watch secrets.get secrets.list secrets.watch vpnbgppeers.networking.gdc.goog.get vpnbgppeers.networking.gdc.goog.list vpnbgppeers.networking.gdc.goog.watch vpnbgppeers/status.networking.gdc.goog.get vpnbgppeers/status.networking.gdc.goog.list vpnbgppeers/status.networking.gdc.goog.watch vpngateways.networking.gdc.goog.get vpngateways.networking.gdc.goog.list vpngateways.networking.gdc.goog.watch vpngateways/status.networking.gdc.goog.get vpngateways/status.networking.gdc.goog.list vpngateways/status.networking.gdc.goog.watch vpntunnels.networking.gdc.goog.get vpntunnels.networking.gdc.goog.list vpntunnels.networking.gdc.goog.watch vpntunnels/status.networking.gdc.goog.get vpntunnels/status.networking.gdc.goog.list vpntunnels/status.networking.gdc.goog.watch |
|
Volume Replication Global Admin ( volume-replication-admin)
|
Global
volumereplicationrelationships.storage.global.gdc.goog.create
volumereplicationrelationships.storage.global.gdc.goog.delete volumereplicationrelationships.storage.global.gdc.goog.get volumereplicationrelationships.storage.global.gdc.goog.list volumereplicationrelationships.storage.global.gdc.goog.watch Zonal
volumefailovers.storage.gdc.goog.create
volumefailovers.storage.gdc.goog.delete volumefailovers.storage.gdc.goog.get volumefailovers.storage.gdc.goog.list volumefailovers.storage.gdc.goog.watch volumereplicationrelationshipreplicas.storage.global.gdc.goog.create volumereplicationrelationshipreplicas.storage.global.gdc.goog.delete volumereplicationrelationshipreplicas.storage.global.gdc.goog.get volumereplicationrelationshipreplicas.storage.global.gdc.goog.list volumereplicationrelationshipreplicas.storage.global.gdc.goog.watch |
|
Volume Replication Global Admin ( app-volume-replication-admin)
|
Global
volumereplicationrelationships.storage.global.gdc.goog.create
volumereplicationrelationships.storage.global.gdc.goog.delete volumereplicationrelationships.storage.global.gdc.goog.get volumereplicationrelationships.storage.global.gdc.goog.list volumereplicationrelationships.storage.global.gdc.goog.watch Zonal
volumefailovers.storage.gdc.goog.create
volumefailovers.storage.gdc.goog.delete volumefailovers.storage.gdc.goog.get volumefailovers.storage.gdc.goog.list volumefailovers.storage.gdc.goog.watch volumereplicationrelationshipreplicas.storage.global.gdc.goog.create volumereplicationrelationshipreplicas.storage.global.gdc.goog.delete volumereplicationrelationshipreplicas.storage.global.gdc.goog.get volumereplicationrelationshipreplicas.storage.global.gdc.goog.list volumereplicationrelationshipreplicas.storage.global.gdc.goog.watch |
|
Web TLS Certificate Admin ( web-tls-cert-admin)
|
Global
certificates.pki.security.gdc.goog.create
certificates.pki.security.gdc.goog.delete certificates.pki.security.gdc.goog.get certificates.pki.security.gdc.goog.list certificates.pki.security.gdc.goog.patch certificates.pki.security.gdc.goog.update certificates.pki.security.gdc.goog.watch secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch Zonal
certificates.pki.security.gdc.goog.create
certificates.pki.security.gdc.goog.delete certificates.pki.security.gdc.goog.get certificates.pki.security.gdc.goog.list certificates.pki.security.gdc.goog.patch certificates.pki.security.gdc.goog.update certificates.pki.security.gdc.goog.watch secrets.create secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch |
Project-level roles and permissions
The following roles are granted within a specific project.
| Role name and description | Permissions |
|---|---|
|
AI Gemini Flash Developer ( ai-gemini-flash-developer)
Performs predict and chat-completions requests on Gemini Flash model endpoints. |
Zonal
endpoints.gemini-flash.gdc.goog.chat-completions
endpoints.gemini-flash.gdc.goog.predict |
|
AI Large Gemini Developer ( ai-large-gemini-developer)
Grants permissions to access the large Gemini service in the system cluster. |
Zonal
endpoints.large-gemini.gdc.goog.cancel-batch
endpoints.large-gemini.gdc.goog.chat-completions endpoints.large-gemini.gdc.goog.create-batch endpoints.large-gemini.gdc.goog.create-cached-content endpoints.large-gemini.gdc.goog.delete-cached-content endpoints.large-gemini.gdc.goog.generate-content endpoints.large-gemini.gdc.goog.get-batch endpoints.large-gemini.gdc.goog.get-cached-content endpoints.large-gemini.gdc.goog.list-available-models endpoints.large-gemini.gdc.goog.list-batches endpoints.large-gemini.gdc.goog.list-cached-contents endpoints.large-gemini.gdc.goog.stream-generate-content endpoints.large-gemini.gdc.goog.update-cached-content |
|
AI Ocr Developer ( ai-ocr-developer)
Accesses the OCR service. |
Zonal
annotators.vision.gdc.goog.*
|
|
AI Speech Chirp Developer ( ai-speech-chirp-developer)
Accesses the Speech Chirp service. |
Zonal
recognizers.speech.gdc.goog.*
|
|
AI Speech Developer ( ai-speech-developer)
Accesses the Speech service. |
Zonal
recognizers.speech.gdc.goog.*
|
|
AI Text Embedding Developer ( ai-text-embedding-developer)
Performs predict requests on Text Embedding model endpoints. |
Zonal
endpoints.text-embedding.gdc.goog.predict
|
|
AI Text Embedding Multilingual Developer ( ai-text-embedding-multilingual-developer)
Performs predict requests on Text Embedding Multilingual model endpoints. |
Zonal
endpoints.text-embedding-multilingual.gdc.goog.predict
|
|
AI Translation Developer ( ai-translation-developer)
Accesses the Translation service. |
Zonal
translators.translation.gdc.goog.*
|
|
Backup Creator ( backup-creator)
|
Kubernetes cluster
backupplans.backup.gdc.goog.get
backupplans.backup.gdc.goog.list backupplans.backup.gdc.goog.watch backups.backup.gdc.goog.get backups.backup.gdc.goog.list backups.backup.gdc.goog.watch deletebackuprequests.backup.gdc.goog.get deletebackuprequests.backup.gdc.goog.list deletebackuprequests.backup.gdc.goog.watch manualbackuprequests.backup.gdc.goog.create manualbackuprequests.backup.gdc.goog.delete manualbackuprequests.backup.gdc.goog.get manualbackuprequests.backup.gdc.goog.list manualbackuprequests.backup.gdc.goog.watch manualrestorerequests.backup.gdc.goog.create manualrestorerequests.backup.gdc.goog.delete manualrestorerequests.backup.gdc.goog.get manualrestorerequests.backup.gdc.goog.list manualrestorerequests.backup.gdc.goog.watch restoreplans.backup.gdc.goog.get restoreplans.backup.gdc.goog.list restoreplans.backup.gdc.goog.watch restores.backup.gdc.goog.get restores.backup.gdc.goog.list restores.backup.gdc.goog.watch volumebackups.backup.gdc.goog.get volumebackups.backup.gdc.goog.list volumebackups.backup.gdc.goog.watch volumerestores.backup.gdc.goog.get volumerestores.backup.gdc.goog.list volumerestores.backup.gdc.goog.watch |
|
Bookstore Admin ( bookstore-admin)
|
Zonal
shelves.bookstore-grpc.googleapis.com.create
shelves.bookstore-grpc.googleapis.com.get shelves.cloudresourcemanager.googleapis.com.create shelves.cloudresourcemanager.googleapis.com.get |
|
CA Service Certificate Requester ( certificate-authority-service-certificate-requester)
Creates and views certificate requests and retrieves issued certificates. |
Zonal
certificaterequests.pki.security.gdc.goog.create
certificaterequests.pki.security.gdc.goog.get certificaterequests.pki.security.gdc.goog.list secrets.get secrets.list |
|
CA Service Operation Manager ( certificate-authority-service-operation-manager)
Manages Certificate Authorities and revokes certificates. |
Zonal
certificateauthorities.pki.security.gdc.goog.create
certificateauthorities.pki.security.gdc.goog.delete certificateauthorities.pki.security.gdc.goog.get certificateauthorities.pki.security.gdc.goog.list certificateauthorities.pki.security.gdc.goog.patch certificateauthorities.pki.security.gdc.goog.update certificateauthorities.pki.security.gdc.goog.watch certificaterequests.pki.security.gdc.goog.get certificaterequests.pki.security.gdc.goog.list certificaterequests.pki.security.gdc.goog.watch revokecertificaterequests.pki.security.gdc.goog.create revokecertificaterequests.pki.security.gdc.goog.delete revokecertificaterequests.pki.security.gdc.goog.get revokecertificaterequests.pki.security.gdc.goog.list revokecertificaterequests.pki.security.gdc.goog.patch revokecertificaterequests.pki.security.gdc.goog.update revokecertificaterequests.pki.security.gdc.goog.watch secrets.get secrets.list |
|
Certificate Authority Service Admin ( certificate-authority-service-admin)
|
Zonal
certificateauthorities.pki.security.gdc.goog.create
certificateauthorities.pki.security.gdc.goog.delete certificateauthorities.pki.security.gdc.goog.get certificateauthorities.pki.security.gdc.goog.list certificateauthorities.pki.security.gdc.goog.patch certificateauthorities.pki.security.gdc.goog.update certificateauthorities.pki.security.gdc.goog.watch certificaterequests.pki.security.gdc.goog.create certificaterequests.pki.security.gdc.goog.delete certificaterequests.pki.security.gdc.goog.get certificaterequests.pki.security.gdc.goog.list certificaterequests.pki.security.gdc.goog.patch certificaterequests.pki.security.gdc.goog.update certificaterequests.pki.security.gdc.goog.watch revokecertificaterequests.pki.security.gdc.goog.create revokecertificaterequests.pki.security.gdc.goog.delete revokecertificaterequests.pki.security.gdc.goog.get revokecertificaterequests.pki.security.gdc.goog.list revokecertificaterequests.pki.security.gdc.goog.patch revokecertificaterequests.pki.security.gdc.goog.update revokecertificaterequests.pki.security.gdc.goog.watch secrets.get secrets.list |
|
Certificate Service Admin ( certificate-service-admin)
|
Zonal
certificateissuers.pki.security.gdc.goog.create
certificateissuers.pki.security.gdc.goog.delete certificateissuers.pki.security.gdc.goog.get certificateissuers.pki.security.gdc.goog.list certificateissuers.pki.security.gdc.goog.patch certificateissuers.pki.security.gdc.goog.update certificateissuers.pki.security.gdc.goog.watch certificates.pki.security.gdc.goog.create certificates.pki.security.gdc.goog.delete certificates.pki.security.gdc.goog.get certificates.pki.security.gdc.goog.list certificates.pki.security.gdc.goog.patch certificates.pki.security.gdc.goog.update certificates.pki.security.gdc.goog.watch |
|
Cloud NAT Developer ( cloud-nat-developer)
Able to CRUD CloudNAT resources in the project. |
Zonal
cloudnatgateways.networking.gdc.goog.create
cloudnatgateways.networking.gdc.goog.delete cloudnatgateways.networking.gdc.goog.get cloudnatgateways.networking.gdc.goog.list cloudnatgateways.networking.gdc.goog.patch cloudnatgateways.networking.gdc.goog.update cloudnatgateways.networking.gdc.goog.watch |
|
Cloud NAT Manager ( cloud-nat-manager)
Able to CRUD CloudNAT resources in the project. |
Zonal
cloudnatgateways.networking.gdc.goog.create
cloudnatgateways.networking.gdc.goog.delete cloudnatgateways.networking.gdc.goog.get cloudnatgateways.networking.gdc.goog.list cloudnatgateways.networking.gdc.goog.patch cloudnatgateways.networking.gdc.goog.update cloudnatgateways.networking.gdc.goog.watch |
|
Cloud NAT Viewer ( cloud-nat-viewer)
Able to view CloudNAT resources/status in the project |
Zonal
cloudnatgateways.networking.gdc.goog.get
cloudnatgateways.networking.gdc.goog.list cloudnatgateways.networking.gdc.goog.watch |
|
Custom Role Project Admin ( custom-role-project-admin)
|
Global
customroles.iam.global.gdc.goog.create
customroles.iam.global.gdc.goog.delete customroles.iam.global.gdc.goog.get customroles.iam.global.gdc.goog.list customroles.iam.global.gdc.goog.patch customroles.iam.global.gdc.goog.update customroles.iam.global.gdc.goog.watch iamroles.iam.global.gdc.goog.get iamroles.iam.global.gdc.goog.list roles.rbac.authorization.k8s.io.get Zonal
customroles.iam.gdc.goog.create
customroles.iam.gdc.goog.delete customroles.iam.gdc.goog.get customroles.iam.gdc.goog.list customroles.iam.gdc.goog.patch customroles.iam.gdc.goog.update customroles.iam.gdc.goog.watch projectroles.resourcemanager.gdc.goog.get roles.rbac.authorization.k8s.io.get |
|
Dashboard Editor ( dashboard-editor)
|
Zonal
configmaps.create
configmaps.delete configmaps.get configmaps.list configmaps.patch configmaps.update configmaps.watch dashboards.observability.gdc.goog.delete dashboards.observability.gdc.goog.get dashboards.observability.gdc.goog.list dashboards.observability.gdc.goog.patch dashboards.observability.gdc.goog.update dashboards.observability.gdc.goog.watch |
|
Dashboard Viewer ( dashboard-viewer)
|
Zonal
dashboards.observability.gdc.goog.get
dashboards.observability.gdc.goog.list dashboards.observability.gdc.goog.watch |
|
Debugging AuditLoggingTarget custom resource ( auditloggingtarget-monitor)
|
Zonal
auditloggingtargets.logging.private.gdc.goog.get
auditloggingtargets.logging.private.gdc.goog.list auditloggingtargets.logging.private.gdc.goog.update dnsregistrations.network.private.gdc.goog.get dnsregistrations.network.private.gdc.goog.list |
|
Discovery Engine Admin ( vaisearch-admin)
|
Zonal
agents.conversationai.gdc.goog.create
agents.conversationai.gdc.goog.delete agents.conversationai.gdc.goog.get agents.conversationai.gdc.goog.list agents.conversationai.gdc.goog.search agents.conversationai.gdc.goog.update conversations.conversationai.gdc.goog.converse conversations.conversationai.gdc.goog.create conversations.conversationai.gdc.goog.delete conversations.conversationai.gdc.goog.get conversations.conversationai.gdc.goog.list conversations.conversationai.gdc.goog.update datasets.conversationai.gdc.goog.create datasets.conversationai.gdc.goog.delete datasets.conversationai.gdc.goog.get datasets.conversationai.gdc.goog.list datastores.discoveryengine.gdc.goog.create datastores.discoveryengine.gdc.goog.delete datastores.discoveryengine.gdc.goog.get datastores.discoveryengine.gdc.goog.list datastores.discoveryengine.gdc.goog.search datastores.discoveryengine.gdc.goog.update documents.conversationai.gdc.goog.create documents.conversationai.gdc.goog.delete documents.conversationai.gdc.goog.get documents.conversationai.gdc.goog.list documents.conversationai.gdc.goog.update documents.discoveryengine.gdc.goog.create documents.discoveryengine.gdc.goog.delete documents.discoveryengine.gdc.goog.get documents.discoveryengine.gdc.goog.list documents.discoveryengine.gdc.goog.update operations.conversationai.gdc.goog.get sessions.discoveryengine.gdc.goog.answer sessions.discoveryengine.gdc.goog.create sessions.discoveryengine.gdc.goog.delete sessions.discoveryengine.gdc.goog.get sessions.discoveryengine.gdc.goog.list sessions.discoveryengine.gdc.goog.update |
|
Discovery Engine Developer ( vaisearch-developer)
|
Zonal
agents.conversationai.gdc.goog.create
agents.conversationai.gdc.goog.delete agents.conversationai.gdc.goog.get agents.conversationai.gdc.goog.list agents.conversationai.gdc.goog.search agents.conversationai.gdc.goog.update conversations.conversationai.gdc.goog.converse conversations.conversationai.gdc.goog.create conversations.conversationai.gdc.goog.delete conversations.conversationai.gdc.goog.get conversations.conversationai.gdc.goog.list conversations.conversationai.gdc.goog.update datasets.conversationai.gdc.goog.create datasets.conversationai.gdc.goog.delete datasets.conversationai.gdc.goog.get datasets.conversationai.gdc.goog.list datastores.discoveryengine.gdc.goog.create datastores.discoveryengine.gdc.goog.delete datastores.discoveryengine.gdc.goog.get datastores.discoveryengine.gdc.goog.list datastores.discoveryengine.gdc.goog.search datastores.discoveryengine.gdc.goog.update documents.conversationai.gdc.goog.create documents.conversationai.gdc.goog.delete documents.conversationai.gdc.goog.get documents.conversationai.gdc.goog.list documents.conversationai.gdc.goog.update documents.discoveryengine.gdc.goog.create documents.discoveryengine.gdc.goog.delete documents.discoveryengine.gdc.goog.get documents.discoveryengine.gdc.goog.list documents.discoveryengine.gdc.goog.update operations.conversationai.gdc.goog.get sessions.discoveryengine.gdc.goog.answer sessions.discoveryengine.gdc.goog.create sessions.discoveryengine.gdc.goog.delete sessions.discoveryengine.gdc.goog.get sessions.discoveryengine.gdc.goog.list sessions.discoveryengine.gdc.goog.update |
|
External Load Balancer Viewer ( external-load-balancer-viewer)
Views external load balancer resources within a project. |
Global
backendservicepolicies.networking.global.gdc.goog.get
backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.watch forwardingruleexternals.networking.global.gdc.goog.get forwardingruleexternals.networking.global.gdc.goog.list forwardingruleexternals.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.get
backends.networking.gdc.goog.list backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.watch forwardingruleexternals.networking.gdc.goog.get forwardingruleexternals.networking.gdc.goog.list forwardingruleexternals.networking.gdc.goog.watch healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.watch |
|
Global External Load Balancer Admin ( external-load-balancer-admin)
Creates and manages global external load balancer resources within a global project. |
Global
backendservicepolicies.networking.global.gdc.goog.create
backendservicepolicies.networking.global.gdc.goog.delete backendservicepolicies.networking.global.gdc.goog.get backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.patch backendservicepolicies.networking.global.gdc.goog.update backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.create backendservices.networking.global.gdc.goog.delete backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.patch backendservices.networking.global.gdc.goog.update backendservices.networking.global.gdc.goog.watch forwardingruleexternals.networking.global.gdc.goog.create forwardingruleexternals.networking.global.gdc.goog.delete forwardingruleexternals.networking.global.gdc.goog.get forwardingruleexternals.networking.global.gdc.goog.list forwardingruleexternals.networking.global.gdc.goog.patch forwardingruleexternals.networking.global.gdc.goog.update forwardingruleexternals.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.create healthchecks.networking.global.gdc.goog.delete healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.patch healthchecks.networking.global.gdc.goog.update healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.create
backends.networking.gdc.goog.delete backends.networking.gdc.goog.get backends.networking.gdc.goog.list backends.networking.gdc.goog.patch backends.networking.gdc.goog.update backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.create backendservicepolicies.networking.gdc.goog.delete backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.patch backendservicepolicies.networking.gdc.goog.update backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.create backendservices.networking.gdc.goog.delete backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.patch backendservices.networking.gdc.goog.update backendservices.networking.gdc.goog.watch forwardingruleexternals.networking.gdc.goog.create forwardingruleexternals.networking.gdc.goog.delete forwardingruleexternals.networking.gdc.goog.get forwardingruleexternals.networking.gdc.goog.list forwardingruleexternals.networking.gdc.goog.patch forwardingruleexternals.networking.gdc.goog.update forwardingruleexternals.networking.gdc.goog.watch healthchecks.networking.gdc.goog.create healthchecks.networking.gdc.goog.delete healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.patch healthchecks.networking.gdc.goog.update healthchecks.networking.gdc.goog.watch |
|
Global Internal Load Balancer Admin ( internal-load-balancer-admin)
Creates and manages global internal load balancer resources within a global project. |
Global
backendservicepolicies.networking.global.gdc.goog.create
backendservicepolicies.networking.global.gdc.goog.delete backendservicepolicies.networking.global.gdc.goog.get backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.patch backendservicepolicies.networking.global.gdc.goog.update backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.create backendservices.networking.global.gdc.goog.delete backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.patch backendservices.networking.global.gdc.goog.update backendservices.networking.global.gdc.goog.watch forwardingruleinternals.networking.global.gdc.goog.create forwardingruleinternals.networking.global.gdc.goog.delete forwardingruleinternals.networking.global.gdc.goog.get forwardingruleinternals.networking.global.gdc.goog.list forwardingruleinternals.networking.global.gdc.goog.patch forwardingruleinternals.networking.global.gdc.goog.update forwardingruleinternals.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.create healthchecks.networking.global.gdc.goog.delete healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.patch healthchecks.networking.global.gdc.goog.update healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.create
backends.networking.gdc.goog.delete backends.networking.gdc.goog.get backends.networking.gdc.goog.list backends.networking.gdc.goog.patch backends.networking.gdc.goog.update backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.create backendservicepolicies.networking.gdc.goog.delete backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.patch backendservicepolicies.networking.gdc.goog.update backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.create backendservices.networking.gdc.goog.delete backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.patch backendservices.networking.gdc.goog.update backendservices.networking.gdc.goog.watch forwardingruleinternals.networking.gdc.goog.create forwardingruleinternals.networking.gdc.goog.delete forwardingruleinternals.networking.gdc.goog.get forwardingruleinternals.networking.gdc.goog.list forwardingruleinternals.networking.gdc.goog.patch forwardingruleinternals.networking.gdc.goog.update forwardingruleinternals.networking.gdc.goog.watch healthchecks.networking.gdc.goog.create healthchecks.networking.gdc.goog.delete healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.patch healthchecks.networking.gdc.goog.update healthchecks.networking.gdc.goog.watch |
|
Global Internal Load Balancer Viewer ( internal-load-balancer-viewer)
Views global internal load balancer resources within a global project. |
Global
backendservicepolicies.networking.global.gdc.goog.get
backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.watch forwardingruleinternals.networking.global.gdc.goog.get forwardingruleinternals.networking.global.gdc.goog.list forwardingruleinternals.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.get
backends.networking.gdc.goog.list backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.watch forwardingruleinternals.networking.gdc.goog.get forwardingruleinternals.networking.gdc.goog.list forwardingruleinternals.networking.gdc.goog.watch healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.watch |
|
Global Load Balancer Developer ( load-balancer-developer)
Creates and manages global load balancer health checks and backend services within a global project. |
Global
backendservicepolicies.networking.global.gdc.goog.create
backendservicepolicies.networking.global.gdc.goog.delete backendservicepolicies.networking.global.gdc.goog.get backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.patch backendservicepolicies.networking.global.gdc.goog.update backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.create backendservices.networking.global.gdc.goog.delete backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.patch backendservices.networking.global.gdc.goog.update backendservices.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.create healthchecks.networking.global.gdc.goog.delete healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.patch healthchecks.networking.global.gdc.goog.update healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.create
backends.networking.gdc.goog.delete backends.networking.gdc.goog.get backends.networking.gdc.goog.list backends.networking.gdc.goog.patch backends.networking.gdc.goog.update backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.create backendservicepolicies.networking.gdc.goog.delete backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.patch backendservicepolicies.networking.gdc.goog.update backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.create backendservices.networking.gdc.goog.delete backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.patch backendservices.networking.gdc.goog.update backendservices.networking.gdc.goog.watch healthchecks.networking.gdc.goog.create healthchecks.networking.gdc.goog.delete healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.patch healthchecks.networking.gdc.goog.update healthchecks.networking.gdc.goog.watch |
|
Harbor Instance Admin ( harbor-instance-admin)
|
Zonal
harborinstancebackupplans.artifactregistry.gdc.goog.create
harborinstancebackupplans.artifactregistry.gdc.goog.delete harborinstancebackupplans.artifactregistry.gdc.goog.get harborinstancebackupplans.artifactregistry.gdc.goog.list harborinstancebackupplans.artifactregistry.gdc.goog.patch harborinstancebackupplans.artifactregistry.gdc.goog.update harborinstancebackupplans.artifactregistry.gdc.goog.watch harborinstancebackuprepositories.artifactregistry.gdc.goog.create harborinstancebackuprepositories.artifactregistry.gdc.goog.delete harborinstancebackuprepositories.artifactregistry.gdc.goog.get harborinstancebackuprepositories.artifactregistry.gdc.goog.list harborinstancebackuprepositories.artifactregistry.gdc.goog.patch harborinstancebackuprepositories.artifactregistry.gdc.goog.update harborinstancebackuprepositories.artifactregistry.gdc.goog.watch harborinstancebackups.artifactregistry.gdc.goog.create harborinstancebackups.artifactregistry.gdc.goog.delete harborinstancebackups.artifactregistry.gdc.goog.get harborinstancebackups.artifactregistry.gdc.goog.list harborinstancebackups.artifactregistry.gdc.goog.patch harborinstancebackups.artifactregistry.gdc.goog.update harborinstancebackups.artifactregistry.gdc.goog.watch harborinstancedatabasebackups.artifactregistry.private.gdc.goog.create harborinstancedatabasebackups.artifactregistry.private.gdc.goog.delete harborinstancedatabasebackups.artifactregistry.private.gdc.goog.get harborinstancedatabasebackups.artifactregistry.private.gdc.goog.list harborinstancedatabasebackups.artifactregistry.private.gdc.goog.patch harborinstancedatabasebackups.artifactregistry.private.gdc.goog.update harborinstancedatabasebackups.artifactregistry.private.gdc.goog.watch harborinstancedatabaserestores.artifactregistry.private.gdc.goog.create harborinstancedatabaserestores.artifactregistry.private.gdc.goog.delete harborinstancedatabaserestores.artifactregistry.private.gdc.goog.get harborinstancedatabaserestores.artifactregistry.private.gdc.goog.list harborinstancedatabaserestores.artifactregistry.private.gdc.goog.patch harborinstancedatabaserestores.artifactregistry.private.gdc.goog.update harborinstancedatabaserestores.artifactregistry.private.gdc.goog.watch harborinstanceprojects.artifactregistry.gdc.goog.create harborinstanceprojects.artifactregistry.gdc.goog.get harborinstanceprojects.artifactregistry.gdc.goog.patch harborinstanceprojects.artifactregistry.gdc.goog.update harborinstanceprojects.artifactregistry.gdc.goog.watch harborinstanceregistrybackups.artifactregistry.private.gdc.goog.create harborinstanceregistrybackups.artifactregistry.private.gdc.goog.delete harborinstanceregistrybackups.artifactregistry.private.gdc.goog.get harborinstanceregistrybackups.artifactregistry.private.gdc.goog.list harborinstanceregistrybackups.artifactregistry.private.gdc.goog.patch harborinstanceregistrybackups.artifactregistry.private.gdc.goog.update harborinstanceregistrybackups.artifactregistry.private.gdc.goog.watch harborinstanceregistryrestores.artifactregistry.private.gdc.goog.create harborinstanceregistryrestores.artifactregistry.private.gdc.goog.delete harborinstanceregistryrestores.artifactregistry.private.gdc.goog.get harborinstanceregistryrestores.artifactregistry.private.gdc.goog.list harborinstanceregistryrestores.artifactregistry.private.gdc.goog.patch harborinstanceregistryrestores.artifactregistry.private.gdc.goog.update harborinstanceregistryrestores.artifactregistry.private.gdc.goog.watch harborinstancerestores.artifactregistry.gdc.goog.create harborinstancerestores.artifactregistry.gdc.goog.delete harborinstancerestores.artifactregistry.gdc.goog.get harborinstancerestores.artifactregistry.gdc.goog.list harborinstancerestores.artifactregistry.gdc.goog.patch harborinstancerestores.artifactregistry.gdc.goog.update harborinstancerestores.artifactregistry.gdc.goog.watch harborinstances.artifactregistry.gdc.goog.create harborinstances.artifactregistry.gdc.goog.delete harborinstances.artifactregistry.gdc.goog.get harborinstances.artifactregistry.gdc.goog.list harborinstances.artifactregistry.gdc.goog.patch harborinstances.artifactregistry.gdc.goog.update harborinstances.artifactregistry.gdc.goog.watch |
|
Harbor Instance Viewer ( harbor-instance-viewer)
|
Zonal
harborinstancebackupplans.artifactregistry.gdc.goog.get
harborinstancebackupplans.artifactregistry.gdc.goog.list harborinstancebackupplans.artifactregistry.gdc.goog.watch harborinstancebackuprepositories.artifactregistry.gdc.goog.get harborinstancebackuprepositories.artifactregistry.gdc.goog.list harborinstancebackuprepositories.artifactregistry.gdc.goog.watch harborinstancebackups.artifactregistry.gdc.goog.get harborinstancebackups.artifactregistry.gdc.goog.list harborinstancebackups.artifactregistry.gdc.goog.watch harborinstanceprojects.artifactregistry.gdc.goog.get harborinstanceprojects.artifactregistry.gdc.goog.watch harborinstancerestores.artifactregistry.gdc.goog.get harborinstancerestores.artifactregistry.gdc.goog.list harborinstancerestores.artifactregistry.gdc.goog.watch harborinstances.artifactregistry.gdc.goog.get harborinstances.artifactregistry.gdc.goog.list harborinstances.artifactregistry.gdc.goog.watch |
|
Harbor Project Creator ( harbor-project-creator)
|
Zonal
harborinstanceprojects.artifactregistry.gdc.goog.create
harborinstanceprojects.artifactregistry.gdc.goog.get harborinstanceprojects.artifactregistry.gdc.goog.watch |
|
K8S Network Policy Admin ( k8s-networkpolicy-admin)
|
Kubernetes cluster
networkpolicies.networking.k8s.io.*
|
|
KMS Admin ( kms-admin)
Manages KMS keys in their project and reads KeyImports and KeyExports. |
Zonal
aeadkeys.kms.gdc.goog.create
aeadkeys.kms.gdc.goog.decrypt aeadkeys.kms.gdc.goog.delete aeadkeys.kms.gdc.goog.encrypt aeadkeys.kms.gdc.goog.generatedatakey aeadkeys.kms.gdc.goog.get aeadkeys.kms.gdc.goog.list aeadkeys.kms.gdc.goog.patch aeadkeys.kms.gdc.goog.update aeadkeys.kms.gdc.goog.watch keyexports.kms.gdc.goog.get keyexports.kms.gdc.goog.list keyexports.kms.gdc.goog.watch keyimports.kms.gdc.goog.get keyimports.kms.gdc.goog.list keyimports.kms.gdc.goog.watch signingkeys.kms.gdc.goog.create signingkeys.kms.gdc.goog.delete signingkeys.kms.gdc.goog.get signingkeys.kms.gdc.goog.list signingkeys.kms.gdc.goog.patch signingkeys.kms.gdc.goog.sign signingkeys.kms.gdc.goog.update signingkeys.kms.gdc.goog.watch |
|
KMS Creator ( kms-creator)
Creates and reads KMS keys in their project. |
Zonal
aeadkeys.kms.gdc.goog.create
aeadkeys.kms.gdc.goog.get aeadkeys.kms.gdc.goog.list aeadkeys.kms.gdc.goog.watch signingkeys.kms.gdc.goog.create signingkeys.kms.gdc.goog.get signingkeys.kms.gdc.goog.list signingkeys.kms.gdc.goog.watch |
|
KMS Developer ( kms-developer)
Performs crypto operations using KMS keys in their project. |
Zonal
aeadkeys.kms.gdc.goog.decrypt
aeadkeys.kms.gdc.goog.encrypt aeadkeys.kms.gdc.goog.generatedatakey aeadkeys.kms.gdc.goog.get aeadkeys.kms.gdc.goog.list aeadkeys.kms.gdc.goog.watch signingkeys.kms.gdc.goog.get signingkeys.kms.gdc.goog.list signingkeys.kms.gdc.goog.sign signingkeys.kms.gdc.goog.watch |
|
KMS Key Export Admin ( kms-keyexport-admin)
Exports KMS keys in their project as wrapped keys from the KMS. |
Zonal
keyexports.kms.gdc.goog.*
|
|
KMS Key Import Admin ( kms-keyimport-admin)
Imports KMS keys to the KMS as wrapped keys in their project. |
Zonal
keyimports.kms.gdc.goog.*
|
|
KMS Viewer ( kms-viewer)
Reads KMS keys in their project. |
Zonal
aeadkeys.kms.gdc.goog.get
aeadkeys.kms.gdc.goog.list aeadkeys.kms.gdc.goog.watch keyexports.kms.gdc.goog.get keyexports.kms.gdc.goog.list keyexports.kms.gdc.goog.watch keyimports.kms.gdc.goog.get keyimports.kms.gdc.goog.list keyimports.kms.gdc.goog.watch signingkeys.kms.gdc.goog.get signingkeys.kms.gdc.goog.list signingkeys.kms.gdc.goog.watch |
|
LibraryAgent User ( libraryagent-user)
Allow Customers to use APIs of Libraryagent Demo service |
Zonal
shelves.libraryagent.api.v1alpha1.get
shelves.libraryagent.api.v1alpha1.list |
|
Load Balancer Admin ( load-balancer-admin)
Load Balancer Admin |
Global
backendservicepolicies.networking.global.gdc.goog.create
backendservicepolicies.networking.global.gdc.goog.delete backendservicepolicies.networking.global.gdc.goog.get backendservicepolicies.networking.global.gdc.goog.list backendservicepolicies.networking.global.gdc.goog.patch backendservicepolicies.networking.global.gdc.goog.update backendservicepolicies.networking.global.gdc.goog.watch backendservices.networking.global.gdc.goog.create backendservices.networking.global.gdc.goog.delete backendservices.networking.global.gdc.goog.get backendservices.networking.global.gdc.goog.list backendservices.networking.global.gdc.goog.patch backendservices.networking.global.gdc.goog.update backendservices.networking.global.gdc.goog.watch forwardingruleexternals.networking.global.gdc.goog.create forwardingruleexternals.networking.global.gdc.goog.delete forwardingruleexternals.networking.global.gdc.goog.get forwardingruleexternals.networking.global.gdc.goog.list forwardingruleexternals.networking.global.gdc.goog.patch forwardingruleexternals.networking.global.gdc.goog.update forwardingruleexternals.networking.global.gdc.goog.watch forwardingruleinternals.networking.global.gdc.goog.create forwardingruleinternals.networking.global.gdc.goog.delete forwardingruleinternals.networking.global.gdc.goog.get forwardingruleinternals.networking.global.gdc.goog.list forwardingruleinternals.networking.global.gdc.goog.patch forwardingruleinternals.networking.global.gdc.goog.update forwardingruleinternals.networking.global.gdc.goog.watch healthchecks.networking.global.gdc.goog.create healthchecks.networking.global.gdc.goog.delete healthchecks.networking.global.gdc.goog.get healthchecks.networking.global.gdc.goog.list healthchecks.networking.global.gdc.goog.patch healthchecks.networking.global.gdc.goog.update healthchecks.networking.global.gdc.goog.watch Zonal
backends.networking.gdc.goog.create
backends.networking.gdc.goog.delete backends.networking.gdc.goog.get backends.networking.gdc.goog.list backends.networking.gdc.goog.patch backends.networking.gdc.goog.update backends.networking.gdc.goog.watch backendservicepolicies.networking.gdc.goog.create backendservicepolicies.networking.gdc.goog.delete backendservicepolicies.networking.gdc.goog.get backendservicepolicies.networking.gdc.goog.list backendservicepolicies.networking.gdc.goog.patch backendservicepolicies.networking.gdc.goog.update backendservicepolicies.networking.gdc.goog.watch backendservices.networking.gdc.goog.create backendservices.networking.gdc.goog.delete backendservices.networking.gdc.goog.get backendservices.networking.gdc.goog.list backendservices.networking.gdc.goog.patch backendservices.networking.gdc.goog.update backendservices.networking.gdc.goog.watch forwardingruleexternals.networking.gdc.goog.create forwardingruleexternals.networking.gdc.goog.delete forwardingruleexternals.networking.gdc.goog.get forwardingruleexternals.networking.gdc.goog.list forwardingruleexternals.networking.gdc.goog.patch forwardingruleexternals.networking.gdc.goog.update forwardingruleexternals.networking.gdc.goog.watch forwardingruleinternals.networking.gdc.goog.create forwardingruleinternals.networking.gdc.goog.delete forwardingruleinternals.networking.gdc.goog.get forwardingruleinternals.networking.gdc.goog.list forwardingruleinternals.networking.gdc.goog.patch forwardingruleinternals.networking.gdc.goog.update forwardingruleinternals.networking.gdc.goog.watch healthchecks.networking.gdc.goog.create healthchecks.networking.gdc.goog.delete healthchecks.networking.gdc.goog.get healthchecks.networking.gdc.goog.list healthchecks.networking.gdc.goog.patch healthchecks.networking.gdc.goog.update healthchecks.networking.gdc.goog.watch |
|
Log Querier ( log-query-api-querier)
Access the Log Query API to query logs in AO project. |
Zonal
labels.goog.gdc.logging.v1.get
labels.goog.gdc.logging.v1.list labelvalues.goog.gdc.logging.v1.get labelvalues.goog.gdc.logging.v1.list listlabelsrequests.goog.gdc.logging.v1.get listlabelsrequests.goog.gdc.logging.v1.list listlabelsresponses.goog.gdc.logging.v1.get listlabelsresponses.goog.gdc.logging.v1.list listlabelvaluesrequests.goog.gdc.logging.v1.get listlabelvaluesrequests.goog.gdc.logging.v1.list listlabelvaluesresponses.goog.gdc.logging.v1.get listlabelvaluesresponses.goog.gdc.logging.v1.list listlogsfilters.goog.gdc.logging.v1.get listlogsfilters.goog.gdc.logging.v1.list listlogsrequests.goog.gdc.logging.v1.get listlogsrequests.goog.gdc.logging.v1.list listlogsresponses.goog.gdc.logging.v1.get listlogsresponses.goog.gdc.logging.v1.list logs.goog.gdc.logging.v1.get logs.goog.gdc.logging.v1.list |
|
LoggingRule Creator ( loggingrule-creator)
|
Zonal
loggingrules.logging.gdc.goog.create
loggingrules.logging.gdc.goog.get loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.watch |
|
LoggingRule Editor ( loggingrule-editor)
|
Zonal
loggingrules.logging.gdc.goog.delete
loggingrules.logging.gdc.goog.get loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.patch loggingrules.logging.gdc.goog.update loggingrules.logging.gdc.goog.watch |
|
LoggingRule Viewer ( loggingrule-viewer)
|
Zonal
loggingrules.logging.gdc.goog.get
loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.watch |
|
LoggingTarget Creator ( loggingtarget-creator)
|
Zonal
loggingtargets.logging.gdc.goog.create
loggingtargets.logging.gdc.goog.get loggingtargets.logging.gdc.goog.list loggingtargets.logging.gdc.goog.watch |
|
LoggingTarget Editor ( loggingtarget-editor)
|
Zonal
loggingtargets.logging.gdc.goog.delete
loggingtargets.logging.gdc.goog.get loggingtargets.logging.gdc.goog.list loggingtargets.logging.gdc.goog.patch loggingtargets.logging.gdc.goog.update loggingtargets.logging.gdc.goog.watch |
|
LoggingTarget Viewer ( loggingtarget-viewer)
|
Zonal
loggingtargets.logging.gdc.goog.get
loggingtargets.logging.gdc.goog.list loggingtargets.logging.gdc.goog.watch |
|
Managed DNS Project Admin ( managed-dns-project-admin)
|
Global
manageddnszones.networking.global.gdc.goog.*
resourcerecordsets.networking.global.gdc.goog.* |
|
Managed DNS Project Viewer ( managed-dns-project-viewer)
|
Global
manageddnszones.networking.global.gdc.goog.get
manageddnszones.networking.global.gdc.goog.list resourcerecordsets.networking.global.gdc.goog.get resourcerecordsets.networking.global.gdc.goog.list |
|
Marketplace Catalog Editor ( marketplace-catalog-editor)
Views, lists, creates, updates and deletes service catalogs. |
Zonal
servicecatalogs.marketplace.global.gdc.goog.create
servicecatalogs.marketplace.global.gdc.goog.delete servicecatalogs.marketplace.global.gdc.goog.get servicecatalogs.marketplace.global.gdc.goog.list servicecatalogs.marketplace.global.gdc.goog.patch servicecatalogs.marketplace.global.gdc.goog.update servicecatalogs.marketplace.global.gdc.goog.watch |
|
Marketplace Editor ( marketplace-editor)
Creates, updates and deletes service instances. |
Zonal
serviceinstances.marketplace.gdc.goog.create
serviceinstances.marketplace.gdc.goog.delete serviceinstances.marketplace.gdc.goog.get serviceinstances.marketplace.gdc.goog.list serviceinstances.marketplace.gdc.goog.patch serviceinstances.marketplace.gdc.goog.update serviceinstances.marketplace.gdc.goog.watch |
|
Marketplace Service Consumer ( marketplace-service-consumer)
Creates, updates and deletes service instances. |
Zonal
serviceinstances.marketplace.gdc.goog.create
serviceinstances.marketplace.gdc.goog.delete serviceinstances.marketplace.gdc.goog.get serviceinstances.marketplace.gdc.goog.list serviceinstances.marketplace.gdc.goog.patch serviceinstances.marketplace.gdc.goog.update serviceinstances.marketplace.gdc.goog.watch |
|
Marketplace Service Editor ( marketplace-service-editor)
Views, lists, creates, updates and deletes service versions and service descriptions. |
Zonal
servicedescriptions.marketplace.gdc.goog.create
servicedescriptions.marketplace.gdc.goog.delete servicedescriptions.marketplace.gdc.goog.get servicedescriptions.marketplace.gdc.goog.list servicedescriptions.marketplace.gdc.goog.patch servicedescriptions.marketplace.gdc.goog.update servicedescriptions.marketplace.gdc.goog.watch serviceversions.marketplace.gdc.goog.create serviceversions.marketplace.gdc.goog.delete serviceversions.marketplace.gdc.goog.get serviceversions.marketplace.gdc.goog.list serviceversions.marketplace.gdc.goog.patch serviceversions.marketplace.gdc.goog.update serviceversions.marketplace.gdc.goog.watch |
|
Marketplace Service Viewer ( marketplace-service-viewer)
Views and lists service versions, service descriptions, service catalogs and catalogbundles. |
Zonal
catalogbundle.marketplaceview.gdc.goog.get
catalogbundle.marketplaceview.gdc.goog.list catalogbundle.marketplaceview.gdc.goog.watch servicecatalog.marketplace.global.gdc.goog.get servicecatalog.marketplace.global.gdc.goog.list servicecatalog.marketplace.global.gdc.goog.watch servicedescription.marketplace.gdc.goog.get servicedescription.marketplace.gdc.goog.list servicedescription.marketplace.gdc.goog.watch serviceversion.marketplace.gdc.goog.get serviceversion.marketplace.gdc.goog.list serviceversion.marketplace.gdc.goog.watch |
|
MonitoringRule Editor ( monitoringrule-editor)
|
Zonal
monitoringrules.monitoring.gdc.goog.delete
monitoringrules.monitoring.gdc.goog.get monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.patch monitoringrules.monitoring.gdc.goog.update monitoringrules.monitoring.gdc.goog.watch |
|
MonitoringRule Viewer ( monitoringrule-viewer)
|
Zonal
monitoringrules.monitoring.gdc.goog.get
monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.watch |
|
MonitoringTarget Editor ( monitoringtarget-editor)
|
Zonal
monitoringtargets.monitoring.gdc.goog.delete
monitoringtargets.monitoring.gdc.goog.get monitoringtargets.monitoring.gdc.goog.list monitoringtargets.monitoring.gdc.goog.patch monitoringtargets.monitoring.gdc.goog.update monitoringtargets.monitoring.gdc.goog.watch |
|
MonitoringTarget Viewer ( monitoringtarget-viewer)
|
Zonal
monitoringtargets.monitoring.gdc.goog.get
monitoringtargets.monitoring.gdc.goog.list monitoringtargets.monitoring.gdc.goog.watch |
|
NAT Viewer ( nat-viewer)
|
Kubernetes cluster
deployments.apps.get
deployments.apps.list |
|
Namespace Admin ( namespace-admin)
Manages all resources within the project |
Kubernetes cluster
*.*.*
|
|
ObservabilityPipeline Editor ( observabilitypipeline-editor)
|
Zonal
observabilitypipelines.observability.gdc.goog.delete
observabilitypipelines.observability.gdc.goog.get observabilitypipelines.observability.gdc.goog.list observabilitypipelines.observability.gdc.goog.patch observabilitypipelines.observability.gdc.goog.update observabilitypipelines.observability.gdc.goog.watch |
|
ObservabilityPipeline Viewer ( observabilitypipeline-viewer)
|
Zonal
observabilitypipelines.observability.gdc.goog.get
observabilitypipelines.observability.gdc.goog.list observabilitypipelines.observability.gdc.goog.watch |
|
Project Bucket Admin ( project-bucket-admin)
|
Global
bucketlocations.object.global.gdc.goog.get
bucketlocations.object.global.gdc.goog.list buckets.object.global.gdc.goog.* Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list bucketinfos.object.gdc.goog.patch bucketinfos.object.gdc.goog.update bucketinfos.object.gdc.goog.watch buckets.object.gdc.goog.* |
|
Project Bucket Object Admin ( project-bucket-object-admin)
|
Global
buckets.object.global.gdc.goog.get
buckets.object.global.gdc.goog.list buckets.object.global.gdc.goog.read-object buckets.object.global.gdc.goog.watch buckets.object.global.gdc.goog.write-object Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object |
|
Project Bucket Object Viewer ( project-bucket-object-viewer)
|
Global
buckets.object.global.gdc.goog.get
buckets.object.global.gdc.goog.list buckets.object.global.gdc.goog.read-object buckets.object.global.gdc.goog.watch Zonal
bucketinfos.object.gdc.goog.get
bucketinfos.object.gdc.goog.list buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.read-object buckets.object.gdc.goog.watch |
|
Project Cortex Alertmanager Editor ( project-cortex-alertmanager-editor)
|
Zonal
${.ProjectNamespace}-cortex-system/cortex-alertmanager.istio.resourcemanager.gdc.goog.*
loggingrules.logging.gdc.goog.create loggingrules.logging.gdc.goog.delete loggingrules.logging.gdc.goog.get loggingrules.logging.gdc.goog.list loggingrules.logging.gdc.goog.patch loggingrules.logging.gdc.goog.update loggingrules.monitoring.gdc.goog.create loggingrules.monitoring.gdc.goog.delete loggingrules.monitoring.gdc.goog.get loggingrules.monitoring.gdc.goog.list loggingrules.monitoring.gdc.goog.patch loggingrules.monitoring.gdc.goog.update monitoringrules.monitoring.gdc.goog.create monitoringrules.monitoring.gdc.goog.delete monitoringrules.monitoring.gdc.goog.get monitoringrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.patch monitoringrules.monitoring.gdc.goog.update |
|
Project Cortex Alertmanager Viewer ( project-cortex-alertmanager-viewer)
|
Zonal
${.ProjectNamespace}-cortex-system/cortex-alertmanager.istio.resourcemanager.gdc.goog.*
loggingrules.logging.gdc.goog.get loggingrules.logging.gdc.goog.list loggingrules.monitoring.gdc.goog.get loggingrules.monitoring.gdc.goog.list monitoringrules.monitoring.gdc.goog.get monitoringrules.monitoring.gdc.goog.list |
|
Project Cortex Prometheus Viewer ( project-cortex-prometheus-viewer)
|
Zonal
${.ProjectNamespace}-cortex-system/cortex-metrics.istio.resourcemanager.gdc.goog.*
${.ProjectNamespace}-cortex-system/cortex-prometheus.istio.resourcemanager.gdc.goog.* |
|
Project DB Admin ( project-db-admin)
|
Global
backupplans.alloydbomni.dbadmin.gdc.goog.create
backupplans.alloydbomni.dbadmin.gdc.goog.delete backupplans.alloydbomni.dbadmin.gdc.goog.get backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.patch backupplans.alloydbomni.dbadmin.gdc.goog.update backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.create backupplans.oracle.dbadmin.gdc.goog.delete backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.patch backupplans.oracle.dbadmin.gdc.goog.update backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.create backupplans.postgresql.dbadmin.gdc.goog.delete backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.patch backupplans.postgresql.dbadmin.gdc.goog.update backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch configmaps.get dbclusters.alloydbomni.dbadmin.gdc.goog.create dbclusters.alloydbomni.dbadmin.gdc.goog.delete dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.patch dbclusters.alloydbomni.dbadmin.gdc.goog.update dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.create dbclusters.oracle.dbadmin.gdc.goog.delete dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.patch dbclusters.oracle.dbadmin.gdc.goog.update dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.create dbclusters.postgresql.dbadmin.gdc.goog.delete dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.patch dbclusters.postgresql.dbadmin.gdc.goog.update dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.create exports.alloydbomni.dbadmin.gdc.goog.delete exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.create exports.oracle.dbadmin.gdc.goog.delete exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.create exports.postgresql.dbadmin.gdc.goog.delete exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.create externalservers.alloydbomni.dbadmin.gdc.goog.delete externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.patch externalservers.alloydbomni.dbadmin.gdc.goog.update externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.create externalservers.postgresql.dbadmin.gdc.goog.delete externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.patch externalservers.postgresql.dbadmin.gdc.goog.update externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.create failovers.fleet.dbadmin.gdc.goog.delete failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.create imports.alloydbomni.dbadmin.gdc.goog.delete imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.create imports.oracle.dbadmin.gdc.goog.delete imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.create imports.postgresql.dbadmin.gdc.goog.delete imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.create migrations.alloydbomni.dbadmin.gdc.goog.delete migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.patch migrations.alloydbomni.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.create migrations.postgresql.dbadmin.gdc.goog.delete migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.patch migrations.postgresql.dbadmin.gdc.goog.update migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.create replications.postgresql.dbadmin.gdc.goog.delete replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.patch replications.postgresql.dbadmin.gdc.goog.update replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.create restores.alloydbomni.dbadmin.gdc.goog.delete restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.create restores.oracle.dbadmin.gdc.goog.delete restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.create restores.postgresql.dbadmin.gdc.goog.delete restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch secrets.create secrets.delete secrets.get secrets.update Zonal
backupplans.alloydbomni.dbadmin.gdc.goog.create
backupplans.alloydbomni.dbadmin.gdc.goog.delete backupplans.alloydbomni.dbadmin.gdc.goog.get backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.patch backupplans.alloydbomni.dbadmin.gdc.goog.update backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.create backupplans.oracle.dbadmin.gdc.goog.delete backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.patch backupplans.oracle.dbadmin.gdc.goog.update backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.create backupplans.postgresql.dbadmin.gdc.goog.delete backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.patch backupplans.postgresql.dbadmin.gdc.goog.update backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch configmaps.get dbclusters.alloydbomni.dbadmin.gdc.goog.create dbclusters.alloydbomni.dbadmin.gdc.goog.delete dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.patch dbclusters.alloydbomni.dbadmin.gdc.goog.update dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.create dbclusters.oracle.dbadmin.gdc.goog.delete dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.patch dbclusters.oracle.dbadmin.gdc.goog.update dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.create dbclusters.postgresql.dbadmin.gdc.goog.delete dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.patch dbclusters.postgresql.dbadmin.gdc.goog.update dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.create exports.alloydbomni.dbadmin.gdc.goog.delete exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.create exports.oracle.dbadmin.gdc.goog.delete exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.create exports.postgresql.dbadmin.gdc.goog.delete exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.create externalservers.alloydbomni.dbadmin.gdc.goog.delete externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.patch externalservers.alloydbomni.dbadmin.gdc.goog.update externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.create externalservers.postgresql.dbadmin.gdc.goog.delete externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.patch externalservers.postgresql.dbadmin.gdc.goog.update externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.create failovers.fleet.dbadmin.gdc.goog.delete failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.create imports.alloydbomni.dbadmin.gdc.goog.delete imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.create imports.oracle.dbadmin.gdc.goog.delete imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.create imports.postgresql.dbadmin.gdc.goog.delete imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.create migrations.alloydbomni.dbadmin.gdc.goog.delete migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.patch migrations.alloydbomni.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.create migrations.postgresql.dbadmin.gdc.goog.delete migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.patch migrations.postgresql.dbadmin.gdc.goog.update migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.create replications.postgresql.dbadmin.gdc.goog.delete replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.patch replications.postgresql.dbadmin.gdc.goog.update replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.create restores.alloydbomni.dbadmin.gdc.goog.delete restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.create restores.oracle.dbadmin.gdc.goog.delete restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.create restores.postgresql.dbadmin.gdc.goog.delete restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch secrets.create secrets.delete secrets.get secrets.update |
|
Project DB Editor ( project-db-editor)
|
Global
backupplans.alloydbomni.dbadmin.gdc.goog.get
backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.patch dbclusters.alloydbomni.dbadmin.gdc.goog.update dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.patch dbclusters.oracle.dbadmin.gdc.goog.update dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.patch dbclusters.postgresql.dbadmin.gdc.goog.update dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.create exports.alloydbomni.dbadmin.gdc.goog.delete exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.create exports.oracle.dbadmin.gdc.goog.delete exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.create exports.postgresql.dbadmin.gdc.goog.delete exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.create externalservers.alloydbomni.dbadmin.gdc.goog.delete externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.patch externalservers.alloydbomni.dbadmin.gdc.goog.update externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.create externalservers.postgresql.dbadmin.gdc.goog.delete externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.patch externalservers.postgresql.dbadmin.gdc.goog.update externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.create failovers.fleet.dbadmin.gdc.goog.delete failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.create imports.alloydbomni.dbadmin.gdc.goog.delete imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.create imports.oracle.dbadmin.gdc.goog.delete imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.create imports.postgresql.dbadmin.gdc.goog.delete imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.patch migrations.alloydbomni.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.patch migrations.postgresql.dbadmin.gdc.goog.update migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.patch replications.postgresql.dbadmin.gdc.goog.update replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch secrets.create secrets.delete secrets.update Zonal
backupplans.alloydbomni.dbadmin.gdc.goog.get
backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.patch dbclusters.alloydbomni.dbadmin.gdc.goog.update dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.patch dbclusters.oracle.dbadmin.gdc.goog.update dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.patch dbclusters.postgresql.dbadmin.gdc.goog.update dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.create exports.alloydbomni.dbadmin.gdc.goog.delete exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.create exports.oracle.dbadmin.gdc.goog.delete exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.create exports.postgresql.dbadmin.gdc.goog.delete exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.create externalservers.alloydbomni.dbadmin.gdc.goog.delete externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.patch externalservers.alloydbomni.dbadmin.gdc.goog.update externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.create externalservers.postgresql.dbadmin.gdc.goog.delete externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.patch externalservers.postgresql.dbadmin.gdc.goog.update externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.create failovers.fleet.dbadmin.gdc.goog.delete failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.create imports.alloydbomni.dbadmin.gdc.goog.delete imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.create imports.oracle.dbadmin.gdc.goog.delete imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.create imports.postgresql.dbadmin.gdc.goog.delete imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.patch migrations.alloydbomni.dbadmin.gdc.goog.update migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.patch migrations.postgresql.dbadmin.gdc.goog.update migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.patch replications.postgresql.dbadmin.gdc.goog.update replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch secrets.create secrets.delete secrets.update |
|
Project DB Viewer ( project-db-viewer)
|
Global
backupplans.alloydbomni.dbadmin.gdc.goog.get
backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch Zonal
backupplans.alloydbomni.dbadmin.gdc.goog.get
backupplans.alloydbomni.dbadmin.gdc.goog.list backupplans.alloydbomni.dbadmin.gdc.goog.watch backupplans.oracle.dbadmin.gdc.goog.get backupplans.oracle.dbadmin.gdc.goog.list backupplans.oracle.dbadmin.gdc.goog.watch backupplans.postgresql.dbadmin.gdc.goog.get backupplans.postgresql.dbadmin.gdc.goog.list backupplans.postgresql.dbadmin.gdc.goog.watch backups.alloydbomni.dbadmin.gdc.goog.get backups.alloydbomni.dbadmin.gdc.goog.list backups.alloydbomni.dbadmin.gdc.goog.watch backups.oracle.dbadmin.gdc.goog.get backups.oracle.dbadmin.gdc.goog.list backups.oracle.dbadmin.gdc.goog.watch backups.postgresql.dbadmin.gdc.goog.get backups.postgresql.dbadmin.gdc.goog.list backups.postgresql.dbadmin.gdc.goog.watch dbclusters.alloydbomni.dbadmin.gdc.goog.get dbclusters.alloydbomni.dbadmin.gdc.goog.list dbclusters.alloydbomni.dbadmin.gdc.goog.watch dbclusters.oracle.dbadmin.gdc.goog.get dbclusters.oracle.dbadmin.gdc.goog.list dbclusters.oracle.dbadmin.gdc.goog.watch dbclusters.postgresql.dbadmin.gdc.goog.get dbclusters.postgresql.dbadmin.gdc.goog.list dbclusters.postgresql.dbadmin.gdc.goog.watch exports.alloydbomni.dbadmin.gdc.goog.get exports.alloydbomni.dbadmin.gdc.goog.list exports.alloydbomni.dbadmin.gdc.goog.watch exports.oracle.dbadmin.gdc.goog.get exports.oracle.dbadmin.gdc.goog.list exports.oracle.dbadmin.gdc.goog.watch exports.postgresql.dbadmin.gdc.goog.get exports.postgresql.dbadmin.gdc.goog.list exports.postgresql.dbadmin.gdc.goog.watch externalservers.alloydbomni.dbadmin.gdc.goog.get externalservers.alloydbomni.dbadmin.gdc.goog.list externalservers.alloydbomni.dbadmin.gdc.goog.watch externalservers.postgresql.dbadmin.gdc.goog.get externalservers.postgresql.dbadmin.gdc.goog.list externalservers.postgresql.dbadmin.gdc.goog.watch failovers.fleet.dbadmin.gdc.goog.get failovers.fleet.dbadmin.gdc.goog.list failovers.fleet.dbadmin.gdc.goog.watch imports.alloydbomni.dbadmin.gdc.goog.get imports.alloydbomni.dbadmin.gdc.goog.list imports.alloydbomni.dbadmin.gdc.goog.watch imports.oracle.dbadmin.gdc.goog.get imports.oracle.dbadmin.gdc.goog.list imports.oracle.dbadmin.gdc.goog.watch imports.postgresql.dbadmin.gdc.goog.get imports.postgresql.dbadmin.gdc.goog.list imports.postgresql.dbadmin.gdc.goog.watch migrations.alloydbomni.dbadmin.gdc.goog.get migrations.alloydbomni.dbadmin.gdc.goog.list migrations.alloydbomni.dbadmin.gdc.goog.watch migrations.postgresql.dbadmin.gdc.goog.get migrations.postgresql.dbadmin.gdc.goog.list migrations.postgresql.dbadmin.gdc.goog.watch replications.postgresql.dbadmin.gdc.goog.get replications.postgresql.dbadmin.gdc.goog.list replications.postgresql.dbadmin.gdc.goog.watch restores.alloydbomni.dbadmin.gdc.goog.get restores.alloydbomni.dbadmin.gdc.goog.list restores.alloydbomni.dbadmin.gdc.goog.watch restores.oracle.dbadmin.gdc.goog.get restores.oracle.dbadmin.gdc.goog.list restores.oracle.dbadmin.gdc.goog.watch restores.postgresql.dbadmin.gdc.goog.get restores.postgresql.dbadmin.gdc.goog.list restores.postgresql.dbadmin.gdc.goog.watch |
|
Project FileShare Admin ( project-fileshare-admin)
|
Zonal
exportgroupbindings.file.gdc.goog.create
exportgroupbindings.file.gdc.goog.delete exportgroupbindings.file.gdc.goog.get exportgroupbindings.file.gdc.goog.list exportgroupbindings.file.gdc.goog.patch exportgroupbindings.file.gdc.goog.update exportgroupbindings.file.gdc.goog.watch exportgroups.file.gdc.goog.create exportgroups.file.gdc.goog.delete exportgroups.file.gdc.goog.get exportgroups.file.gdc.goog.list exportgroups.file.gdc.goog.patch exportgroups.file.gdc.goog.update exportgroups.file.gdc.goog.watch fileshares.file.gdc.goog.create fileshares.file.gdc.goog.delete fileshares.file.gdc.goog.get fileshares.file.gdc.goog.list fileshares.file.gdc.goog.patch fileshares.file.gdc.goog.update fileshares.file.gdc.goog.watch |
|
Project Grafana Viewer ( project-grafana-viewer)
|
Zonal
${.ProjectNamespace}-grafana-system/grafana.istio.resourcemanager.gdc.goog.*
|
|
Project IAM Admin ( project-iam-admin)
Manages permissions for projects |
Global
customroles.iam.global.gdc.goog.create
customroles.iam.global.gdc.goog.delete customroles.iam.global.gdc.goog.get customroles.iam.global.gdc.goog.list customroles.iam.global.gdc.goog.patch customroles.iam.global.gdc.goog.update customroles.iam.global.gdc.goog.watch iamrolebindings.iam.global.gdc.goog.create iamrolebindings.iam.global.gdc.goog.delete iamrolebindings.iam.global.gdc.goog.get iamrolebindings.iam.global.gdc.goog.list iamrolebindings.iam.global.gdc.goog.patch iamrolebindings.iam.global.gdc.goog.update iamrolebindings.iam.global.gdc.goog.watch iamroles.iam.global.gdc.goog.create iamroles.iam.global.gdc.goog.delete iamroles.iam.global.gdc.goog.get iamroles.iam.global.gdc.goog.list iamroles.iam.global.gdc.goog.patch iamroles.iam.global.gdc.goog.update iamroles.iam.global.gdc.goog.watch projectserviceaccounts.resourcemanager.global.gdc.goog.create projectserviceaccounts.resourcemanager.global.gdc.goog.delete projectserviceaccounts.resourcemanager.global.gdc.goog.get projectserviceaccounts.resourcemanager.global.gdc.goog.list projectserviceaccounts.resourcemanager.global.gdc.goog.patch projectserviceaccounts.resourcemanager.global.gdc.goog.update rolebindings.rbac.authorization.k8s.io.create rolebindings.rbac.authorization.k8s.io.delete rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.patch rolebindings.rbac.authorization.k8s.io.update rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.create roles.rbac.authorization.k8s.io.delete roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.patch roles.rbac.authorization.k8s.io.update roles.rbac.authorization.k8s.io.watch Zonal
*.visibility.resourcemanager.gdc.goog.get
customroles.iam.gdc.goog.create customroles.iam.gdc.goog.delete customroles.iam.gdc.goog.get customroles.iam.gdc.goog.list customroles.iam.gdc.goog.patch customroles.iam.gdc.goog.update customroles.iam.gdc.goog.watch projectrolebindings.resourcemanager.gdc.goog.create projectrolebindings.resourcemanager.gdc.goog.delete projectrolebindings.resourcemanager.gdc.goog.get projectrolebindings.resourcemanager.gdc.goog.list projectrolebindings.resourcemanager.gdc.goog.patch projectrolebindings.resourcemanager.gdc.goog.update projectrolebindings.resourcemanager.gdc.goog.watch projectroles.resourcemanager.gdc.goog.create projectroles.resourcemanager.gdc.goog.delete projectroles.resourcemanager.gdc.goog.get projectroles.resourcemanager.gdc.goog.list projectroles.resourcemanager.gdc.goog.patch projectroles.resourcemanager.gdc.goog.update projectroles.resourcemanager.gdc.goog.watch projectserviceaccounts.resourcemanager.gdc.goog.create projectserviceaccounts.resourcemanager.gdc.goog.delete projectserviceaccounts.resourcemanager.gdc.goog.get projectserviceaccounts.resourcemanager.gdc.goog.list projectserviceaccounts.resourcemanager.gdc.goog.patch projectserviceaccounts.resourcemanager.gdc.goog.update projectserviceaccounts.resourcemanager.gdc.goog.watch rolebindings.rbac.authorization.k8s.io.create rolebindings.rbac.authorization.k8s.io.delete rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.patch rolebindings.rbac.authorization.k8s.io.update rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.create roles.rbac.authorization.k8s.io.delete roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.patch roles.rbac.authorization.k8s.io.update roles.rbac.authorization.k8s.io.watch standardclusterrolebindings.iam.gdc.goog.create standardclusterrolebindings.iam.gdc.goog.delete standardclusterrolebindings.iam.gdc.goog.get standardclusterrolebindings.iam.gdc.goog.list standardclusterrolebindings.iam.gdc.goog.patch standardclusterrolebindings.iam.gdc.goog.update standardclusterrolebindings.iam.gdc.goog.watch standardclusterroles.iam.gdc.goog.create standardclusterroles.iam.gdc.goog.delete standardclusterroles.iam.gdc.goog.get standardclusterroles.iam.gdc.goog.list standardclusterroles.iam.gdc.goog.patch standardclusterroles.iam.gdc.goog.update standardclusterroles.iam.gdc.goog.watch |
|
Project Maintenance Policy Admin ( project-mp-admin)
|
Zonal
maintenancepolicies.maintenance.goog.create
maintenancepolicies.maintenance.goog.delete maintenancepolicies.maintenance.goog.get maintenancepolicies.maintenance.goog.list maintenancepolicies.maintenance.goog.patch maintenancepolicies.maintenance.goog.update maintenancepolicies.maintenance.goog.watch maintenancepolicybindings.maintenance.goog.create maintenancepolicybindings.maintenance.goog.delete maintenancepolicybindings.maintenance.goog.get maintenancepolicybindings.maintenance.goog.list maintenancepolicybindings.maintenance.goog.patch maintenancepolicybindings.maintenance.goog.update maintenancepolicybindings.maintenance.goog.watch |
|
Project Maintenance Policy Binding Editor ( project-mpb-editor)
|
Zonal
maintenancepolicybindings.maintenance.goog.create
maintenancepolicybindings.maintenance.goog.delete maintenancepolicybindings.maintenance.goog.get maintenancepolicybindings.maintenance.goog.list maintenancepolicybindings.maintenance.goog.patch maintenancepolicybindings.maintenance.goog.update maintenancepolicybindings.maintenance.goog.watch |
|
Project Maintenance Policy Binding Viewer ( project-mpb-viewer)
|
Zonal
maintenancepolicybindings.maintenance.goog.get
maintenancepolicybindings.maintenance.goog.list maintenancepolicybindings.maintenance.goog.watch |
|
Project Maintenance Policy Editor ( project-mp-editor)
|
Zonal
maintenancepolicies.maintenance.goog.create
maintenancepolicies.maintenance.goog.delete maintenancepolicies.maintenance.goog.get maintenancepolicies.maintenance.goog.list maintenancepolicies.maintenance.goog.patch maintenancepolicies.maintenance.goog.update maintenancepolicies.maintenance.goog.watch |
|
Project Maintenance Policy Viewer ( project-mp-viewer)
|
Zonal
maintenancepolicies.maintenance.goog.get
maintenancepolicies.maintenance.goog.list maintenancepolicies.maintenance.goog.watch |
|
Project Network Policy Admin ( project-networkpolicy-admin)
|
Global
projectnetworkpolicies.networking.global.gdc.goog.create
projectnetworkpolicies.networking.global.gdc.goog.delete projectnetworkpolicies.networking.global.gdc.goog.get projectnetworkpolicies.networking.global.gdc.goog.list projectnetworkpolicies.networking.global.gdc.goog.patch projectnetworkpolicies.networking.global.gdc.goog.update projectnetworkpolicies.networking.global.gdc.goog.watch projectnetworkpolicyreplicas.networking.global.gdc.goog.create projectnetworkpolicyreplicas.networking.global.gdc.goog.delete projectnetworkpolicyreplicas.networking.global.gdc.goog.get projectnetworkpolicyreplicas.networking.global.gdc.goog.list projectnetworkpolicyreplicas.networking.global.gdc.goog.patch projectnetworkpolicyreplicas.networking.global.gdc.goog.update projectnetworkpolicyreplicas.networking.global.gdc.goog.watch Zonal
projectnetworkpolicies.networking.gdc.goog.create
projectnetworkpolicies.networking.gdc.goog.delete projectnetworkpolicies.networking.gdc.goog.get projectnetworkpolicies.networking.gdc.goog.list projectnetworkpolicies.networking.gdc.goog.patch projectnetworkpolicies.networking.gdc.goog.update projectnetworkpolicies.networking.gdc.goog.watch |
|
Project Quota Administrator ( zonal-project-quota-admin)
Manages Zonal Project Level Quota Resources of An Organization |
Zonal
quotavaluereplicas.quotamanagement.global.gdc.goog.create
quotavaluereplicas.quotamanagement.global.gdc.goog.delete quotavaluereplicas.quotamanagement.global.gdc.goog.get quotavaluereplicas.quotamanagement.global.gdc.goog.list quotavaluereplicas.quotamanagement.global.gdc.goog.patch quotavaluereplicas.quotamanagement.global.gdc.goog.update quotavaluereplicas.quotamanagement.global.gdc.goog.watch |
|
Project Quota Administrator ( project-quota-admin)
Manages Global Project Level Quota Resources for an Organization |
Global
quotavalues.quotamanagement.global.gdc.goog.create
quotavalues.quotamanagement.global.gdc.goog.delete quotavalues.quotamanagement.global.gdc.goog.get quotavalues.quotamanagement.global.gdc.goog.list quotavalues.quotamanagement.global.gdc.goog.patch quotavalues.quotamanagement.global.gdc.goog.update quotavalues.quotamanagement.global.gdc.goog.watch |
|
Project Viewer ( project-viewer)
|
Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list clusterinfos.resourcemanager.private.gdc.goog.watch customresourcedefinitions.apiextensions.k8s.io.get customresourcedefinitions.apiextensions.k8s.io.list customresourcedefinitions.apiextensions.k8s.io.watch projectrolebindings.resourcemanager.gdc.goog.get projectrolebindings.resourcemanager.gdc.goog.list projectrolebindings.resourcemanager.gdc.goog.watch projectroles.resourcemanager.gdc.goog.get projectroles.resourcemanager.gdc.goog.list projectroles.resourcemanager.gdc.goog.watch rolebindings.rbac.authorization.k8s.io.get rolebindings.rbac.authorization.k8s.io.list rolebindings.rbac.authorization.k8s.io.watch roles.rbac.authorization.k8s.io.get roles.rbac.authorization.k8s.io.list roles.rbac.authorization.k8s.io.watch |
|
Project VirtualMachine Admin ( project-vm-admin)
Manages VMs in project namespace. |
Global
virtualmachineimages.virtualmachine.global.gdc.goog.get
virtualmachineimages.virtualmachine.global.gdc.goog.list virtualmachineimages.virtualmachine.global.gdc.goog.watch volumereplicationrelationships.storage.global.gdc.goog.create volumereplicationrelationships.storage.global.gdc.goog.delete volumereplicationrelationships.storage.global.gdc.goog.get volumereplicationrelationships.storage.global.gdc.goog.list volumereplicationrelationships.storage.global.gdc.goog.patch volumereplicationrelationships.storage.global.gdc.goog.update volumereplicationrelationships.storage.global.gdc.goog.watch Zonal
virtualmachineaccessrequests.virtualmachine.gdc.goog.create
virtualmachineaccessrequests.virtualmachine.gdc.goog.delete virtualmachineaccessrequests.virtualmachine.gdc.goog.get virtualmachineaccessrequests.virtualmachine.gdc.goog.list virtualmachineaccessrequests.virtualmachine.gdc.goog.patch virtualmachineaccessrequests.virtualmachine.gdc.goog.update virtualmachineaccessrequests.virtualmachine.gdc.goog.watch virtualmachinebackupplans.virtualmachine.gdc.goog.delete virtualmachinebackupplans.virtualmachine.gdc.goog.get virtualmachinebackupplans.virtualmachine.gdc.goog.list virtualmachinebackupplans.virtualmachine.gdc.goog.watch virtualmachinebackupplantemplates.virtualmachine.gdc.goog.create virtualmachinebackupplantemplates.virtualmachine.gdc.goog.delete virtualmachinebackupplantemplates.virtualmachine.gdc.goog.get virtualmachinebackupplantemplates.virtualmachine.gdc.goog.list virtualmachinebackupplantemplates.virtualmachine.gdc.goog.patch virtualmachinebackupplantemplates.virtualmachine.gdc.goog.update virtualmachinebackupplantemplates.virtualmachine.gdc.goog.watch virtualmachinebackuprequests.virtualmachine.gdc.goog.create virtualmachinebackuprequests.virtualmachine.gdc.goog.delete virtualmachinebackuprequests.virtualmachine.gdc.goog.get virtualmachinebackuprequests.virtualmachine.gdc.goog.list virtualmachinebackuprequests.virtualmachine.gdc.goog.watch virtualmachinebackups.virtualmachine.gdc.goog.get virtualmachinebackups.virtualmachine.gdc.goog.list virtualmachinebackups.virtualmachine.gdc.goog.watch virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.create virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.delete virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.get virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.list virtualmachinedeletebackuprequests.virtualmachine.gdc.goog.watch virtualmachinedisks.virtualmachine.gdc.goog.create virtualmachinedisks.virtualmachine.gdc.goog.delete virtualmachinedisks.virtualmachine.gdc.goog.get virtualmachinedisks.virtualmachine.gdc.goog.list virtualmachinedisks.virtualmachine.gdc.goog.patch virtualmachinedisks.virtualmachine.gdc.goog.update virtualmachinedisks.virtualmachine.gdc.goog.watch virtualmachineexternalaccesses.virtualmachine.gdc.goog.create virtualmachineexternalaccesses.virtualmachine.gdc.goog.delete virtualmachineexternalaccesses.virtualmachine.gdc.goog.get virtualmachineexternalaccesses.virtualmachine.gdc.goog.list virtualmachineexternalaccesses.virtualmachine.gdc.goog.patch virtualmachineexternalaccesses.virtualmachine.gdc.goog.update virtualmachineexternalaccesses.virtualmachine.gdc.goog.watch virtualmachineimages.virtualmachine.gdc.goog.get virtualmachineimages.virtualmachine.gdc.goog.list virtualmachineimages.virtualmachine.gdc.goog.watch virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.create virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.delete virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.get virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.list virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.patch virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.update virtualmachinepasswordresetrequests.virtualmachine.gdc.goog.watch virtualmachinerestorerequests.virtualmachine.gdc.goog.create virtualmachinerestorerequests.virtualmachine.gdc.goog.delete virtualmachinerestorerequests.virtualmachine.gdc.goog.get virtualmachinerestorerequests.virtualmachine.gdc.goog.list virtualmachinerestorerequests.virtualmachine.gdc.goog.watch virtualmachinerestores.virtualmachine.gdc.goog.delete virtualmachinerestores.virtualmachine.gdc.goog.get virtualmachinerestores.virtualmachine.gdc.goog.list virtualmachinerestores.virtualmachine.gdc.goog.watch virtualmachines.virtualmachine.gdc.goog.console virtualmachines.virtualmachine.gdc.goog.create virtualmachines.virtualmachine.gdc.goog.delete virtualmachines.virtualmachine.gdc.goog.get virtualmachines.virtualmachine.gdc.goog.getmetadata virtualmachines.virtualmachine.gdc.goog.list virtualmachines.virtualmachine.gdc.goog.patch virtualmachines.virtualmachine.gdc.goog.setmetadata virtualmachines.virtualmachine.gdc.goog.update virtualmachines.virtualmachine.gdc.goog.watch virtualmachines/restart.virtualmachineoperations.gdc.goog.update |
|
Project VirtualMachine Image Admin ( project-vm-image-admin)
Manages VM images in project namespace. |
Global
virtualmachineimages.virtualmachine.global.gdc.goog.get
virtualmachineimages.virtualmachine.global.gdc.goog.list virtualmachineimages.virtualmachine.global.gdc.goog.watch Zonal
buckets.object.gdc.goog.create
buckets.object.gdc.goog.delete buckets.object.gdc.goog.get buckets.object.gdc.goog.list buckets.object.gdc.goog.patch buckets.object.gdc.goog.read-object buckets.object.gdc.goog.update buckets.object.gdc.goog.watch buckets.object.gdc.goog.write-object virtualmachineimage.virtualmachineview.gdc.goog.get virtualmachineimage.virtualmachineview.gdc.goog.list virtualmachineimage.virtualmachineview.gdc.goog.watch virtualmachineimageimports.virtualmachine.gdc.goog.create virtualmachineimageimports.virtualmachine.gdc.goog.delete virtualmachineimageimports.virtualmachine.gdc.goog.get virtualmachineimageimports.virtualmachine.gdc.goog.list virtualmachineimageimports.virtualmachine.gdc.goog.patch virtualmachineimageimports.virtualmachine.gdc.goog.update virtualmachineimageimports.virtualmachine.gdc.goog.watch virtualmachineimages.virtualmachine.gdc.goog.get virtualmachineimages.virtualmachine.gdc.goog.list virtualmachineimages.virtualmachine.gdc.goog.watch |
|
SIEM Export Org Creator ( siemexport-org-creator)
|
Zonal
secrets.create
secrets.get secrets.list secrets.watch siemorgforwarders.logging.gdc.goog.create siemorgforwarders.logging.gdc.goog.get siemorgforwarders.logging.gdc.goog.list siemorgforwarders.logging.gdc.goog.watch |
|
SIEM Export Org Editor ( siemexport-org-editor)
|
Zonal
secrets.delete
secrets.get secrets.list secrets.patch secrets.update secrets.watch siemorgforwarders.logging.gdc.goog.delete siemorgforwarders.logging.gdc.goog.get siemorgforwarders.logging.gdc.goog.list siemorgforwarders.logging.gdc.goog.patch siemorgforwarders.logging.gdc.goog.update siemorgforwarders.logging.gdc.goog.watch |
|
SIEM Export Org Viewer ( siemexport-org-viewer)
|
Zonal
secrets.get
secrets.list secrets.watch siemorgforwarders.logging.gdc.goog.get siemorgforwarders.logging.gdc.goog.list siemorgforwarders.logging.gdc.goog.watch |
|
Secret Admin ( secret-admin)
|
Global
secrets.create
secrets.delete secrets.get secrets.list secrets.patch secrets.update Zonal
secrets.create
secrets.delete secrets.get secrets.list secrets.patch secrets.update secrets.watch |
|
Secret Viewer ( secret-viewer)
|
Global
secrets.get
secrets.list secrets.watch Zonal
secrets.get
secrets.list secrets.watch |
|
Standard Cluster Admin ( standard-cluster-admin)
Manages the creation and update for Standard Clusters |
Zonal
*.visibility.resourcemanager.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.get clusterinfos.resourcemanager.private.gdc.goog.list clusterinfos.resourcemanager.private.gdc.goog.watch clusters.cluster.gdc.goog.create clusters.cluster.gdc.goog.delete clusters.cluster.gdc.goog.get clusters.cluster.gdc.goog.list clusters.cluster.gdc.goog.patch clusters.cluster.gdc.goog.update clusters.cluster.gdc.goog.watch projectbindings.resourcemanager.gdc.goog.create projectbindings.resourcemanager.gdc.goog.delete projectbindings.resourcemanager.gdc.goog.get projectbindings.resourcemanager.gdc.goog.list projectbindings.resourcemanager.gdc.goog.watch projects.resourcemanager.gdc.goog.get projects.resourcemanager.gdc.goog.list projects.resourcemanager.gdc.goog.watch userclusterupgraderequests.cluster.gdc.goog.create userclusterupgraderequests.cluster.gdc.goog.delete userclusterupgraderequests.cluster.gdc.goog.get userclusterupgraderequests.cluster.gdc.goog.list userclusterupgraderequests.cluster.gdc.goog.patch userclusterupgraderequests.cluster.gdc.goog.update userclusterupgraderequests.cluster.gdc.goog.watch userclusterupgrades.upgrade.private.gdc.goog.create userclusterupgrades.upgrade.private.gdc.goog.delete userclusterupgrades.upgrade.private.gdc.goog.get userclusterupgrades.upgrade.private.gdc.goog.list userclusterupgrades.upgrade.private.gdc.goog.patch userclusterupgrades.upgrade.private.gdc.goog.update userclusterupgrades.upgrade.private.gdc.goog.watch |
|
Subnet Project Admin ( subnet-project-admin)
|
Global
subnets.ipam.global.gdc.goog.create
subnets.ipam.global.gdc.goog.delete subnets.ipam.global.gdc.goog.get subnets.ipam.global.gdc.goog.list subnets.ipam.global.gdc.goog.patch subnets.ipam.global.gdc.goog.update subnets.ipam.global.gdc.goog.watch Zonal
subnets.ipam.gdc.goog.create
subnets.ipam.gdc.goog.customized-allocate subnets.ipam.gdc.goog.delete subnets.ipam.gdc.goog.get subnets.ipam.gdc.goog.list subnets.ipam.gdc.goog.patch subnets.ipam.gdc.goog.update subnets.ipam.gdc.goog.watch |
|
Subnet Project Operator ( subnet-project-operator)
|
Zonal
subnets.ipam.gdc.goog.create
subnets.ipam.gdc.goog.delete subnets.ipam.gdc.goog.get subnets.ipam.gdc.goog.list subnets.ipam.gdc.goog.patch subnets.ipam.gdc.goog.update subnets.ipam.gdc.goog.watch |
|
Vertex AI Prediction User ( vertex-ai-prediction-user)
Performs predict and explain requests on AI Platform endpoints. |
Zonal
endpoints.aiplatform.googleapis.com.explain
endpoints.aiplatform.googleapis.com.predict |
|
Workbench Notebooks Admin ( workbench-notebooks-admin)
Create, read and delete access to Workbench Notebooks. Read access to ClusterInfos |
Zonal
clusterinfos.resourcemanager.private.gdc.goog.get
clusterinfos.resourcemanager.private.gdc.goog.list notebook/notebook-root.istio.resourcemanager.gdc.goog.* notebooks.aiplatform.gdc.goog.create notebooks.aiplatform.gdc.goog.delete notebooks.aiplatform.gdc.goog.deletecollection notebooks.aiplatform.gdc.goog.get notebooks.aiplatform.gdc.goog.list notebooks.aiplatform.gdc.goog.patch notebooks.aiplatform.gdc.goog.update notebooks.aiplatform.gdc.goog.watch notebooks/status.aiplatform.gdc.goog.get notebooks/status.aiplatform.gdc.goog.list |
|
Workbench Notebooks Viewer ( workbench-notebooks-viewer)
Read access to Workbench Notebooks |
Zonal
notebook/notebook-root.istio.resourcemanager.gdc.goog.*
notebooks.aiplatform.gdc.goog.get notebooks.aiplatform.gdc.goog.list notebooks/status.aiplatform.gdc.goog.get notebooks/status.aiplatform.gdc.goog.list |
|
Workload Viewer ( workload-viewer)
|
Kubernetes cluster
deployments.apps.get
deployments.apps.list deployments.apps.watch pods.get pods.list pods.watch |