Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Policy Analyzer roles and permissions

This page lists the IAM roles and permissions for Policy Analyzer. To search through all roles and permissions, see the role and permission index.

Policy Analyzer roles

Role Permissions

Role	Permissions
Policyanalyzer Admin ^Beta (`roles/policyanalyzer.admin`) Admin role for policyanalyzer	`policyanalyzer.*` `policyanalyzer.resourceAuthorizationActivities.query` `policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query` `policyanalyzer.serviceAccountLastAuthenticationActivities.query` `resourcemanager.projects.get` `resourcemanager.projects.list`
Policyanalyzer Viewer ^Beta (`roles/policyanalyzer.viewer`) Viewer role for policyanalyzer	`policyanalyzer.*` `policyanalyzer.resourceAuthorizationActivities.query` `policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query` `policyanalyzer.serviceAccountLastAuthenticationActivities.query` `resourcemanager.projects.get` `resourcemanager.projects.list`
Activity Analysis Viewer ^Beta (`roles/policyanalyzer.activityAnalysisViewer`) Viewer user that can read all activity analysis.	`policyanalyzer.*` `policyanalyzer.resourceAuthorizationActivities.query` `policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query` `policyanalyzer.serviceAccountLastAuthenticationActivities.query`

Policyanalyzer Admin ^Beta

(roles/policyanalyzer.admin)

Admin role for policyanalyzer

policyanalyzer.*

policyanalyzer.resourceAuthorizationActivities.query
policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query
policyanalyzer.serviceAccountLastAuthenticationActivities.query

resourcemanager.projects.get

resourcemanager.projects.list

Policyanalyzer Viewer ^Beta

(roles/policyanalyzer.viewer)

Viewer role for policyanalyzer

policyanalyzer.*

policyanalyzer.resourceAuthorizationActivities.query
policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query
policyanalyzer.serviceAccountLastAuthenticationActivities.query

resourcemanager.projects.get

resourcemanager.projects.list

Activity Analysis Viewer ^Beta

(roles/policyanalyzer.activityAnalysisViewer)

Viewer user that can read all activity analysis.

policyanalyzer.*

policyanalyzer.resourceAuthorizationActivities.query
policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query
policyanalyzer.serviceAccountLastAuthenticationActivities.query

Policy Analyzer permissions

Permission Included in roles

Permission	Included in roles
`policyanalyzer.resourceAuthorizationActivities.query`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Policyanalyzer Admin (`roles/policyanalyzer.admin`) Policyanalyzer Viewer (`roles/policyanalyzer.viewer`) Deny Admin (`roles/iam.denyAdmin`) Support User (`roles/iam.supportUser`) Activity Analysis Viewer (`roles/policyanalyzer.activityAnalysisViewer`)
`policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Policyanalyzer Admin (`roles/policyanalyzer.admin`) Policyanalyzer Viewer (`roles/policyanalyzer.viewer`) Support User (`roles/iam.supportUser`) Activity Analysis Viewer (`roles/policyanalyzer.activityAnalysisViewer`)
`policyanalyzer.serviceAccountLastAuthenticationActivities.query`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Policyanalyzer Admin (`roles/policyanalyzer.admin`) Policyanalyzer Viewer (`roles/policyanalyzer.viewer`) Support User (`roles/iam.supportUser`) Activity Analysis Viewer (`roles/policyanalyzer.activityAnalysisViewer`)

`policyanalyzer.resourceAuthorizationActivities.query`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Policyanalyzer Admin (roles/policyanalyzer.admin)

Policyanalyzer Viewer (roles/policyanalyzer.viewer)

Deny Admin (roles/iam.denyAdmin)

Support User (roles/iam.supportUser)

Activity Analysis Viewer (roles/policyanalyzer.activityAnalysisViewer)

`policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Policyanalyzer Admin (roles/policyanalyzer.admin)

Policyanalyzer Viewer (roles/policyanalyzer.viewer)

Support User (roles/iam.supportUser)

Activity Analysis Viewer (roles/policyanalyzer.activityAnalysisViewer)

`policyanalyzer.serviceAccountLastAuthenticationActivities.query`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Policyanalyzer Admin (roles/policyanalyzer.admin)

Policyanalyzer Viewer (roles/policyanalyzer.viewer)

Support User (roles/iam.supportUser)

Activity Analysis Viewer (roles/policyanalyzer.activityAnalysisViewer)

Policy Analyzer roles and permissions

Policy Analyzer roles

Policyanalyzer Admin Beta

Policyanalyzer Viewer Beta

Activity Analysis Viewer Beta

Policy Analyzer permissions

policyanalyzer.resourceAuthorizationActivities.query

policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query

policyanalyzer.serviceAccountLastAuthenticationActivities.query

Policyanalyzer Admin ^Beta

Policyanalyzer Viewer ^Beta

Activity Analysis Viewer ^Beta

`policyanalyzer.resourceAuthorizationActivities.query`

`policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query`

`policyanalyzer.serviceAccountLastAuthenticationActivities.query`