Enterprise Knowledge Graph roles and permissions

This page lists the IAM roles and permissions for Enterprise Knowledge Graph. To search through all roles and permissions, see the role and permission index.

Enterprise Knowledge Graph roles

Role Permissions

Role	Permissions
Enterprise Knowledge Graph Admin ^Beta (`roles/enterpriseknowledgegraph.admin`) Administrator of Enterprise Knowledge Graph resources	`enterpriseknowledgegraph.*` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search` `enterpriseknowledgegraph.entityReconciliationJobs.cancel` `enterpriseknowledgegraph.entityReconciliationJobs.create` `enterpriseknowledgegraph.entityReconciliationJobs.delete` `enterpriseknowledgegraph.entityReconciliationJobs.get` `enterpriseknowledgegraph.entityReconciliationJobs.list` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Enterprise Knowledge Graph Editor ^Beta (`roles/enterpriseknowledgegraph.editor`) Editor of Enterprise Knowledge Graph resources	`enterpriseknowledgegraph.*` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search` `enterpriseknowledgegraph.entityReconciliationJobs.cancel` `enterpriseknowledgegraph.entityReconciliationJobs.create` `enterpriseknowledgegraph.entityReconciliationJobs.delete` `enterpriseknowledgegraph.entityReconciliationJobs.get` `enterpriseknowledgegraph.entityReconciliationJobs.list` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Enterprise Knowledge Graph Viewer ^Beta (`roles/enterpriseknowledgegraph.viewer`) Viewer of Enterprise Knowledge Graph resources	`enterpriseknowledgegraph.cloudKnowledgeGraphEntities.` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search` `enterpriseknowledgegraph.entityReconciliationJobs.get` `enterpriseknowledgegraph.entityReconciliationJobs.list` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup` `enterpriseknowledgegraph.publicKnowledgeGraphEntities.search` `resourcemanager.projects.get` `resourcemanager.projects.list`

Enterprise Knowledge Graph Admin ^Beta

(roles/enterpriseknowledgegraph.admin)

Administrator of Enterprise Knowledge Graph resources

enterpriseknowledgegraph.*

enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search
enterpriseknowledgegraph.entityReconciliationJobs.cancel
enterpriseknowledgegraph.entityReconciliationJobs.create
enterpriseknowledgegraph.entityReconciliationJobs.delete
enterpriseknowledgegraph.entityReconciliationJobs.get
enterpriseknowledgegraph.entityReconciliationJobs.list
enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.publicKnowledgeGraphEntities.search

resourcemanager.projects.get

resourcemanager.projects.list

Enterprise Knowledge Graph Editor ^Beta

(roles/enterpriseknowledgegraph.editor)

Editor of Enterprise Knowledge Graph resources

enterpriseknowledgegraph.*

enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search
enterpriseknowledgegraph.entityReconciliationJobs.cancel
enterpriseknowledgegraph.entityReconciliationJobs.create
enterpriseknowledgegraph.entityReconciliationJobs.delete
enterpriseknowledgegraph.entityReconciliationJobs.get
enterpriseknowledgegraph.entityReconciliationJobs.list
enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.publicKnowledgeGraphEntities.search

resourcemanager.projects.get

resourcemanager.projects.list

Enterprise Knowledge Graph Viewer ^Beta

(roles/enterpriseknowledgegraph.viewer)

Viewer of Enterprise Knowledge Graph resources

enterpriseknowledgegraph.cloudKnowledgeGraphEntities.*

enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search

enterpriseknowledgegraph.entityReconciliationJobs.get

enterpriseknowledgegraph.entityReconciliationJobs.list

enterpriseknowledgegraph.publicKnowledgeGraphEntities.*

enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup
enterpriseknowledgegraph.publicKnowledgeGraphEntities.search

resourcemanager.projects.get

resourcemanager.projects.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
Enterprise Knowledge Graph Service Agent (`roles/enterpriseknowledgegraph.serviceAgent`) Gives Enterprise Knowledge Graph Service Account access to consumer resources. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.config.get` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.jobs.create` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.tables.create` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.update` `bigquery.tables.updateData` `dataform.folders.create` `dataform.locations.*` `dataform.locations.get` `dataform.locations.list` `dataform.repositories.create` `dataform.repositories.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `storage.objects.get` `storage.objects.list`

Enterprise Knowledge Graph Service Agent

(roles/enterpriseknowledgegraph.serviceAgent)

Gives Enterprise Knowledge Graph Service Account access to consumer resources.

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.jobs.create

bigquery.readsessions.create

bigquery.readsessions.getData

bigquery.tables.create

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.update

bigquery.tables.updateData

dataform.folders.create

dataform.locations.*

dataform.locations.get
dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.get

storage.objects.list

Enterprise Knowledge Graph permissions

Permission	Included in roles
`enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Support User (`roles/iam.supportUser`)
`enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Support User (`roles/iam.supportUser`)
`enterpriseknowledgegraph.entityReconciliationJobs.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`)
`enterpriseknowledgegraph.entityReconciliationJobs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`)
`enterpriseknowledgegraph.entityReconciliationJobs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`)
`enterpriseknowledgegraph.entityReconciliationJobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Support User (`roles/iam.supportUser`)
`enterpriseknowledgegraph.entityReconciliationJobs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Support User (`roles/iam.supportUser`)
`enterpriseknowledgegraph.publicKnowledgeGraphEntities.search`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Enterprise Knowledge Graph Admin (`roles/enterpriseknowledgegraph.admin`) Enterprise Knowledge Graph Editor (`roles/enterpriseknowledgegraph.editor`) Enterprise Knowledge Graph Viewer (`roles/enterpriseknowledgegraph.viewer`) Support User (`roles/iam.supportUser`)

Enterprise Knowledge Graph roles and permissions