Google Cloud VMware Engine roles and permissions

This page lists the IAM roles and permissions for Google Cloud VMware Engine. Tosearch through all roles and permissions, see therole andpermission index.

Google Cloud VMware Engine roles

RolePermissions

VMware Engine Service Agent

(roles/vmwareengine.serviceAgent)

Gives permission to manage network configuration, such as establishing network peering, necessary for GCVE

Warning: Do not grant service agent roles to any principals exceptservice agents.

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalOperations.get

compute.networks.addPeering

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.networks.updatePolicy

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.routers.list

compute.routes.list

compute.subnetworks.get

compute.subnetworks.list

dns.changes.*

  • dns.changes.create
  • dns.changes.get
  • dns.changes.list

dns.dnsKeys.*

  • dns.dnsKeys.get
  • dns.dnsKeys.list

dns.gkeClusters.*

  • dns.gkeClusters.bindDNSResponsePolicy
  • dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

  • dns.managedZoneOperations.get
  • dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

  • dns.networks.bindDNSResponsePolicy
  • dns.networks.bindPrivateDNSPolicy
  • dns.networks.bindPrivateDNSZone
  • dns.networks.targetWithPeeringZone
  • dns.networks.useHealthSignals

dns.policies.create

dns.policies.delete

dns.policies.get

dns.policies.list

dns.policies.listEffectiveTags

dns.policies.listTagBindings

dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

  • dns.resourceRecordSets.create
  • dns.resourceRecordSets.delete
  • dns.resourceRecordSets.get
  • dns.resourceRecordSets.list
  • dns.resourceRecordSets.update

dns.responsePolicies.*

  • dns.responsePolicies.create
  • dns.responsePolicies.delete
  • dns.responsePolicies.get
  • dns.responsePolicies.list
  • dns.responsePolicies.update

dns.responsePolicyRules.*

  • dns.responsePolicyRules.create
  • dns.responsePolicyRules.delete
  • dns.responsePolicyRules.get
  • dns.responsePolicyRules.list
  • dns.responsePolicyRules.update

resourcemanager.projects.get

resourcemanager.projects.list

vmwareengine.externalAddresses.get

vmwareengine.externalAddresses.list

vmwareengine.nodes.*

  • vmwareengine.nodes.get
  • vmwareengine.nodes.list

VMware Engine Service Admin

(roles/vmwareengine.vmwareengineAdmin)

Admin has full access to VMware Engine Service

resourcemanager.projects.get

resourcemanager.projects.list

vmwareengine.clusters.*

  • vmwareengine.clusters.create
  • vmwareengine.clusters.delete
  • vmwareengine.clusters.get
  • vmwareengine.clusters.getIamPolicy
  • vmwareengine.clusters.list
  • vmwareengine.clusters.mountDatastore
  • vmwareengine.clusters.setIamPolicy
  • vmwareengine.clusters.unmountDatastore
  • vmwareengine.clusters.update

vmwareengine.datastores.*

  • vmwareengine.datastores.create
  • vmwareengine.datastores.delete
  • vmwareengine.datastores.get
  • vmwareengine.datastores.getIamPolicy
  • vmwareengine.datastores.list
  • vmwareengine.datastores.setIamPolicy
  • vmwareengine.datastores.update

vmwareengine.dnsBindPermission.*

  • vmwareengine.dnsBindPermission.get
  • vmwareengine.dnsBindPermission.grant
  • vmwareengine.dnsBindPermission.revoke

vmwareengine.dnsForwarding.*

  • vmwareengine.dnsForwarding.get
  • vmwareengine.dnsForwarding.update

vmwareengine.externalAccessRules.*

  • vmwareengine.externalAccessRules.create
  • vmwareengine.externalAccessRules.delete
  • vmwareengine.externalAccessRules.get
  • vmwareengine.externalAccessRules.list
  • vmwareengine.externalAccessRules.update

vmwareengine.externalAddresses.*

  • vmwareengine.externalAddresses.create
  • vmwareengine.externalAddresses.delete
  • vmwareengine.externalAddresses.get
  • vmwareengine.externalAddresses.list
  • vmwareengine.externalAddresses.update

vmwareengine.hcxActivationKeys.*

  • vmwareengine.hcxActivationKeys.create
  • vmwareengine.hcxActivationKeys.get
  • vmwareengine.hcxActivationKeys.getIamPolicy
  • vmwareengine.hcxActivationKeys.list
  • vmwareengine.hcxActivationKeys.setIamPolicy

vmwareengine.locations.*

  • vmwareengine.locations.get
  • vmwareengine.locations.list

vmwareengine.loggingServers.*

  • vmwareengine.loggingServers.create
  • vmwareengine.loggingServers.delete
  • vmwareengine.loggingServers.get
  • vmwareengine.loggingServers.list
  • vmwareengine.loggingServers.update

vmwareengine.managementDnsZoneBindings.*

  • vmwareengine.managementDnsZoneBindings.create
  • vmwareengine.managementDnsZoneBindings.delete
  • vmwareengine.managementDnsZoneBindings.get
  • vmwareengine.managementDnsZoneBindings.list
  • vmwareengine.managementDnsZoneBindings.repair
  • vmwareengine.managementDnsZoneBindings.update

vmwareengine.networkPeerings.*

  • vmwareengine.networkPeerings.create
  • vmwareengine.networkPeerings.createTagBinding
  • vmwareengine.networkPeerings.delete
  • vmwareengine.networkPeerings.deleteTagBinding
  • vmwareengine.networkPeerings.get
  • vmwareengine.networkPeerings.list
  • vmwareengine.networkPeerings.listEffectiveTags
  • vmwareengine.networkPeerings.listPeeringRoutes
  • vmwareengine.networkPeerings.listTagBindings
  • vmwareengine.networkPeerings.update

vmwareengine.networkPolicies.*

  • vmwareengine.networkPolicies.create
  • vmwareengine.networkPolicies.createTagBinding
  • vmwareengine.networkPolicies.delete
  • vmwareengine.networkPolicies.deleteTagBinding
  • vmwareengine.networkPolicies.fetchExternalAddresses
  • vmwareengine.networkPolicies.get
  • vmwareengine.networkPolicies.list
  • vmwareengine.networkPolicies.listEffectiveTags
  • vmwareengine.networkPolicies.listTagBindings
  • vmwareengine.networkPolicies.update

vmwareengine.nodeTypes.*

  • vmwareengine.nodeTypes.get
  • vmwareengine.nodeTypes.list

vmwareengine.nodes.*

  • vmwareengine.nodes.get
  • vmwareengine.nodes.list

vmwareengine.operations.*

  • vmwareengine.operations.delete
  • vmwareengine.operations.get
  • vmwareengine.operations.list

vmwareengine.privateClouds.create

vmwareengine.privateClouds.createTagBinding

vmwareengine.privateClouds.delete

vmwareengine.privateClouds.deleteTagBinding

vmwareengine.privateClouds.get

vmwareengine.privateClouds.getIamPolicy

vmwareengine.privateClouds.list

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateClouds.resetNsxCredentials

vmwareengine.privateClouds.resetVcenterCredentials

vmwareengine.privateClouds.setIamPolicy

vmwareengine.privateClouds.showNsxCredentials

vmwareengine.privateClouds.showVcenterCredentials

vmwareengine.privateClouds.undelete

vmwareengine.privateClouds.update

vmwareengine.privateConnections.*

  • vmwareengine.privateConnections.create
  • vmwareengine.privateConnections.createTagBinding
  • vmwareengine.privateConnections.delete
  • vmwareengine.privateConnections.deleteTagBinding
  • vmwareengine.privateConnections.get
  • vmwareengine.privateConnections.list
  • vmwareengine.privateConnections.listEffectiveTags
  • vmwareengine.privateConnections.listPeeringRoutes
  • vmwareengine.privateConnections.listTagBindings
  • vmwareengine.privateConnections.update

vmwareengine.projectState.get

vmwareengine.services.*

  • vmwareengine.services.use
  • vmwareengine.services.view

vmwareengine.subnets.*

  • vmwareengine.subnets.get
  • vmwareengine.subnets.list
  • vmwareengine.subnets.update

vmwareengine.vmwareEngineNetworks.*

  • vmwareengine.vmwareEngineNetworks.create
  • vmwareengine.vmwareEngineNetworks.createTagBinding
  • vmwareengine.vmwareEngineNetworks.delete
  • vmwareengine.vmwareEngineNetworks.deleteTagBinding
  • vmwareengine.vmwareEngineNetworks.get
  • vmwareengine.vmwareEngineNetworks.list
  • vmwareengine.vmwareEngineNetworks.listEffectiveTags
  • vmwareengine.vmwareEngineNetworks.listTagBindings
  • vmwareengine.vmwareEngineNetworks.update

VMware Engine Service Privileged User

(roles/vmwareengine.vmwareenginePrivilegedUser)

Privileged User has access to VMWare Engine Service Privileged API

resourcemanager.projects.get

resourcemanager.projects.list

vmwareengine.clusters.delete

vmwareengine.clusters.get

vmwareengine.clusters.getIamPolicy

vmwareengine.clusters.list

vmwareengine.datastores.get

vmwareengine.datastores.getIamPolicy

vmwareengine.datastores.list

vmwareengine.dnsBindPermission.get

vmwareengine.dnsForwarding.get

vmwareengine.externalAccessRules.get

vmwareengine.externalAccessRules.list

vmwareengine.externalAddresses.get

vmwareengine.externalAddresses.list

vmwareengine.hcxActivationKeys.get

vmwareengine.hcxActivationKeys.getIamPolicy

vmwareengine.hcxActivationKeys.list

vmwareengine.locations.*

  • vmwareengine.locations.get
  • vmwareengine.locations.list

vmwareengine.loggingServers.get

vmwareengine.loggingServers.list

vmwareengine.managementDnsZoneBindings.get

vmwareengine.managementDnsZoneBindings.list

vmwareengine.networkPeerings.get

vmwareengine.networkPeerings.list

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listPeeringRoutes

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.fetchExternalAddresses

vmwareengine.networkPolicies.get

vmwareengine.networkPolicies.list

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.nodeTypes.*

  • vmwareengine.nodeTypes.get
  • vmwareengine.nodeTypes.list

vmwareengine.nodes.*

  • vmwareengine.nodes.get
  • vmwareengine.nodes.list

vmwareengine.operations.get

vmwareengine.operations.list

vmwareengine.privateClouds.get

vmwareengine.privateClouds.getIamPolicy

vmwareengine.privateClouds.list

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateClouds.privateCloudDeletionNow

vmwareengine.privateConnections.get

vmwareengine.privateConnections.list

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listPeeringRoutes

vmwareengine.privateConnections.listTagBindings

vmwareengine.projectState.get

vmwareengine.services.*

  • vmwareengine.services.use
  • vmwareengine.services.view

vmwareengine.subnets.get

vmwareengine.subnets.list

vmwareengine.vmwareEngineNetworks.get

vmwareengine.vmwareEngineNetworks.list

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

VMware Engine Service Viewer

(roles/vmwareengine.vmwareengineViewer)

Viewer has read-only access to VMware Engine Service

resourcemanager.projects.get

resourcemanager.projects.list

vmwareengine.clusters.get

vmwareengine.clusters.getIamPolicy

vmwareengine.clusters.list

vmwareengine.datastores.get

vmwareengine.datastores.getIamPolicy

vmwareengine.datastores.list

vmwareengine.dnsBindPermission.get

vmwareengine.dnsForwarding.get

vmwareengine.externalAccessRules.get

vmwareengine.externalAccessRules.list

vmwareengine.externalAddresses.get

vmwareengine.externalAddresses.list

vmwareengine.hcxActivationKeys.get

vmwareengine.hcxActivationKeys.getIamPolicy

vmwareengine.hcxActivationKeys.list

vmwareengine.locations.*

  • vmwareengine.locations.get
  • vmwareengine.locations.list

vmwareengine.loggingServers.get

vmwareengine.loggingServers.list

vmwareengine.managementDnsZoneBindings.get

vmwareengine.managementDnsZoneBindings.list

vmwareengine.networkPeerings.get

vmwareengine.networkPeerings.list

vmwareengine.networkPeerings.listEffectiveTags

vmwareengine.networkPeerings.listPeeringRoutes

vmwareengine.networkPeerings.listTagBindings

vmwareengine.networkPolicies.fetchExternalAddresses

vmwareengine.networkPolicies.get

vmwareengine.networkPolicies.list

vmwareengine.networkPolicies.listEffectiveTags

vmwareengine.networkPolicies.listTagBindings

vmwareengine.nodeTypes.*

  • vmwareengine.nodeTypes.get
  • vmwareengine.nodeTypes.list

vmwareengine.nodes.*

  • vmwareengine.nodes.get
  • vmwareengine.nodes.list

vmwareengine.operations.get

vmwareengine.operations.list

vmwareengine.privateClouds.get

vmwareengine.privateClouds.getIamPolicy

vmwareengine.privateClouds.list

vmwareengine.privateClouds.listEffectiveTags

vmwareengine.privateClouds.listTagBindings

vmwareengine.privateConnections.get

vmwareengine.privateConnections.list

vmwareengine.privateConnections.listEffectiveTags

vmwareengine.privateConnections.listPeeringRoutes

vmwareengine.privateConnections.listTagBindings

vmwareengine.projectState.get

vmwareengine.services.view

vmwareengine.subnets.get

vmwareengine.subnets.list

vmwareengine.vmwareEngineNetworks.get

vmwareengine.vmwareEngineNetworks.list

vmwareengine.vmwareEngineNetworks.listEffectiveTags

vmwareengine.vmwareEngineNetworks.listTagBindings

Google Cloud VMware Engine permissions

PermissionIncluded in roles

vmwareengine.clusters.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.clusters.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

vmwareengine.clusters.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.clusters.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.clusters.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.clusters.mountDatastore

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.clusters.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.clusters.unmountDatastore

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.clusters.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.datastores.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.datastores.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.datastores.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.datastores.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.datastores.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.datastores.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.datastores.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.dnsBindPermission.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.dnsBindPermission.grant

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.dnsBindPermission.revoke

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.dnsForwarding.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.dnsForwarding.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAccessRules.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAccessRules.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAccessRules.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.externalAccessRules.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.externalAccessRules.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAddresses.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAddresses.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.externalAddresses.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

vmwareengine.externalAddresses.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

vmwareengine.externalAddresses.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.hcxActivationKeys.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.hcxActivationKeys.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.hcxActivationKeys.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.hcxActivationKeys.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.hcxActivationKeys.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.loggingServers.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.loggingServers.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.loggingServers.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.loggingServers.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.loggingServers.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.managementDnsZoneBindings.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.managementDnsZoneBindings.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.managementDnsZoneBindings.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.managementDnsZoneBindings.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.managementDnsZoneBindings.repair

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.managementDnsZoneBindings.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPeerings.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPeerings.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPeerings.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPeerings.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPeerings.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPeerings.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPeerings.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPeerings.listPeeringRoutes

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPeerings.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPeerings.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPolicies.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPolicies.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPolicies.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPolicies.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.networkPolicies.fetchExternalAddresses

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPolicies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPolicies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPolicies.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPolicies.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.networkPolicies.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.nodeTypes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.nodeTypes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.nodes.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

vmwareengine.nodes.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

vmwareengine.operations.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateClouds.privateCloudDeletionNow

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

vmwareengine.privateClouds.resetNsxCredentials

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.resetVcenterCredentials

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.setIamPolicy

Owner (roles/owner)

Security Admin (roles/iam.securityAdmin)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.showNsxCredentials

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.showVcenterCredentials

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.undelete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateClouds.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateConnections.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateConnections.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateConnections.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateConnections.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.privateConnections.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateConnections.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateConnections.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateConnections.listPeeringRoutes

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateConnections.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.privateConnections.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.projectState.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.services.use

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

vmwareengine.services.view

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.subnets.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.subnets.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.subnets.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.vmwareEngineNetworks.create

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.vmwareEngineNetworks.createTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.vmwareEngineNetworks.delete

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.vmwareEngineNetworks.deleteTagBinding

Owner (roles/owner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

vmwareengine.vmwareEngineNetworks.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.vmwareEngineNetworks.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.vmwareEngineNetworks.listEffectiveTags

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.vmwareEngineNetworks.listTagBindings

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

VMware Engine Service Privileged User (roles/vmwareengine.vmwareenginePrivilegedUser)

VMware Engine Service Viewer (roles/vmwareengine.vmwareengineViewer)

vmwareengine.vmwareEngineNetworks.update

Owner (roles/owner)

Editor (roles/editor)

VMware Engine Service Admin (roles/vmwareengine.vmwareengineAdmin)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.