Storage Insights roles and permissions

This page lists the IAM roles and permissions for Storage Insights. To search through all roles and permissions, see the role and permission index.

Storage Insights roles

Role Permissions

Role	Permissions
Storage Insights Admin (`roles/storageinsights.admin`) Full access to Storage Insights resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `storageinsights.*` `storageinsights.datasetConfigs.create` `storageinsights.datasetConfigs.delete` `storageinsights.datasetConfigs.get` `storageinsights.datasetConfigs.linkDataset` `storageinsights.datasetConfigs.list` `storageinsights.datasetConfigs.unlinkDataset` `storageinsights.datasetConfigs.update` `storageinsights.locations.get` `storageinsights.locations.list` `storageinsights.operations.cancel` `storageinsights.operations.delete` `storageinsights.operations.get` `storageinsights.operations.list` `storageinsights.reportConfigs.create` `storageinsights.reportConfigs.delete` `storageinsights.reportConfigs.get` `storageinsights.reportConfigs.list` `storageinsights.reportConfigs.update` `storageinsights.reportDetails.get` `storageinsights.reportDetails.list`
Storage Insights Viewer (`roles/storageinsights.viewer`) Read-only access to Storage Insights resources.	`resourcemanager.projects.get` `resourcemanager.projects.list` `storageinsights.datasetConfigs.get` `storageinsights.datasetConfigs.list` `storageinsights.locations.` `storageinsights.locations.get` `storageinsights.locations.list` `storageinsights.operations.get` `storageinsights.operations.list` `storageinsights.reportConfigs.get` `storageinsights.reportConfigs.list` `storageinsights.reportDetails.` `storageinsights.reportDetails.get` `storageinsights.reportDetails.list`
Storage Insights Analyst (`roles/storageinsights.analyst`) Data access to Storage Insights.	`resourcemanager.projects.get` `resourcemanager.projects.list` `storageinsights.datasetConfigs.get` `storageinsights.datasetConfigs.linkDataset` `storageinsights.datasetConfigs.list` `storageinsights.datasetConfigs.unlinkDataset` `storageinsights.locations.` `storageinsights.locations.get` `storageinsights.locations.list` `storageinsights.operations.get` `storageinsights.operations.list` `storageinsights.reportConfigs.get` `storageinsights.reportConfigs.list` `storageinsights.reportDetails.` `storageinsights.reportDetails.get` `storageinsights.reportDetails.list`

Storage Insights Admin

(roles/storageinsights.admin)

Full access to Storage Insights resources.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.*

storageinsights.datasetConfigs.create
storageinsights.datasetConfigs.delete
storageinsights.datasetConfigs.get
storageinsights.datasetConfigs.linkDataset
storageinsights.datasetConfigs.list
storageinsights.datasetConfigs.unlinkDataset
storageinsights.datasetConfigs.update
storageinsights.locations.get
storageinsights.locations.list
storageinsights.operations.cancel
storageinsights.operations.delete
storageinsights.operations.get
storageinsights.operations.list
storageinsights.reportConfigs.create
storageinsights.reportConfigs.delete
storageinsights.reportConfigs.get
storageinsights.reportConfigs.list
storageinsights.reportConfigs.update
storageinsights.reportDetails.get
storageinsights.reportDetails.list

Storage Insights Viewer

(roles/storageinsights.viewer)

Read-only access to Storage Insights resources.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.list

storageinsights.locations.*

storageinsights.locations.get
storageinsights.locations.list

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

storageinsights.reportDetails.get
storageinsights.reportDetails.list

Storage Insights Analyst

(roles/storageinsights.analyst)

Data access to Storage Insights.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.linkDataset

storageinsights.datasetConfigs.list

storageinsights.datasetConfigs.unlinkDataset

storageinsights.locations.*

storageinsights.locations.get
storageinsights.locations.list

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

storageinsights.reportDetails.get
storageinsights.reportDetails.list

Service agent roles

Service agent roles should only be granted to service agents.

Role Permissions

Role	Permissions
StorageInsights Service Agent (`roles/storageinsights.serviceAgent`) Permissions for Insights to write reports into customer project Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.create` `serviceusage.services.use` `storageinsights.reportDetails.list`

StorageInsights Service Agent

(roles/storageinsights.serviceAgent)

Permissions for Insights to write reports into customer project

bigquery.datasets.create

serviceusage.services.use

storageinsights.reportDetails.list

Storage Insights permissions

Permission	Included in roles
`storageinsights.datasetConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.datasetConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.datasetConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.datasetConfigs.linkDataset`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.datasetConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.datasetConfigs.unlinkDataset`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.datasetConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.reportConfigs.create`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.reportConfigs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.reportConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.reportConfigs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.reportConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Storage Insights Admin (`roles/storageinsights.admin`)
`storageinsights.reportDetails.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`)
`storageinsights.reportDetails.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Storage Insights Admin (`roles/storageinsights.admin`) Storage Insights Viewer (`roles/storageinsights.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) Storage Insights Analyst (`roles/storageinsights.analyst`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. StorageInsights Service Agent (`roles/storageinsights.serviceAgent`)

Storage Insights roles and permissions