Binary Authorization roles and permissions

This page lists the IAM roles and permissions for Binary Authorization. To search through all roles and permissions, see the role and permission index.

Binary Authorization roles

Role Permissions

Role	Permissions
Binaryauthorization Admin (`roles/binaryauthorization.admin`) Admin role for binaryauthorization	`binaryauthorization.*` `binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.getIamPolicy` `binaryauthorization.attestors.list` `binaryauthorization.attestors.setIamPolicy` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.getIamPolicy` `binaryauthorization.continuousValidationConfig.setIamPolicy` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.getIamPolicy` `binaryauthorization.policy.setIamPolicy` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Administrator of Binary Authorization Attestors	`binaryauthorization.attestors.*` `binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.getIamPolicy` `binaryauthorization.attestors.list` `binaryauthorization.attestors.setIamPolicy` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Editor of Binary Authorization Attestors	`binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Image Verifier (`roles/binaryauthorization.attestorsVerifier`) Caller of Binary Authorization Attestors VerifyImageAttested	`binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.verifyImageAttested` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Attestor Viewer (`roles/binaryauthorization.attestorsViewer`) Viewer of Binary Authorization Attestors	`binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binaryauthorization Editor (`roles/binaryauthorization.editor`) Editor role for binaryauthorization	`binaryauthorization.attestors.create` `binaryauthorization.attestors.delete` `binaryauthorization.attestors.get` `binaryauthorization.attestors.getIamPolicy` `binaryauthorization.attestors.list` `binaryauthorization.attestors.update` `binaryauthorization.attestors.verifyImageAttested` `binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.getIamPolicy` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.*` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.getIamPolicy` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Administrator of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.` `binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.getIamPolicy` `binaryauthorization.continuousValidationConfig.setIamPolicy` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.*` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.getIamPolicy` `binaryauthorization.policy.setIamPolicy` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Editor of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.update` `binaryauthorization.platformPolicies.*` `binaryauthorization.platformPolicies.create` `binaryauthorization.platformPolicies.delete` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.platformPolicies.replace` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Evaluator of Binary Authorization Policy	`binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Viewer of Binary Authorization Policy	`binaryauthorization.continuousValidationConfig.get` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`) Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures. Warning: Do not grant service agent roles to any principals except service agents.	`artifactregistry.dockerimages.get` `artifactregistry.repositories.downloadArtifacts` `binaryauthorization.attestors.get` `binaryauthorization.attestors.list` `binaryauthorization.attestors.verifyImageAttested` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.policy.evaluatePolicy` `cloudasset.assets.exportResource` `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.update` `containeranalysis.notes.get` `containeranalysis.notes.list` `containeranalysis.notes.listOccurrences` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.objects.list`
Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Viewer role for binaryauthorization	`binaryauthorization.attestors.get` `binaryauthorization.attestors.getIamPolicy` `binaryauthorization.attestors.list` `binaryauthorization.attestors.verifyImageAttested` `binaryauthorization.continuousValidationConfig.get` `binaryauthorization.continuousValidationConfig.getIamPolicy` `binaryauthorization.platformPolicies.evaluatePolicy` `binaryauthorization.platformPolicies.get` `binaryauthorization.platformPolicies.list` `binaryauthorization.policy.evaluatePolicy` `binaryauthorization.policy.get` `binaryauthorization.policy.getIamPolicy` `resourcemanager.projects.get` `resourcemanager.projects.list`

Binaryauthorization Admin

(roles/binaryauthorization.admin)

Admin role for binaryauthorization

binaryauthorization.*

binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
binaryauthorization.attestors.verifyImageAttested
binaryauthorization.continuousValidationConfig.get
binaryauthorization.continuousValidationConfig.getIamPolicy
binaryauthorization.continuousValidationConfig.setIamPolicy
binaryauthorization.continuousValidationConfig.update
binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace
binaryauthorization.policy.evaluatePolicy
binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Admin

(roles/binaryauthorization.attestorsAdmin)

Administrator of Binary Authorization Attestors

binaryauthorization.attestors.*

binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Editor

(roles/binaryauthorization.attestorsEditor)

Editor of Binary Authorization Attestors

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Image Verifier

(roles/binaryauthorization.attestorsVerifier)

Caller of Binary Authorization Attestors VerifyImageAttested

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Viewer

(roles/binaryauthorization.attestorsViewer)

Viewer of Binary Authorization Attestors

binaryauthorization.attestors.get

binaryauthorization.attestors.list

resourcemanager.projects.get

resourcemanager.projects.list

Binaryauthorization Editor

(roles/binaryauthorization.editor)

Editor role for binaryauthorization

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.getIamPolicy

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.getIamPolicy

binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.getIamPolicy

binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Administrator

(roles/binaryauthorization.policyAdmin)

Administrator of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.*

binaryauthorization.continuousValidationConfig.get
binaryauthorization.continuousValidationConfig.getIamPolicy
binaryauthorization.continuousValidationConfig.setIamPolicy
binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace

binaryauthorization.policy.*

binaryauthorization.policy.evaluatePolicy
binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Editor

(roles/binaryauthorization.policyEditor)

Editor of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

binaryauthorization.platformPolicies.create
binaryauthorization.platformPolicies.delete
binaryauthorization.platformPolicies.evaluatePolicy
binaryauthorization.platformPolicies.get
binaryauthorization.platformPolicies.list
binaryauthorization.platformPolicies.replace

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Evaluator

(roles/binaryauthorization.policyEvaluator)

Evaluator of Binary Authorization Policy

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Viewer

(roles/binaryauthorization.policyViewer)

Viewer of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Service Agent

(roles/binaryauthorization.serviceAgent)

Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

artifactregistry.dockerimages.get

artifactregistry.repositories.downloadArtifacts

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.policy.evaluatePolicy

cloudasset.assets.exportResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.listOccurrences

containeranalysis.occurrences.get

containeranalysis.occurrences.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.list

Binaryauthorization Viewer

(roles/binaryauthorization.viewer)

Viewer role for binaryauthorization

binaryauthorization.attestors.get

binaryauthorization.attestors.getIamPolicy

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.getIamPolicy

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.getIamPolicy

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization permissions

Permission	Included in roles
`binaryauthorization.attestors.create`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binary Authorization Attestor Image Verifier (`roles/binaryauthorization.attestorsVerifier`) Binary Authorization Attestor Viewer (`roles/binaryauthorization.attestorsViewer`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.attestors.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`binaryauthorization.attestors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binary Authorization Attestor Image Verifier (`roles/binaryauthorization.attestorsVerifier`) Binary Authorization Attestor Viewer (`roles/binaryauthorization.attestorsViewer`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.attestors.setIamPolicy`	Owner (`roles/owner`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Security Admin (`roles/iam.securityAdmin`)
`binaryauthorization.attestors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`)
`binaryauthorization.attestors.verifyImageAttested`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Attestor Admin (`roles/binaryauthorization.attestorsAdmin`) Binary Authorization Attestor Editor (`roles/binaryauthorization.attestorsEditor`) Binary Authorization Attestor Image Verifier (`roles/binaryauthorization.attestorsVerifier`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Build Service Agent (`roles/cloudbuild.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.continuousValidationConfig.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`)
`binaryauthorization.continuousValidationConfig.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`binaryauthorization.continuousValidationConfig.setIamPolicy`	Owner (`roles/owner`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`)
`binaryauthorization.continuousValidationConfig.update`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Dev Ops (`roles/iam.devOps`)
`binaryauthorization.platformPolicies.create`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Dev Ops (`roles/iam.devOps`)
`binaryauthorization.platformPolicies.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Dev Ops (`roles/iam.devOps`)
`binaryauthorization.platformPolicies.evaluatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`)
`binaryauthorization.platformPolicies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`)
`binaryauthorization.platformPolicies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`)
`binaryauthorization.platformPolicies.replace`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Dev Ops (`roles/iam.devOps`)
`binaryauthorization.policy.evaluatePolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Binary Authorization Service Agent (`roles/binaryauthorization.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Cloud Run Service Agent (`roles/run.serviceAgent`) Vertex AI Service Agent (`roles/aiplatform.serviceAgent`)
`binaryauthorization.policy.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Binary Authorization Policy Evaluator (`roles/binaryauthorization.policyEvaluator`) Binary Authorization Policy Viewer (`roles/binaryauthorization.policyViewer`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`) Security Center Control Service Agent (`roles/securitycenter.controlServiceAgent`) Security Health Analytics Service Agent (`roles/securitycenter.securityHealthAnalyticsServiceAgent`) Security Center Service Agent (`roles/securitycenter.serviceAgent`) Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`)
`binaryauthorization.policy.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binaryauthorization Viewer (`roles/binaryauthorization.viewer`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`binaryauthorization.policy.setIamPolicy`	Owner (`roles/owner`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Dev Ops (`roles/iam.devOps`) Security Admin (`roles/iam.securityAdmin`)
`binaryauthorization.policy.update`	Owner (`roles/owner`) Editor (`roles/editor`) Binaryauthorization Admin (`roles/binaryauthorization.admin`) Binaryauthorization Editor (`roles/binaryauthorization.editor`) Binary Authorization Policy Administrator (`roles/binaryauthorization.policyAdmin`) Binary Authorization Policy Editor (`roles/binaryauthorization.policyEditor`) Dev Ops (`roles/iam.devOps`)

Binary Authorization roles and permissions