Some or all of the information on this page might not apply to Trusted Cloud by S3NS. See Differences from Google Cloud for more details.

Access Transparency roles and permissions

This page lists the IAM roles and permissions for Access Transparency. To search through all roles and permissions, see the role and permission index.

Access Transparency roles

Role Permissions

Role	Permissions
Access Transparency Admin (`roles/axt.admin`) Enable Access Transparency for Organization Lowest-level resources where you can grant this role: Project	`axt.*` `axt.labels.get` `axt.labels.set` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Access Transparency Admin

(roles/axt.admin)

Enable Access Transparency for Organization

Lowest-level resources where you can grant this role:

Project

axt.*

axt.labels.get
axt.labels.set

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Access Transparency permissions

Permission Included in roles

Permission	Included in roles
`axt.labels.get`	Access Transparency Admin (`roles/axt.admin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Security Compliance Service Agent (`roles/cloudsecuritycompliance.serviceAgent`)
`axt.labels.set`	Assured Workloads Administrator (`roles/assuredworkloads.admin`) Assured Workloads Editor (`roles/assuredworkloads.editor`) Access Transparency Admin (`roles/axt.admin`)

`axt.labels.get`

Access Transparency Admin (roles/axt.admin)

Service agent roles

Cloud Security Compliance Service Agent (roles/cloudsecuritycompliance.serviceAgent)

`axt.labels.set`

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

Access Transparency Admin (roles/axt.admin)