Control access with IAM
Cloud Profiler controls access to profiling activitiesin Google Cloud projects by usingIdentity and Access Management (IAM)roles and permissions.
Note: Cloud Profiler doesn't supportWorkload identity federation. You can't useCloud Profiler in an environment that relies exclusively onWorkload identity federation for authentication.Overview
To use Cloud Profiler for a Google Cloud project, you must have theappropriate IAM permissions on that project.
Permissions are not granted directly to users; permissions are insteadgranted indirectly through roles, which group permissions.For more information on these concepts, see theIAM documentation onroles, permissions, and relatedconcepts.
Permissions and roles
This section summarizes the permissions and roles that apply toProfiler.
Permissions
The following table lists the permissions required for profiling activities:
| Activity | Required permissions |
|---|---|
| Create profiles | cloudprofiler.profiles.create |
| List profiles | cloudprofiler.profiles.list |
| Modify profiles | cloudprofiler.profiles.update |
Roles
IAM roles include permissions and can be assigned to users,groups, and service accounts. The following table lists the roles forProfiler:
| Role | Permissions |
|---|---|
Cloud Profiler Agent( Cloud Profiler agents are allowed to register and provide the profiling data. |
|
Cloud Profiler User( Cloud Profiler users are allowed to query and view the profiling data. |
|
To learn how to assign Identity and Access Management roles to a user or service account, seeManaging Policies.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.