Cloud Optimization roles and permissions

This page lists the IAM roles and permissions for Cloud Optimization. To search through all roles and permissions, see the role and permission index.

Cloud Optimization roles

Role Permissions

Role	Permissions
Cloud Optimization AI Admin (`roles/cloudoptimization.admin`) Administrator of Cloud Optimization AI resources	`cloudoptimization.*` `cloudoptimization.operations.create` `cloudoptimization.operations.get`
Cloud Optimization AI Editor (`roles/cloudoptimization.editor`) Editor of Cloud Optimization AI resources	`cloudoptimization.*` `cloudoptimization.operations.create` `cloudoptimization.operations.get`
Cloud Optimization AI Viewer (`roles/cloudoptimization.viewer`) Viewer of Cloud Optimization AI resources	`cloudoptimization.operations.get`

Cloud Optimization AI Admin

(roles/cloudoptimization.admin)

Administrator of Cloud Optimization AI resources

cloudoptimization.*

cloudoptimization.operations.create
cloudoptimization.operations.get

Cloud Optimization AI Editor

(roles/cloudoptimization.editor)

Editor of Cloud Optimization AI resources

cloudoptimization.*

cloudoptimization.operations.create
cloudoptimization.operations.get

Cloud Optimization AI Viewer

(roles/cloudoptimization.viewer)

Viewer of Cloud Optimization AI resources

cloudoptimization.operations.get

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Cloud Optimization Service Agent (`roles/cloudoptimization.serviceAgent`) Grants Cloud Optimization Service Account access to read and write data in the user project. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`

Cloud Optimization Service Agent

(roles/cloudoptimization.serviceAgent)

Grants Cloud Optimization Service Account access to read and write data in the user project.

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Cloud Optimization permissions

Permission Included in roles

Permission	Included in roles
`cloudoptimization.operations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Cloud Optimization AI Admin (`roles/cloudoptimization.admin`) Cloud Optimization AI Editor (`roles/cloudoptimization.editor`)
`cloudoptimization.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Cloud Optimization AI Admin (`roles/cloudoptimization.admin`) Cloud Optimization AI Editor (`roles/cloudoptimization.editor`) Cloud Optimization AI Viewer (`roles/cloudoptimization.viewer`) Support User (`roles/iam.supportUser`)

`cloudoptimization.operations.create`

Owner (roles/owner)

Editor (roles/editor)

Cloud Optimization AI Admin (roles/cloudoptimization.admin)

Cloud Optimization AI Editor (roles/cloudoptimization.editor)

`cloudoptimization.operations.get`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud Optimization AI Admin (roles/cloudoptimization.admin)

Cloud Optimization AI Editor (roles/cloudoptimization.editor)

Cloud Optimization AI Viewer (roles/cloudoptimization.viewer)

Support User (roles/iam.supportUser)

Cloud Optimization roles and permissions Stay organized with collections Save and categorize content based on your preferences.