Binary Authorization roles and permissions
binaryauthorization.attestors.create
Owner (roles/)
Editor (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent
binaryauthorization.attestors.delete
Owner (roles/)
Editor (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent
binaryauthorization.attestors.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Binary Authorization Attestor Image Verifier (roles/)
Binary Authorization Attestor Viewer (roles/)
Support User (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent -
Binary Authorization Service Agent (
roles/)binaryauthorization.serviceAgent
binaryauthorization.attestors.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Attestor Admin (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
binaryauthorization.attestors.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Binary Authorization Attestor Image Verifier (roles/)
Binary Authorization Attestor Viewer (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent -
Binary Authorization Service Agent (
roles/)binaryauthorization.serviceAgent
binaryauthorization.attestors.setIamPolicy
Owner (roles/)
Binary Authorization Attestor Admin (roles/)
Security Admin (roles/)
binaryauthorization.attestors.update
Owner (roles/)
Editor (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent
binaryauthorization.attestors.verifyImageAttested
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Attestor Admin (roles/)
Binary Authorization Attestor Editor (roles/)
Binary Authorization Attestor Image Verifier (roles/)
Support User (roles/)
Service agent roles
-
Cloud Build Service Agent (
roles/)cloudbuild.serviceAgent -
Binary Authorization Service Agent (
roles/)binaryauthorization.serviceAgent
binaryauthorization.continuousValidationConfig.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Viewer (roles/)
Dev Ops (roles/)
Support User (roles/)
binaryauthorization.continuousValidationConfig.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Dev Ops (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
binaryauthorization.continuousValidationConfig.setIamPolicy
Owner (roles/)
Binary Authorization Policy Administrator (roles/)
Dev Ops (roles/)
Security Admin (roles/)
binaryauthorization.continuousValidationConfig.update
Owner (roles/)
Editor (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Dev Ops (roles/)
binaryauthorization.platformPolicies.create
Owner (roles/)
Editor (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Dev Ops (roles/)
binaryauthorization.platformPolicies.delete
Owner (roles/)
Editor (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Dev Ops (roles/)
binaryauthorization.platformPolicies.evaluatePolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Evaluator (roles/)
Dev Ops (roles/)
Support User (roles/)
Service agent roles
-
Anthos Multi-Cloud Container Service Agent (
roles/)gkemulticloud.containerServiceAgent -
Cloud Run Service Agent (
roles/)run.serviceAgent -
Binary Authorization Service Agent (
roles/)binaryauthorization.serviceAgent
binaryauthorization.platformPolicies.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Evaluator (roles/)
Binary Authorization Policy Viewer (roles/)
Dev Ops (roles/)
Support User (roles/)
Service agent roles
-
Anthos Multi-Cloud Container Service Agent (
roles/)gkemulticloud.containerServiceAgent
binaryauthorization.platformPolicies.list
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Evaluator (roles/)
Binary Authorization Policy Viewer (roles/)
Dev Ops (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
Service agent roles
-
Anthos Multi-Cloud Container Service Agent (
roles/)gkemulticloud.containerServiceAgent
binaryauthorization.platformPolicies.replace
Owner (roles/)
Editor (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Dev Ops (roles/)
binaryauthorization.policy.evaluatePolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Evaluator (roles/)
Dev Ops (roles/)
Support User (roles/)
Service agent roles
-
Binary Authorization Service Agent (
roles/)binaryauthorization.serviceAgent -
Kubernetes Engine Service Agent (
roles/)container.serviceAgent -
Anthos Multi-Cloud Container Service Agent (
roles/)gkemulticloud.containerServiceAgent -
Cloud Run Service Agent (
roles/)run.serviceAgent -
Vertex AI Service Agent (
roles/)aiplatform.serviceAgent
binaryauthorization.policy.get
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Binary Authorization Policy Evaluator (roles/)
Binary Authorization Policy Viewer (roles/)
Dev Ops (roles/)
Support User (roles/)
Service agent roles
-
Cloud Security Compliance Service Agent (
roles/)cloudsecuritycompliance.serviceAgent -
Anthos Multi-Cloud Container Service Agent (
roles/)gkemulticloud.containerServiceAgent -
Security Center Control Service Agent (
roles/)securitycenter.controlServiceAgent -
Security Health Analytics Service Agent (
roles/)securitycenter.securityHealthAnalyticsServiceAgent -
Security Center Service Agent (
roles/)securitycenter.serviceAgent -
Audit Manager Auditing Service Agent (
roles/)auditmanager.serviceAgent
binaryauthorization.policy.getIamPolicy
Owner (roles/)
Editor (roles/)
Viewer (roles/)
Binary Authorization Policy Administrator (roles/)
Dev Ops (roles/)
Security Admin (roles/)
Security Auditor (roles/)
Security Reviewer (roles/)
Support User (roles/)
binaryauthorization.policy.setIamPolicy
Owner (roles/)
Binary Authorization Policy Administrator (roles/)
Dev Ops (roles/)
Security Admin (roles/)
binaryauthorization.policy.update
Owner (roles/)
Editor (roles/)
Binary Authorization Policy Administrator (roles/)
Binary Authorization Policy Editor (roles/)
Dev Ops (roles/)