Certificate Authority Service roles and permissions
privateca.caPools.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.caPools.createTagBinding
Owner (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
Tag User (roles/)
privateca.caPools.delete
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.caPools.deleteTagBinding
Owner (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
Tag User (roles/)
privateca.caPools.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
CA Service Pool Reader (roles/)
Service agent roles
-
Managed Kafka Service Agent (
roles/)managedkafka.serviceAgent
privateca.caPools.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.caPools.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.caPools.listEffectiveTags
Owner (roles/)
Editor (roles/)
Viewer (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
Security Auditor (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
Tag User (roles/)
Tag Viewer (roles/)
privateca.caPools.listTagBindings
Owner (roles/)
Editor (roles/)
Viewer (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
Security Auditor (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
Tag User (roles/)
Tag Viewer (roles/)
privateca.caPools.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.caPools.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.caPools.use
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
privateca.certificateAuthorities.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateAuthorities.delete
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateAuthorities.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateAuthorities.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateAuthorities.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateAuthorities.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.certificateAuthorities.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateRevocationLists.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
privateca.certificateRevocationLists.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateRevocationLists.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateRevocationLists.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateRevocationLists.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.certificateRevocationLists.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateTemplates.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateTemplates.createTagBinding
Owner (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
Tag User (roles/)
privateca.certificateTemplates.delete
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateTemplates.deleteTagBinding
Owner (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
Tag User (roles/)
privateca.certificateTemplates.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
CA Service Certificate Template User (roles/)
privateca.certificateTemplates.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificateTemplates.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
CA Service Certificate Template User (roles/)
privateca.certificateTemplates.listEffectiveTags
Owner (roles/)
Editor (roles/)
Viewer (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
Security Auditor (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
Tag User (roles/)
Tag Viewer (roles/)
privateca.certificateTemplates.listTagBindings
Owner (roles/)
Editor (roles/)
Viewer (roles/)
DLP Organization Data Profiles Driver (roles/)
DLP Project Data Profiles Driver (roles/)
Security Auditor (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
Tag User (roles/)
Tag Viewer (roles/)
privateca.certificateTemplates.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.certificateTemplates.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.certificateTemplates.use
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Certificate Template User (roles/)
privateca.certificates.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Certificate Manager (roles/)
CA Service Certificate Requester (roles/)
privateca.certificates.createForSelf
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Workload Certificate Requester (roles/)
privateca.certificates.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificates.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.certificates.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
Service agent roles
-
Cloud Security Compliance Service Agent (
roles/)cloudsecuritycompliance.serviceAgent -
Audit Manager Auditing Service Agent (
roles/)auditmanager.serviceAgent
privateca.certificates.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.certificates.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.locations.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.locations.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.operations.cancel
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
privateca.operations.delete
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
privateca.operations.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.operations.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.reusableConfigs.create
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.reusableConfigs.delete
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)
privateca.reusableConfigs.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.reusableConfigs.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.reusableConfigs.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
CA Service Admin (roles/)
CA Service Auditor (roles/)
CA Service Operation Manager (roles/)
CA Service Certificate Manager (roles/)
privateca.reusableConfigs.setIamPolicy
Owner (roles/)
Security Admin (roles/)
CA Service Admin (roles/)
privateca.reusableConfigs.update
Owner (roles/)
Editor (roles/)
CA Service Admin (roles/)
CA Service Operation Manager (roles/)