Access Transparency roles and permissions

This page lists the IAM roles and permissions for Access Transparency. Tosearch through all roles and permissions, see therole andpermission index.

Access Transparency roles

Role Permissions

Role	Permissions
Access Transparency Admin (`roles/axt.admin`) Enable Access Transparency for Organization Lowest-level resources where you can grant this role: Project	`axt.*` `axt.labels.get` `axt.labels.set` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

(roles/axt.admin)

Enable Access Transparency for Organization

Lowest-level resources where you can grant this role:

axt.*

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Permission Included in roles

Permission	Included in roles
`axt.labels.get`	Access Transparency Admin (`roles/axt.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`)
`axt.labels.set`	Assured Workloads Administrator (`roles/assuredworkloads.admin`) Assured Workloads Editor (`roles/assuredworkloads.editor`) Access Transparency Admin (`roles/axt.admin`)

Service agent roles

Warning: Don't grant service agent roles to any principals except service agents.

Cloud Security Compliance Service Agent (roles/cloudsecuritycompliance.serviceAgent)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.