Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Policy Simulator roles and permissions

This page lists the IAM roles and permissions for Policy Simulator. To search through all roles and permissions, see the role and permission index.

Policy Simulator roles

Role Permissions

Role	Permissions
Simulator Admin ^Beta (`roles/policysimulator.admin`) Admin user that can run and access replays.	`policysimulator.accessPolicySimulationResults.list` `policysimulator.accessPolicySimulations.` `policysimulator.accessPolicySimulations.create` `policysimulator.accessPolicySimulations.get` `policysimulator.accessPolicySimulations.list` `policysimulator.replayResults.list` `policysimulator.replays.` `policysimulator.replays.create` `policysimulator.replays.get` `policysimulator.replays.list` `policysimulator.replays.run`
OrgPolicy Simulator Admin ^Beta (`roles/policysimulator.orgPolicyAdmin`) OrgPolicy Admin that can run and access simulations.	`cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.searchAllResources` `orgpolicy.customConstraints.get` `orgpolicy.customConstraints.list` `orgpolicy.policies.list` `orgpolicy.policy.get` `policysimulator.orgPolicyViolations.list` `policysimulator.orgPolicyViolationsPreviews.*` `policysimulator.orgPolicyViolationsPreviews.create` `policysimulator.orgPolicyViolationsPreviews.get` `policysimulator.orgPolicyViolationsPreviews.list` `resourcemanager.organizations.get`
Policysimulator Viewer ^Beta (`roles/policysimulator.viewer`) Viewer role for policysimulator	`policysimulator.accessPolicySimulationResults.list` `policysimulator.accessPolicySimulations.get` `policysimulator.accessPolicySimulations.list` `policysimulator.orgPolicyViolations.list` `policysimulator.orgPolicyViolationsPreviews.get` `policysimulator.orgPolicyViolationsPreviews.list` `policysimulator.replayResults.list` `policysimulator.replays.get` `policysimulator.replays.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Simulator Admin ^Beta

(roles/policysimulator.admin)

Admin user that can run and access replays.

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.*

policysimulator.accessPolicySimulations.create
policysimulator.accessPolicySimulations.get
policysimulator.accessPolicySimulations.list

policysimulator.replayResults.list

policysimulator.replays.*

policysimulator.replays.create
policysimulator.replays.get
policysimulator.replays.list
policysimulator.replays.run

OrgPolicy Simulator Admin ^Beta

(roles/policysimulator.orgPolicyAdmin)

OrgPolicy Admin that can run and access simulations.

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

orgpolicy.customConstraints.get

orgpolicy.customConstraints.list

orgpolicy.policies.list

orgpolicy.policy.get

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.*

policysimulator.orgPolicyViolationsPreviews.create
policysimulator.orgPolicyViolationsPreviews.get
policysimulator.orgPolicyViolationsPreviews.list

resourcemanager.organizations.get

Policysimulator Viewer ^Beta

(roles/policysimulator.viewer)

Viewer role for policysimulator

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.get

policysimulator.accessPolicySimulations.list

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.get

policysimulator.orgPolicyViolationsPreviews.list

policysimulator.replayResults.list

policysimulator.replays.get

policysimulator.replays.list

resourcemanager.projects.get

resourcemanager.projects.list

Policy Simulator permissions

Permission	Included in roles
`policysimulator.accessPolicySimulationResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Deny Admin (`roles/iam.denyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.accessPolicySimulations.create`	Owner (`roles/owner`) Simulator Admin (`roles/policysimulator.admin`) Deny Admin (`roles/iam.denyAdmin`)
`policysimulator.accessPolicySimulations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Deny Admin (`roles/iam.denyAdmin`) Support User (`roles/iam.supportUser`)
`policysimulator.accessPolicySimulations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Deny Admin (`roles/iam.denyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.orgPolicyViolations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.orgPolicyViolationsPreviews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Support User (`roles/iam.supportUser`)
`policysimulator.orgPolicyViolationsPreviews.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.replayResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.create`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Policysimulator Viewer (`roles/policysimulator.viewer`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.run`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)

Policy Simulator roles and permissions

Policy Simulator roles

Simulator Admin ^Beta

OrgPolicy Simulator Admin ^Beta

Policysimulator Viewer ^Beta

Policy Simulator permissions

`policysimulator.accessPolicySimulationResults.list`

`policysimulator.accessPolicySimulations.create`

`policysimulator.accessPolicySimulations.get`

`policysimulator.accessPolicySimulations.list`

`policysimulator.orgPolicyViolations.list`

`policysimulator.orgPolicyViolationsPreviews.create`

`policysimulator.orgPolicyViolationsPreviews.get`

`policysimulator.orgPolicyViolationsPreviews.list`

`policysimulator.replayResults.list`

`policysimulator.replays.create`

`policysimulator.replays.get`

`policysimulator.replays.list`

`policysimulator.replays.run`

Policy Simulator roles and permissions

Policy Simulator roles

Simulator Admin Beta

OrgPolicy Simulator Admin Beta

Policysimulator Viewer Beta

Policy Simulator permissions

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.create

policysimulator.accessPolicySimulations.get

policysimulator.accessPolicySimulations.list

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.create

policysimulator.orgPolicyViolationsPreviews.get

policysimulator.orgPolicyViolationsPreviews.list

policysimulator.replayResults.list

policysimulator.replays.create

policysimulator.replays.get

policysimulator.replays.list

policysimulator.replays.run

Simulator Admin ^Beta

OrgPolicy Simulator Admin ^Beta

Policysimulator Viewer ^Beta

`policysimulator.accessPolicySimulationResults.list`

`policysimulator.accessPolicySimulations.create`

`policysimulator.accessPolicySimulations.get`

`policysimulator.accessPolicySimulations.list`

`policysimulator.orgPolicyViolations.list`

`policysimulator.orgPolicyViolationsPreviews.create`

`policysimulator.orgPolicyViolationsPreviews.get`

`policysimulator.orgPolicyViolationsPreviews.list`

`policysimulator.replayResults.list`

`policysimulator.replays.create`

`policysimulator.replays.get`

`policysimulator.replays.list`

`policysimulator.replays.run`