Access Context Manager roles and permissions

This page lists the IAM roles and permissions for Access Context Manager. To search through all roles and permissions, see the role and permission index.

Access Context Manager roles

Role Permissions

Role	Permissions
Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Admin role for accesscontextmanager	`accesscontextmanager.*` `accesscontextmanager.accessLevels.create` `accesscontextmanager.accessLevels.delete` `accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.accessLevels.replaceAll` `accesscontextmanager.accessLevels.update` `accesscontextmanager.authorizedOrgsDescs.create` `accesscontextmanager.authorizedOrgsDescs.delete` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.authorizedOrgsDescs.update` `accesscontextmanager.gcpUserAccessBindings.create` `accesscontextmanager.gcpUserAccessBindings.delete` `accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `accesscontextmanager.gcpUserAccessBindings.update` `accesscontextmanager.policies.create` `accesscontextmanager.policies.delete` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.policies.setIamPolicy` `accesscontextmanager.policies.update` `accesscontextmanager.servicePerimeters.commit` `accesscontextmanager.servicePerimeters.create` `accesscontextmanager.servicePerimeters.delete` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `accesscontextmanager.servicePerimeters.replaceAll` `accesscontextmanager.servicePerimeters.update` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Editor role for accesscontextmanager	`accesscontextmanager.accessLevels.` `accesscontextmanager.accessLevels.create` `accesscontextmanager.accessLevels.delete` `accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.accessLevels.replaceAll` `accesscontextmanager.accessLevels.update` `accesscontextmanager.authorizedOrgsDescs.` `accesscontextmanager.authorizedOrgsDescs.create` `accesscontextmanager.authorizedOrgsDescs.delete` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.authorizedOrgsDescs.update` `accesscontextmanager.gcpUserAccessBindings.` `accesscontextmanager.gcpUserAccessBindings.create` `accesscontextmanager.gcpUserAccessBindings.delete` `accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `accesscontextmanager.gcpUserAccessBindings.update` `accesscontextmanager.policies.create` `accesscontextmanager.policies.delete` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.policies.update` `accesscontextmanager.servicePerimeters.` `accesscontextmanager.servicePerimeters.commit` `accesscontextmanager.servicePerimeters.create` `accesscontextmanager.servicePerimeters.delete` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `accesscontextmanager.servicePerimeters.replaceAll` `accesscontextmanager.servicePerimeters.update` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Full access to policies, access levels, access zones and authorized orgs descs.	`accesscontextmanager.accessLevels.` `accesscontextmanager.accessLevels.create` `accesscontextmanager.accessLevels.delete` `accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.accessLevels.replaceAll` `accesscontextmanager.accessLevels.update` `accesscontextmanager.authorizedOrgsDescs.` `accesscontextmanager.authorizedOrgsDescs.create` `accesscontextmanager.authorizedOrgsDescs.delete` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.authorizedOrgsDescs.update` `accesscontextmanager.policies.` `accesscontextmanager.policies.create` `accesscontextmanager.policies.delete` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.policies.setIamPolicy` `accesscontextmanager.policies.update` `accesscontextmanager.servicePerimeters.` `accesscontextmanager.servicePerimeters.commit` `accesscontextmanager.servicePerimeters.create` `accesscontextmanager.servicePerimeters.delete` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `accesscontextmanager.servicePerimeters.replaceAll` `accesscontextmanager.servicePerimeters.update` `cloudasset.assets.searchAllResources` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Viewer role for accesscontextmanager	`accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`) Create, edit, and change Cloud access bindings.	`accesscontextmanager.gcpUserAccessBindings.*` `accesscontextmanager.gcpUserAccessBindings.create` `accesscontextmanager.gcpUserAccessBindings.delete` `accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list` `accesscontextmanager.gcpUserAccessBindings.update`
Cloud Access Binding Reader (`roles/accesscontextmanager.gcpAccessReader`) Read access to Cloud access bindings.	`accesscontextmanager.gcpUserAccessBindings.get` `accesscontextmanager.gcpUserAccessBindings.list`
Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.	`accesscontextmanager.accessLevels.` `accesscontextmanager.accessLevels.create` `accesscontextmanager.accessLevels.delete` `accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.accessLevels.replaceAll` `accesscontextmanager.accessLevels.update` `accesscontextmanager.authorizedOrgsDescs.` `accesscontextmanager.authorizedOrgsDescs.create` `accesscontextmanager.authorizedOrgsDescs.delete` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.authorizedOrgsDescs.update` `accesscontextmanager.policies.create` `accesscontextmanager.policies.delete` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.policies.update` `accesscontextmanager.servicePerimeters.*` `accesscontextmanager.servicePerimeters.commit` `accesscontextmanager.servicePerimeters.create` `accesscontextmanager.servicePerimeters.delete` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `accesscontextmanager.servicePerimeters.replaceAll` `accesscontextmanager.servicePerimeters.update` `cloudasset.assets.searchAllResources` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) Read access to policies, access levels, access zones and authorized orgs descs.	`accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`)	`accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.list` `accesscontextmanager.authorizedOrgsDescs.get` `accesscontextmanager.authorizedOrgsDescs.list` `accesscontextmanager.policies.get` `accesscontextmanager.policies.getIamPolicy` `accesscontextmanager.policies.list` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.list` `logging.exclusions.get` `logging.exclusions.list` `logging.logEntries.list` `logging.logMetrics.get` `logging.logMetrics.list` `logging.logServiceIndexes.list` `logging.logServices.list` `logging.logs.list` `logging.sinks.get` `logging.sinks.list` `logging.usage.get` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Accesscontextmanager Admin

(roles/accesscontextmanager.admin)

Admin role for accesscontextmanager

accesscontextmanager.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update
accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update
accesscontextmanager.gcpUserAccessBindings.create
accesscontextmanager.gcpUserAccessBindings.delete
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
accesscontextmanager.gcpUserAccessBindings.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Accesscontextmanager Editor

(roles/accesscontextmanager.editor)

Editor role for accesscontextmanager

accesscontextmanager.accessLevels.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update

accesscontextmanager.authorizedOrgsDescs.*

accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update

accesscontextmanager.gcpUserAccessBindings.*

accesscontextmanager.gcpUserAccessBindings.create
accesscontextmanager.gcpUserAccessBindings.delete
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
accesscontextmanager.gcpUserAccessBindings.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager Admin

(roles/accesscontextmanager.policyAdmin)

Full access to policies, access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update

accesscontextmanager.authorizedOrgsDescs.*

accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update

accesscontextmanager.policies.*

accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Accesscontextmanager Viewer

(roles/accesscontextmanager.viewer)

Viewer role for accesscontextmanager

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.authorizedOrgsDescs.get

accesscontextmanager.authorizedOrgsDescs.list

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Access Binding Admin

(roles/accesscontextmanager.gcpAccessAdmin)

Create, edit, and change Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.*

accesscontextmanager.gcpUserAccessBindings.create
accesscontextmanager.gcpUserAccessBindings.delete
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
accesscontextmanager.gcpUserAccessBindings.update

Cloud Access Binding Reader

(roles/accesscontextmanager.gcpAccessReader)

Read access to Cloud access bindings.

accesscontextmanager.gcpUserAccessBindings.get

accesscontextmanager.gcpUserAccessBindings.list

Access Context Manager Editor

(roles/accesscontextmanager.policyEditor)

Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.*

accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update

accesscontextmanager.authorizedOrgsDescs.*

accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update

accesscontextmanager.policies.create

accesscontextmanager.policies.delete

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.policies.update

accesscontextmanager.servicePerimeters.*

accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update

cloudasset.assets.searchAllResources

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager Reader

(roles/accesscontextmanager.policyReader)

Read access to policies, access levels, access zones and authorized orgs descs.

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.authorizedOrgsDescs.get

accesscontextmanager.authorizedOrgsDescs.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

VPC Service Controls Troubleshooter Viewer

(roles/accesscontextmanager.vpcScTroubleshooterViewer)

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.list

accesscontextmanager.authorizedOrgsDescs.get

accesscontextmanager.authorizedOrgsDescs.list

accesscontextmanager.policies.get

accesscontextmanager.policies.getIamPolicy

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

logging.exclusions.get

logging.exclusions.list

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.sinks.get

logging.sinks.list

logging.usage.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Context Manager permissions

Permission	Included in roles
`accesscontextmanager.accessLevels.create`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.accessLevels.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.accessLevels.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.accessLevels.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`accesscontextmanager.accessLevels.replaceAll`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.accessLevels.update`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.authorizedOrgsDescs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.authorizedOrgsDescs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.authorizedOrgsDescs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`accesscontextmanager.authorizedOrgsDescs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`accesscontextmanager.authorizedOrgsDescs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.gcpUserAccessBindings.create`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`)
`accesscontextmanager.gcpUserAccessBindings.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`)
`accesscontextmanager.gcpUserAccessBindings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`) Cloud Access Binding Reader (`roles/accesscontextmanager.gcpAccessReader`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`)
`accesscontextmanager.gcpUserAccessBindings.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`) Cloud Access Binding Reader (`roles/accesscontextmanager.gcpAccessReader`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`)
`accesscontextmanager.gcpUserAccessBindings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Cloud Access Binding Admin (`roles/accesscontextmanager.gcpAccessAdmin`)
`accesscontextmanager.policies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.policies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.policies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`accesscontextmanager.policies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`accesscontextmanager.policies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.policies.setIamPolicy`	Owner (`roles/owner`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Security Admin (`roles/iam.securityAdmin`)
`accesscontextmanager.policies.update`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.servicePerimeters.commit`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.servicePerimeters.create`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.servicePerimeters.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.servicePerimeters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) SLZ BQDW Blueprint Organization Level Remediator (`roles/securedlandingzone.bqdwOrgRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`accesscontextmanager.servicePerimeters.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Accesscontextmanager Viewer (`roles/accesscontextmanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) Access Context Manager Reader (`roles/accesscontextmanager.policyReader`) VPC Service Controls Troubleshooter Viewer (`roles/accesscontextmanager.vpcScTroubleshooterViewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) SLZ BQDW Blueprint Organization Level Remediator (`roles/securedlandingzone.bqdwOrgRemediator`)
`accesscontextmanager.servicePerimeters.replaceAll`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`)
`accesscontextmanager.servicePerimeters.update`	Owner (`roles/owner`) Editor (`roles/editor`) Accesscontextmanager Admin (`roles/accesscontextmanager.admin`) Accesscontextmanager Editor (`roles/accesscontextmanager.editor`) Access Context Manager Admin (`roles/accesscontextmanager.policyAdmin`) Access Context Manager Editor (`roles/accesscontextmanager.policyEditor`) SLZ BQDW Blueprint Organization Level Remediator (`roles/securedlandingzone.bqdwOrgRemediator`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)

Access Context Manager roles and permissions Stay organized with collections Save and categorize content based on your preferences.