Chrome Enterprise Premium roles and permissions

This page lists the IAM roles and permissions for Chrome Enterprise Premium. Tosearch through all roles and permissions, see therole andpermission index.

Chrome Enterprise Premium roles

RolePermissions

Cloud BeyondCorp AdminBeta

(roles/beyondcorp.admin)

Full access to all Cloud BeyondCorp resources.

beyondcorp.appConnections.*

  • beyondcorp.appConnections.create
  • beyondcorp.appConnections.delete
  • beyondcorp.appConnections.get
  • beyondcorp.appConnections.getIamPolicy
  • beyondcorp.appConnections.list
  • beyondcorp.appConnections.setIamPolicy
  • beyondcorp.appConnections.update

beyondcorp.appConnectors.*

  • beyondcorp.appConnectors.create
  • beyondcorp.appConnectors.delete
  • beyondcorp.appConnectors.get
  • beyondcorp.appConnectors.getIamPolicy
  • beyondcorp.appConnectors.list
  • beyondcorp.appConnectors.reportStatus
  • beyondcorp.appConnectors.setIamPolicy
  • beyondcorp.appConnectors.update

beyondcorp.appGateways.*

  • beyondcorp.appGateways.create
  • beyondcorp.appGateways.delete
  • beyondcorp.appGateways.get
  • beyondcorp.appGateways.getIamPolicy
  • beyondcorp.appGateways.list
  • beyondcorp.appGateways.setIamPolicy
  • beyondcorp.appGateways.update

beyondcorp.locations.*

  • beyondcorp.locations.get
  • beyondcorp.locations.list

beyondcorp.operations.*

  • beyondcorp.operations.cancel
  • beyondcorp.operations.delete
  • beyondcorp.operations.get
  • beyondcorp.operations.list

beyondcorp.securityGateways.*

  • beyondcorp.securityGateways.create
  • beyondcorp.securityGateways.delete
  • beyondcorp.securityGateways.get
  • beyondcorp.securityGateways.getIamPolicy
  • beyondcorp.securityGateways.list
  • beyondcorp.securityGateways.setIamPolicy
  • beyondcorp.securityGateways.update

beyondcorp.sgApplications.*

  • beyondcorp.sgApplications.create
  • beyondcorp.sgApplications.delete
  • beyondcorp.sgApplications.get
  • beyondcorp.sgApplications.getIamPolicy
  • beyondcorp.sgApplications.list
  • beyondcorp.sgApplications.setIamPolicy
  • beyondcorp.sgApplications.update

beyondcorp.subscriptions.*

  • beyondcorp.subscriptions.create
  • beyondcorp.subscriptions.get
  • beyondcorp.subscriptions.list
  • beyondcorp.subscriptions.terminate
  • beyondcorp.subscriptions.update

resourcemanager.projects.get

resourcemanager.projects.list

Cloud BeyondCorp Partner Service Delegate AdminBeta

(roles/beyondcorp.partnerServiceDelegateAdmin)

Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.

beyondcorp.operations.*

  • beyondcorp.operations.cancel
  • beyondcorp.operations.delete
  • beyondcorp.operations.get
  • beyondcorp.operations.list

beyondcorp.partnerTenants.*

  • beyondcorp.partnerTenants.create
  • beyondcorp.partnerTenants.delete
  • beyondcorp.partnerTenants.get
  • beyondcorp.partnerTenants.list
  • beyondcorp.partnerTenants.update

beyondcorp.proxyConfigs.*

  • beyondcorp.proxyConfigs.create
  • beyondcorp.proxyConfigs.delete
  • beyondcorp.proxyConfigs.get
  • beyondcorp.proxyConfigs.list
  • beyondcorp.proxyConfigs.update

resourcemanager.organizations.get

Cloud BeyondCorp Partner Service Delegate ViewerBeta

(roles/beyondcorp.partnerServiceDelegateViewer)

Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.

beyondcorp.partnerTenants.get

beyondcorp.partnerTenants.list

beyondcorp.proxyConfigs.get

beyondcorp.proxyConfigs.list

resourcemanager.organizations.get

Cloud BeyondCorp Subscription AdminBeta

(roles/beyondcorp.subscriptionAdmin)

Full access to all BeyondCorp Subscription resources.

beyondcorp.subscriptions.*

  • beyondcorp.subscriptions.create
  • beyondcorp.subscriptions.get
  • beyondcorp.subscriptions.list
  • beyondcorp.subscriptions.terminate
  • beyondcorp.subscriptions.update

resourcemanager.organizations.get

Cloud BeyondCorp Subscription ViewerBeta

(roles/beyondcorp.subscriptionViewer)

Read-only access to all BeyondCorp Subscription resources.

beyondcorp.subscriptions.get

beyondcorp.subscriptions.list

resourcemanager.organizations.get

Cloud BeyondCorp ViewerBeta

(roles/beyondcorp.viewer)

Read-only access to all Cloud BeyondCorp resources.

beyondcorp.appConnections.get

beyondcorp.appConnections.getIamPolicy

beyondcorp.appConnections.list

beyondcorp.appConnectors.get

beyondcorp.appConnectors.getIamPolicy

beyondcorp.appConnectors.list

beyondcorp.appGateways.get

beyondcorp.appGateways.getIamPolicy

beyondcorp.appGateways.list

beyondcorp.locations.*

  • beyondcorp.locations.get
  • beyondcorp.locations.list

beyondcorp.operations.get

beyondcorp.operations.list

beyondcorp.securityGateways.get

beyondcorp.securityGateways.getIamPolicy

beyondcorp.securityGateways.list

beyondcorp.sgApplications.get

beyondcorp.sgApplications.getIamPolicy

beyondcorp.sgApplications.list

beyondcorp.subscriptions.get

beyondcorp.subscriptions.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Chrome Enterprise Premium permissions

PermissionIncluded in roles

beyondcorp.appConnections.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnections.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnections.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnections.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnections.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnections.setIamPolicy

Owner (roles/owner)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Security Admin (roles/iam.securityAdmin)

beyondcorp.appConnections.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnectors.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnectors.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnectors.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnectors.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnectors.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appConnectors.reportStatus

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appConnectors.setIamPolicy

Owner (roles/owner)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Security Admin (roles/iam.securityAdmin)

beyondcorp.appConnectors.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appGateways.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appGateways.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.appGateways.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.appGateways.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appGateways.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.appGateways.setIamPolicy

Owner (roles/owner)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Security Admin (roles/iam.securityAdmin)

beyondcorp.appGateways.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.partnerTenants.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.partnerTenants.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.partnerTenants.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Partner Service Delegate Viewer (roles/beyondcorp.partnerServiceDelegateViewer)

Support User (roles/iam.supportUser)

beyondcorp.partnerTenants.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Partner Service Delegate Viewer (roles/beyondcorp.partnerServiceDelegateViewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.partnerTenants.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.proxyConfigs.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.proxyConfigs.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.proxyConfigs.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Partner Service Delegate Viewer (roles/beyondcorp.partnerServiceDelegateViewer)

Support User (roles/iam.supportUser)

beyondcorp.proxyConfigs.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

Cloud BeyondCorp Partner Service Delegate Viewer (roles/beyondcorp.partnerServiceDelegateViewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.proxyConfigs.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Partner Service Delegate Admin (roles/beyondcorp.partnerServiceDelegateAdmin)

beyondcorp.securityGateways.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.securityGateways.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.securityGateways.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.securityGateways.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.securityGateways.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.securityGateways.setIamPolicy

Owner (roles/owner)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Security Admin (roles/iam.securityAdmin)

beyondcorp.securityGateways.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.sgApplications.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.sgApplications.delete

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.sgApplications.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.sgApplications.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.sgApplications.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.sgApplications.setIamPolicy

Owner (roles/owner)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Security Admin (roles/iam.securityAdmin)

beyondcorp.sgApplications.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

beyondcorp.subscriptions.create

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

beyondcorp.subscriptions.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

Cloud BeyondCorp Subscription Viewer (roles/beyondcorp.subscriptionViewer)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Support User (roles/iam.supportUser)

beyondcorp.subscriptions.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

Cloud BeyondCorp Subscription Viewer (roles/beyondcorp.subscriptionViewer)

Cloud BeyondCorp Viewer (roles/beyondcorp.viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

beyondcorp.subscriptions.terminate

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

beyondcorp.subscriptions.update

Owner (roles/owner)

Editor (roles/editor)

Cloud BeyondCorp Admin (roles/beyondcorp.admin)

Cloud BeyondCorp Subscription Admin (roles/beyondcorp.subscriptionAdmin)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.