roles/compute.serviceAgent
Title: Compute Engine Service Agent
Description: Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.
Stage: GA
Role Type: Service Agent
68 Assigned Permissions:
- cloudnotifications.activities.list
- compute.addresses.use
- compute.addresses.useInternal
- compute.disks.create
- compute.disks.createTagBinding
- compute.disks.setLabels
- compute.disks.use
- compute.disks.useReadOnly
- compute.images.useReadOnly
- compute.instanceGroupManagers.get
- compute.instanceTemplates.useReadOnly
- compute.instances.create
- compute.instances.createTagBinding
- compute.instances.setDeletionProtection
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setServiceAccount
- compute.instances.setTags
- compute.instances.updateDisplayDevice
- compute.machineImages.useReadOnly
- compute.networks.use
- compute.networks.useExternalIp
- compute.resourcePolicies.use
- compute.snapshots.useReadOnly
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- iam.serviceAccounts.actAs
- iam.serviceAccounts.getAccessToken
- iam.serviceAccounts.getOpenIdToken
- iam.serviceAccounts.implicitDelegation
- iam.serviceAccounts.signJwt
- logging.logEntries.create
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.alertPolicies.listEffectiveTags
- monitoring.alertPolicies.listTagBindings
- monitoring.dashboards.get
- monitoring.dashboards.list
- monitoring.dashboards.listEffectiveTags
- monitoring.dashboards.listTagBindings
- monitoring.groups.get
- monitoring.groups.list
- monitoring.metricDescriptors.get
- monitoring.metricDescriptors.list
- monitoring.monitoredResourceDescriptors.get
- monitoring.monitoredResourceDescriptors.list
- monitoring.notificationChannelDescriptors.get
- monitoring.notificationChannelDescriptors.list
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.services.get
- monitoring.services.list
- monitoring.slos.get
- monitoring.slos.list
- monitoring.snoozes.get
- monitoring.snoozes.list
- monitoring.timeSeries.list
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.list
- opsconfigmonitoring.resourceMetadata.list
- resourcemanager.projects.get
- resourcemanager.projects.list
- stackdriver.projects.get
- stackdriver.resourceMetadata.list
- storage.objects.create
- storage.objects.get
- storage.objects.list
- storage.objects.update