Certificate Manager roles and permissions

This page lists the IAM roles and permissions for Certificate Manager. To search through all roles and permissions, see the role and permission index.

Certificate Manager roles

Role Permissions

Role	Permissions
Certificatemanager Admin (`roles/certificatemanager.admin`) Admin role for certificatemanager	`certificatemanager.*` `certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.createTagBinding` `certificatemanager.certissuanceconfigs.delete` `certificatemanager.certissuanceconfigs.deleteTagBinding` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.listEffectiveTags` `certificatemanager.certissuanceconfigs.listTagBindings` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.createTagBinding` `certificatemanager.certmapentries.delete` `certificatemanager.certmapentries.deleteTagBinding` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.listEffectiveTags` `certificatemanager.certmapentries.listTagBindings` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.createTagBinding` `certificatemanager.certmaps.delete` `certificatemanager.certmaps.deleteTagBinding` `certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.listEffectiveTags` `certificatemanager.certmaps.listTagBindings` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.createTagBinding` `certificatemanager.certs.delete` `certificatemanager.certs.deleteTagBinding` `certificatemanager.certs.get` `certificatemanager.certs.list` `certificatemanager.certs.listEffectiveTags` `certificatemanager.certs.listTagBindings` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.createTagBinding` `certificatemanager.dnsauthorizations.delete` `certificatemanager.dnsauthorizations.deleteTagBinding` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.listEffectiveTags` `certificatemanager.dnsauthorizations.listTagBindings` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.observedcerts.get` `certificatemanager.observedcerts.list` `certificatemanager.operations.cancel` `certificatemanager.operations.delete` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.createTagBinding` `certificatemanager.trustconfigs.delete` `certificatemanager.trustconfigs.deleteTagBinding` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.listEffectiveTags` `certificatemanager.trustconfigs.listTagBindings` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Certificate Manager Editor (`roles/certificatemanager.editor`) Edit access to Certificate Manager all resources.	`certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.createTagBinding` `certificatemanager.certissuanceconfigs.deleteTagBinding` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.listEffectiveTags` `certificatemanager.certissuanceconfigs.listTagBindings` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.createTagBinding` `certificatemanager.certmapentries.deleteTagBinding` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.listEffectiveTags` `certificatemanager.certmapentries.listTagBindings` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.createTagBinding` `certificatemanager.certmaps.deleteTagBinding` `certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.listEffectiveTags` `certificatemanager.certmaps.listTagBindings` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.createTagBinding` `certificatemanager.certs.deleteTagBinding` `certificatemanager.certs.get` `certificatemanager.certs.list` `certificatemanager.certs.listEffectiveTags` `certificatemanager.certs.listTagBindings` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.createTagBinding` `certificatemanager.dnsauthorizations.deleteTagBinding` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.listEffectiveTags` `certificatemanager.dnsauthorizations.listTagBindings` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.locations.` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.observedcerts.` `certificatemanager.observedcerts.get` `certificatemanager.observedcerts.list` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.createTagBinding` `certificatemanager.trustconfigs.deleteTagBinding` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.listEffectiveTags` `certificatemanager.trustconfigs.listTagBindings` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `resourcemanager.projects.get` `resourcemanager.projects.list`
Certificate Manager Viewer (`roles/certificatemanager.viewer`) Read-only access to Certificate Manager all resources.	`certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.listEffectiveTags` `certificatemanager.certissuanceconfigs.listTagBindings` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.listEffectiveTags` `certificatemanager.certmapentries.listTagBindings` `certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.listEffectiveTags` `certificatemanager.certmaps.listTagBindings` `certificatemanager.certs.get` `certificatemanager.certs.list` `certificatemanager.certs.listEffectiveTags` `certificatemanager.certs.listTagBindings` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.listEffectiveTags` `certificatemanager.dnsauthorizations.listTagBindings` `certificatemanager.locations.` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.observedcerts.` `certificatemanager.observedcerts.get` `certificatemanager.observedcerts.list` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.listEffectiveTags` `certificatemanager.trustconfigs.listTagBindings` `resourcemanager.projects.get` `resourcemanager.projects.list`
Certificate Manager Owner (`roles/certificatemanager.owner`) Full access to Certificate Manager all resources.	`certificatemanager.*` `certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.createTagBinding` `certificatemanager.certissuanceconfigs.delete` `certificatemanager.certissuanceconfigs.deleteTagBinding` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.listEffectiveTags` `certificatemanager.certissuanceconfigs.listTagBindings` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.createTagBinding` `certificatemanager.certmapentries.delete` `certificatemanager.certmapentries.deleteTagBinding` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.listEffectiveTags` `certificatemanager.certmapentries.listTagBindings` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.createTagBinding` `certificatemanager.certmaps.delete` `certificatemanager.certmaps.deleteTagBinding` `certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.listEffectiveTags` `certificatemanager.certmaps.listTagBindings` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.createTagBinding` `certificatemanager.certs.delete` `certificatemanager.certs.deleteTagBinding` `certificatemanager.certs.get` `certificatemanager.certs.list` `certificatemanager.certs.listEffectiveTags` `certificatemanager.certs.listTagBindings` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.createTagBinding` `certificatemanager.dnsauthorizations.delete` `certificatemanager.dnsauthorizations.deleteTagBinding` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.listEffectiveTags` `certificatemanager.dnsauthorizations.listTagBindings` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.locations.get` `certificatemanager.locations.list` `certificatemanager.observedcerts.get` `certificatemanager.observedcerts.list` `certificatemanager.operations.cancel` `certificatemanager.operations.delete` `certificatemanager.operations.get` `certificatemanager.operations.list` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.createTagBinding` `certificatemanager.trustconfigs.delete` `certificatemanager.trustconfigs.deleteTagBinding` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.listEffectiveTags` `certificatemanager.trustconfigs.listTagBindings` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `resourcemanager.projects.get` `resourcemanager.projects.list`

Certificatemanager Admin

(roles/certificatemanager.admin)

Admin role for certificatemanager

certificatemanager.*

certificatemanager.certissuanceconfigs.create
certificatemanager.certissuanceconfigs.createTagBinding
certificatemanager.certissuanceconfigs.delete
certificatemanager.certissuanceconfigs.deleteTagBinding
certificatemanager.certissuanceconfigs.get
certificatemanager.certissuanceconfigs.list
certificatemanager.certissuanceconfigs.listEffectiveTags
certificatemanager.certissuanceconfigs.listTagBindings
certificatemanager.certissuanceconfigs.update
certificatemanager.certissuanceconfigs.use
certificatemanager.certmapentries.create
certificatemanager.certmapentries.createTagBinding
certificatemanager.certmapentries.delete
certificatemanager.certmapentries.deleteTagBinding
certificatemanager.certmapentries.get
certificatemanager.certmapentries.list
certificatemanager.certmapentries.listEffectiveTags
certificatemanager.certmapentries.listTagBindings
certificatemanager.certmapentries.update
certificatemanager.certmaps.create
certificatemanager.certmaps.createTagBinding
certificatemanager.certmaps.delete
certificatemanager.certmaps.deleteTagBinding
certificatemanager.certmaps.get
certificatemanager.certmaps.list
certificatemanager.certmaps.listEffectiveTags
certificatemanager.certmaps.listTagBindings
certificatemanager.certmaps.update
certificatemanager.certmaps.use
certificatemanager.certs.create
certificatemanager.certs.createTagBinding
certificatemanager.certs.delete
certificatemanager.certs.deleteTagBinding
certificatemanager.certs.get
certificatemanager.certs.list
certificatemanager.certs.listEffectiveTags
certificatemanager.certs.listTagBindings
certificatemanager.certs.update
certificatemanager.certs.use
certificatemanager.dnsauthorizations.create
certificatemanager.dnsauthorizations.createTagBinding
certificatemanager.dnsauthorizations.delete
certificatemanager.dnsauthorizations.deleteTagBinding
certificatemanager.dnsauthorizations.get
certificatemanager.dnsauthorizations.list
certificatemanager.dnsauthorizations.listEffectiveTags
certificatemanager.dnsauthorizations.listTagBindings
certificatemanager.dnsauthorizations.update
certificatemanager.dnsauthorizations.use
certificatemanager.locations.get
certificatemanager.locations.list
certificatemanager.observedcerts.get
certificatemanager.observedcerts.list
certificatemanager.operations.cancel
certificatemanager.operations.delete
certificatemanager.operations.get
certificatemanager.operations.list
certificatemanager.trustconfigs.create
certificatemanager.trustconfigs.createTagBinding
certificatemanager.trustconfigs.delete
certificatemanager.trustconfigs.deleteTagBinding
certificatemanager.trustconfigs.get
certificatemanager.trustconfigs.list
certificatemanager.trustconfigs.listEffectiveTags
certificatemanager.trustconfigs.listTagBindings
certificatemanager.trustconfigs.update
certificatemanager.trustconfigs.use

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Manager Editor

(roles/certificatemanager.editor)

Edit access to Certificate Manager all resources.

certificatemanager.certissuanceconfigs.create

certificatemanager.certissuanceconfigs.createTagBinding

certificatemanager.certissuanceconfigs.deleteTagBinding

certificatemanager.certissuanceconfigs.get

certificatemanager.certissuanceconfigs.list

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certissuanceconfigs.update

certificatemanager.certissuanceconfigs.use

certificatemanager.certmapentries.create

certificatemanager.certmapentries.createTagBinding

certificatemanager.certmapentries.deleteTagBinding

certificatemanager.certmapentries.get

certificatemanager.certmapentries.list

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmapentries.update

certificatemanager.certmaps.create

certificatemanager.certmaps.createTagBinding

certificatemanager.certmaps.deleteTagBinding

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certmaps.update

certificatemanager.certmaps.use

certificatemanager.certs.create

certificatemanager.certs.createTagBinding

certificatemanager.certs.deleteTagBinding

certificatemanager.certs.get

certificatemanager.certs.list

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.certs.update

certificatemanager.certs.use

certificatemanager.dnsauthorizations.create

certificatemanager.dnsauthorizations.createTagBinding

certificatemanager.dnsauthorizations.deleteTagBinding

certificatemanager.dnsauthorizations.get

certificatemanager.dnsauthorizations.list

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.dnsauthorizations.update

certificatemanager.dnsauthorizations.use

certificatemanager.locations.*

certificatemanager.locations.get
certificatemanager.locations.list

certificatemanager.observedcerts.*

certificatemanager.observedcerts.get
certificatemanager.observedcerts.list

certificatemanager.operations.get

certificatemanager.operations.list

certificatemanager.trustconfigs.create

certificatemanager.trustconfigs.createTagBinding

certificatemanager.trustconfigs.deleteTagBinding

certificatemanager.trustconfigs.get

certificatemanager.trustconfigs.list

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

certificatemanager.trustconfigs.update

certificatemanager.trustconfigs.use

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Manager Viewer

(roles/certificatemanager.viewer)

Read-only access to Certificate Manager all resources.

certificatemanager.certissuanceconfigs.get

certificatemanager.certissuanceconfigs.list

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certmapentries.get

certificatemanager.certmapentries.list

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certs.get

certificatemanager.certs.list

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.dnsauthorizations.get

certificatemanager.dnsauthorizations.list

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.locations.*

certificatemanager.locations.get
certificatemanager.locations.list

certificatemanager.observedcerts.*

certificatemanager.observedcerts.get
certificatemanager.observedcerts.list

certificatemanager.operations.get

certificatemanager.operations.list

certificatemanager.trustconfigs.get

certificatemanager.trustconfigs.list

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Manager Owner

(roles/certificatemanager.owner)

Full access to Certificate Manager all resources.

certificatemanager.*

certificatemanager.certissuanceconfigs.create
certificatemanager.certissuanceconfigs.createTagBinding
certificatemanager.certissuanceconfigs.delete
certificatemanager.certissuanceconfigs.deleteTagBinding
certificatemanager.certissuanceconfigs.get
certificatemanager.certissuanceconfigs.list
certificatemanager.certissuanceconfigs.listEffectiveTags
certificatemanager.certissuanceconfigs.listTagBindings
certificatemanager.certissuanceconfigs.update
certificatemanager.certissuanceconfigs.use
certificatemanager.certmapentries.create
certificatemanager.certmapentries.createTagBinding
certificatemanager.certmapentries.delete
certificatemanager.certmapentries.deleteTagBinding
certificatemanager.certmapentries.get
certificatemanager.certmapentries.list
certificatemanager.certmapentries.listEffectiveTags
certificatemanager.certmapentries.listTagBindings
certificatemanager.certmapentries.update
certificatemanager.certmaps.create
certificatemanager.certmaps.createTagBinding
certificatemanager.certmaps.delete
certificatemanager.certmaps.deleteTagBinding
certificatemanager.certmaps.get
certificatemanager.certmaps.list
certificatemanager.certmaps.listEffectiveTags
certificatemanager.certmaps.listTagBindings
certificatemanager.certmaps.update
certificatemanager.certmaps.use
certificatemanager.certs.create
certificatemanager.certs.createTagBinding
certificatemanager.certs.delete
certificatemanager.certs.deleteTagBinding
certificatemanager.certs.get
certificatemanager.certs.list
certificatemanager.certs.listEffectiveTags
certificatemanager.certs.listTagBindings
certificatemanager.certs.update
certificatemanager.certs.use
certificatemanager.dnsauthorizations.create
certificatemanager.dnsauthorizations.createTagBinding
certificatemanager.dnsauthorizations.delete
certificatemanager.dnsauthorizations.deleteTagBinding
certificatemanager.dnsauthorizations.get
certificatemanager.dnsauthorizations.list
certificatemanager.dnsauthorizations.listEffectiveTags
certificatemanager.dnsauthorizations.listTagBindings
certificatemanager.dnsauthorizations.update
certificatemanager.dnsauthorizations.use
certificatemanager.locations.get
certificatemanager.locations.list
certificatemanager.observedcerts.get
certificatemanager.observedcerts.list
certificatemanager.operations.cancel
certificatemanager.operations.delete
certificatemanager.operations.get
certificatemanager.operations.list
certificatemanager.trustconfigs.create
certificatemanager.trustconfigs.createTagBinding
certificatemanager.trustconfigs.delete
certificatemanager.trustconfigs.deleteTagBinding
certificatemanager.trustconfigs.get
certificatemanager.trustconfigs.list
certificatemanager.trustconfigs.listEffectiveTags
certificatemanager.trustconfigs.listTagBindings
certificatemanager.trustconfigs.update
certificatemanager.trustconfigs.use

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Certificate Manager Service Agent (`roles/certificatemanager.serviceAgent`) Grants Certificate Manager access to services and APIs in the user project. Warning: Do not grant service agent roles to any principals except service agents.	`certificatemanager.locations.get`

Certificate Manager Service Agent

(roles/certificatemanager.serviceAgent)

Grants Certificate Manager access to services and APIs in the user project.

certificatemanager.locations.get

Certificate Manager permissions

Permission	Included in roles
`certificatemanager.certissuanceconfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certissuanceconfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certissuanceconfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certissuanceconfigs.use`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certmapentries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certmapentries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmapentries.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certmaps.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certmaps.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certmaps.use`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Compute Load Balancer Admin (`roles/compute.loadBalancerAdmin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.certs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.certs.use`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.dnsauthorizations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.dnsauthorizations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.dnsauthorizations.use`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Certificate Manager Service Agent (`roles/certificatemanager.serviceAgent`)
`certificatemanager.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`certificatemanager.observedcerts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`)
`certificatemanager.observedcerts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`certificatemanager.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`)
`certificatemanager.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`)
`certificatemanager.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`certificatemanager.trustconfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.trustconfigs.createTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.trustconfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.trustconfigs.deleteTagBinding`	Owner (`roles/owner`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Tag User (`roles/resourcemanager.tagUser`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`certificatemanager.trustconfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.trustconfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Audit Manager Auditing Service Agent (`roles/auditmanager.serviceAgent`) Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`) Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.trustconfigs.listEffectiveTags`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`certificatemanager.trustconfigs.listTagBindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Viewer (`roles/certificatemanager.viewer`) Tag User (`roles/resourcemanager.tagUser`) Tag Viewer (`roles/resourcemanager.tagViewer`) Certificate Manager Owner (`roles/certificatemanager.owner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`)
`certificatemanager.trustconfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)
`certificatemanager.trustconfigs.use`	Owner (`roles/owner`) Editor (`roles/editor`) Certificatemanager Admin (`roles/certificatemanager.admin`) Certificate Manager Editor (`roles/certificatemanager.editor`) Certificate Manager Owner (`roles/certificatemanager.owner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Multi Cluster Ingress Service Agent (`roles/multiclusteringress.serviceAgent`)

Certificate Manager roles and permissions Stay organized with collections Save and categorize content based on your preferences.