Google Distributed Cloud roles and permissions

This page lists the IAM roles and permissions for Google Distributed Cloud. Tosearch through all roles and permissions, see therole andpermission index.

Google Distributed Cloud roles

RolePermissions

GKE on-prem Admin

(roles/gkeonprem.admin)

Full access to GKE on-prem all resources.

gkeonprem.*

  • gkeonprem.bareMetalAdminClusters.connect
  • gkeonprem.bareMetalAdminClusters.create
  • gkeonprem.bareMetalAdminClusters.createTagBinding
  • gkeonprem.bareMetalAdminClusters.deleteTagBinding
  • gkeonprem.bareMetalAdminClusters.enroll
  • gkeonprem.bareMetalAdminClusters.get
  • gkeonprem.bareMetalAdminClusters.getIamPolicy
  • gkeonprem.bareMetalAdminClusters.list
  • gkeonprem.bareMetalAdminClusters.listEffectiveTags
  • gkeonprem.bareMetalAdminClusters.listTagBindings
  • gkeonprem.bareMetalAdminClusters.queryVersionConfig
  • gkeonprem.bareMetalAdminClusters.setIamPolicy
  • gkeonprem.bareMetalAdminClusters.unenroll
  • gkeonprem.bareMetalAdminClusters.update
  • gkeonprem.bareMetalClusters.create
  • gkeonprem.bareMetalClusters.createTagBinding
  • gkeonprem.bareMetalClusters.delete
  • gkeonprem.bareMetalClusters.deleteTagBinding
  • gkeonprem.bareMetalClusters.enroll
  • gkeonprem.bareMetalClusters.get
  • gkeonprem.bareMetalClusters.getIamPolicy
  • gkeonprem.bareMetalClusters.list
  • gkeonprem.bareMetalClusters.listEffectiveTags
  • gkeonprem.bareMetalClusters.listTagBindings
  • gkeonprem.bareMetalClusters.queryVersionConfig
  • gkeonprem.bareMetalClusters.setIamPolicy
  • gkeonprem.bareMetalClusters.unenroll
  • gkeonprem.bareMetalClusters.update
  • gkeonprem.bareMetalNodePools.create
  • gkeonprem.bareMetalNodePools.delete
  • gkeonprem.bareMetalNodePools.enroll
  • gkeonprem.bareMetalNodePools.get
  • gkeonprem.bareMetalNodePools.getIamPolicy
  • gkeonprem.bareMetalNodePools.list
  • gkeonprem.bareMetalNodePools.setIamPolicy
  • gkeonprem.bareMetalNodePools.unenroll
  • gkeonprem.bareMetalNodePools.update
  • gkeonprem.locations.get
  • gkeonprem.locations.list
  • gkeonprem.operations.cancel
  • gkeonprem.operations.delete
  • gkeonprem.operations.get
  • gkeonprem.operations.list
  • gkeonprem.vmwareAdminClusters.connect
  • gkeonprem.vmwareAdminClusters.createTagBinding
  • gkeonprem.vmwareAdminClusters.deleteTagBinding
  • gkeonprem.vmwareAdminClusters.enroll
  • gkeonprem.vmwareAdminClusters.get
  • gkeonprem.vmwareAdminClusters.getIamPolicy
  • gkeonprem.vmwareAdminClusters.list
  • gkeonprem.vmwareAdminClusters.listEffectiveTags
  • gkeonprem.vmwareAdminClusters.listTagBindings
  • gkeonprem.vmwareAdminClusters.setIamPolicy
  • gkeonprem.vmwareAdminClusters.unenroll
  • gkeonprem.vmwareAdminClusters.update
  • gkeonprem.vmwareClusters.create
  • gkeonprem.vmwareClusters.createTagBinding
  • gkeonprem.vmwareClusters.delete
  • gkeonprem.vmwareClusters.deleteTagBinding
  • gkeonprem.vmwareClusters.enroll
  • gkeonprem.vmwareClusters.get
  • gkeonprem.vmwareClusters.getIamPolicy
  • gkeonprem.vmwareClusters.list
  • gkeonprem.vmwareClusters.listEffectiveTags
  • gkeonprem.vmwareClusters.listTagBindings
  • gkeonprem.vmwareClusters.queryVersionConfig
  • gkeonprem.vmwareClusters.setIamPolicy
  • gkeonprem.vmwareClusters.unenroll
  • gkeonprem.vmwareClusters.update
  • gkeonprem.vmwareNodePools.create
  • gkeonprem.vmwareNodePools.delete
  • gkeonprem.vmwareNodePools.enroll
  • gkeonprem.vmwareNodePools.get
  • gkeonprem.vmwareNodePools.getIamPolicy
  • gkeonprem.vmwareNodePools.list
  • gkeonprem.vmwareNodePools.setIamPolicy
  • gkeonprem.vmwareNodePools.unenroll
  • gkeonprem.vmwareNodePools.update

resourcemanager.projects.get

resourcemanager.projects.list

GKE On-Prem Service Agent

(roles/gkeonprem.serviceAgent)

Gives the GKE On-Prem service agent access to Cloud Platform resources.

Warning: Do not grant service agent roles to any principals exceptservice agents.

gkehub.memberships.delete

gkehub.memberships.get

gkehub.memberships.update

gkeonprem.bareMetalAdminClusters.connect

gkeonprem.bareMetalAdminClusters.enroll

gkeonprem.bareMetalAdminClusters.get

gkeonprem.bareMetalAdminClusters.unenroll

gkeonprem.bareMetalClusters.enroll

gkeonprem.bareMetalClusters.get

gkeonprem.bareMetalClusters.unenroll

gkeonprem.bareMetalNodePools.enroll

gkeonprem.bareMetalNodePools.get

gkeonprem.bareMetalNodePools.unenroll

gkeonprem.operations.get

gkeonprem.operations.list

gkeonprem.vmwareAdminClusters.connect

gkeonprem.vmwareAdminClusters.enroll

gkeonprem.vmwareAdminClusters.get

gkeonprem.vmwareAdminClusters.unenroll

gkeonprem.vmwareClusters.enroll

gkeonprem.vmwareClusters.get

gkeonprem.vmwareClusters.unenroll

gkeonprem.vmwareNodePools.enroll

gkeonprem.vmwareNodePools.get

gkeonprem.vmwareNodePools.unenroll

GKE on-prem Viewer

(roles/gkeonprem.viewer)

Read-only access to GKE on-prem all resources.

gkeonprem.bareMetalAdminClusters.connect

gkeonprem.bareMetalAdminClusters.get

gkeonprem.bareMetalAdminClusters.getIamPolicy

gkeonprem.bareMetalAdminClusters.list

gkeonprem.bareMetalAdminClusters.listEffectiveTags

gkeonprem.bareMetalAdminClusters.listTagBindings

gkeonprem.bareMetalAdminClusters.queryVersionConfig

gkeonprem.bareMetalClusters.get

gkeonprem.bareMetalClusters.getIamPolicy

gkeonprem.bareMetalClusters.list

gkeonprem.bareMetalClusters.listEffectiveTags

gkeonprem.bareMetalClusters.listTagBindings

gkeonprem.bareMetalClusters.queryVersionConfig

gkeonprem.bareMetalNodePools.get

gkeonprem.bareMetalNodePools.getIamPolicy

gkeonprem.bareMetalNodePools.list

gkeonprem.locations.*

  • gkeonprem.locations.get
  • gkeonprem.locations.list

gkeonprem.operations.get

gkeonprem.operations.list

gkeonprem.vmwareAdminClusters.connect

gkeonprem.vmwareAdminClusters.get

gkeonprem.vmwareAdminClusters.getIamPolicy

gkeonprem.vmwareAdminClusters.list

gkeonprem.vmwareAdminClusters.listEffectiveTags

gkeonprem.vmwareAdminClusters.listTagBindings

gkeonprem.vmwareClusters.get

gkeonprem.vmwareClusters.getIamPolicy

gkeonprem.vmwareClusters.list

gkeonprem.vmwareClusters.listEffectiveTags

gkeonprem.vmwareClusters.listTagBindings

gkeonprem.vmwareClusters.queryVersionConfig

gkeonprem.vmwareNodePools.get

gkeonprem.vmwareNodePools.getIamPolicy

gkeonprem.vmwareNodePools.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Distributed Cloud permissions

PermissionIncluded in roles

gkeonprem.bareMetalAdminClusters.connect

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalAdminClusters.create

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalAdminClusters.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.bareMetalAdminClusters.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.bareMetalAdminClusters.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalAdminClusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalAdminClusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalAdminClusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalAdminClusters.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.bareMetalAdminClusters.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.bareMetalAdminClusters.queryVersionConfig

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalAdminClusters.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.bareMetalAdminClusters.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalAdminClusters.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalClusters.create

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalClusters.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.bareMetalClusters.delete

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalClusters.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.bareMetalClusters.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalClusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalClusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalClusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalClusters.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.bareMetalClusters.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.bareMetalClusters.queryVersionConfig

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalClusters.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.bareMetalClusters.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalClusters.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalNodePools.create

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalNodePools.delete

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.bareMetalNodePools.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalNodePools.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalNodePools.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalNodePools.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.bareMetalNodePools.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.bareMetalNodePools.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.bareMetalNodePools.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

gkeonprem.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.operations.delete

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareAdminClusters.connect

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareAdminClusters.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.vmwareAdminClusters.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.vmwareAdminClusters.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareAdminClusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareAdminClusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareAdminClusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareAdminClusters.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.vmwareAdminClusters.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.vmwareAdminClusters.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.vmwareAdminClusters.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareAdminClusters.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareClusters.create

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareClusters.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.vmwareClusters.delete

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareClusters.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

Tag User (roles/resourcemanager.tagUser)

gkeonprem.vmwareClusters.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareClusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareClusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareClusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareClusters.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.vmwareClusters.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

gkeonprem.vmwareClusters.queryVersionConfig

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareClusters.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.vmwareClusters.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareClusters.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareNodePools.create

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareNodePools.delete

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

gkeonprem.vmwareNodePools.enroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareNodePools.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Support User (roles/iam.supportUser)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareNodePools.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareNodePools.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

GKE on-prem Admin (roles/gkeonprem.admin)

GKE on-prem Viewer (roles/gkeonprem.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

gkeonprem.vmwareNodePools.setIamPolicy

Owner (roles/owner)

GKE on-prem Admin (roles/gkeonprem.admin)

Security Admin (roles/iam.securityAdmin)

gkeonprem.vmwareNodePools.unenroll

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

gkeonprem.vmwareNodePools.update

Owner (roles/owner)

Editor (roles/editor)

GKE on-prem Admin (roles/gkeonprem.admin)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.