Cloud OS Config roles and permissions
This page lists the IAM roles and permissions for Cloud OS Config. Tosearch through all roles and permissions, see therole andpermission index.
Cloud OS Config roles
| Role | Permissions |
|---|---|
OS Config Admin( Full access to OS Config resources |
|
GuestPolicy AdminBeta( Full admin access to GuestPolicies |
|
GuestPolicy EditorBeta( Editor of GuestPolicy resources |
|
GuestPolicy ViewerBeta( Viewer of GuestPolicy resources |
|
InstanceOSPoliciesCompliance ViewerBeta( Viewer of OS Policies Compliance of VM instances |
|
OS Inventory Viewer( Viewer of OS Inventories |
|
OSPolicyAssignment Admin( Full admin access to OS Policy Assignments |
|
OSPolicyAssignment Editor( Editor of OS Policy Assignments |
|
OSPolicyAssignmentReport Viewer( Viewer of OS policy assignment reports for VM instances |
|
OSPolicyAssignment Viewer( Viewer of OS Policy Assignments |
|
PatchDeployment Admin( Full admin access to PatchDeployments |
|
PatchDeployment Viewer( Viewer of PatchDeployment resources |
|
Patch Job Executor( Access to execute Patch Jobs. |
|
Patch Job Viewer( Get and list Patch Jobs. |
|
PolicyOrchestrator AdminBeta( Admin of PolicyOrchestrator resources |
|
PolicyOrchestrator ViewerBeta( Viewer of PolicyOrchestrator resources |
|
Project Feature Settings Editor( Read/write access to project feature settings |
|
Project Feature Settings Viewer( Read access to project feature settings |
|
Cloud OS Config Rollout Service Agent( Grants OS Config Rollout Service Account access to zonal OS Config resources. Warning: Do not grant service agent roles to any principals exceptservice agents. |
|
Cloud OS Config Service Agent( Grants OS Config Service Account access to Google Compute Engine instances. Warning: Do not grant service agent roles to any principals exceptservice agents. |
|
Upgrade Report ViewerBeta( Provides read-only access to VM Manager Upgrade Reports |
|
OS Config Viewer( Readonly access to OS Config resources |
|
OS VulnerabilityReport Viewer( Viewer of OS VulnerabilityReports |
|
Cloud OS Config permissions
| Permission | Included in roles |
|---|---|
| Owner ( Editor ( OS Config Admin ( GuestPolicy Admin ( |
| Owner ( Editor ( OS Config Admin ( GuestPolicy Admin ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( GuestPolicy Admin ( GuestPolicy Editor ( GuestPolicy Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( GuestPolicy Admin ( GuestPolicy Editor ( GuestPolicy Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( GuestPolicy Admin ( GuestPolicy Editor ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( InstanceOSPoliciesCompliance Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( InstanceOSPoliciesCompliance Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OS Inventory Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( OS Inventory Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( PolicyOrchestrator Admin ( PolicyOrchestrator Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( PolicyOrchestrator Admin ( PolicyOrchestrator Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( |
| Owner ( Editor ( OS Config Admin ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( PolicyOrchestrator Admin ( PolicyOrchestrator Viewer ( OS Config Viewer ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OSPolicyAssignmentReport Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( OSPolicyAssignmentReport Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OSPolicyAssignmentReport Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( OSPolicyAssignment Admin ( |
| Owner ( Editor ( OS Config Admin ( OSPolicyAssignment Admin ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OSPolicyAssignment Admin ( OSPolicyAssignment Editor ( OSPolicyAssignment Viewer ( OS Config Viewer ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( OSPolicyAssignment Admin ( OSPolicyAssignment Editor ( OSPolicyAssignment Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OSPolicyAssignment Admin ( OSPolicyAssignment Editor ( OSPolicyAssignment Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( OSPolicyAssignment Admin ( OSPolicyAssignment Editor ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( PatchDeployment Admin ( PatchDeployment Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( PatchDeployment Admin ( PatchDeployment Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( OS Config Admin ( PatchDeployment Admin ( |
| Owner ( Editor ( OS Config Admin ( Patch Job Executor ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( Patch Job Executor ( Patch Job Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( Patch Job Executor ( Patch Job Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( PolicyOrchestrator Admin ( |
| Owner ( Editor ( OS Config Admin ( PolicyOrchestrator Admin ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( PolicyOrchestrator Admin ( PolicyOrchestrator Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( PolicyOrchestrator Admin ( PolicyOrchestrator Viewer ( OS Config Viewer ( |
| Owner ( Editor ( OS Config Admin ( PolicyOrchestrator Admin ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( Project Feature Settings Editor ( Project Feature Settings Viewer ( OS Config Viewer ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( OS Config Admin ( Project Feature Settings Editor ( Service agent roles Warning: Don't grant service agent roles to any principals exceptservice agents.
|
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( Upgrade Report Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( Upgrade Report Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( Upgrade Report Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( Upgrade Report Viewer ( OS Config Viewer ( |
| Owner ( Editor ( Viewer ( Support User ( OS Config Admin ( OS Config Viewer ( OS VulnerabilityReport Viewer ( |
| Owner ( Editor ( Viewer ( Security Admin ( Security Auditor ( Security Reviewer ( Support User ( OS Config Admin ( OS Config Viewer ( OS VulnerabilityReport Viewer ( |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.