Workload Identity Federation roles and permissions

This page lists the IAM roles and permissions for Workload Identity Federation. To search through all roles and permissions, see the role and permission index.

Workload Identity Federation roles

Role Permissions

(roles/workloadidentity.admin)

Full access to Workload Identity API resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadidentity.*

  • workloadidentity.locations.get
  • workloadidentity.locations.list
  • workloadidentity.operations.cancel
  • workloadidentity.operations.delete
  • workloadidentity.operations.get
  • workloadidentity.operations.list
  • workloadidentity.serviceAgents.create

(roles/workloadidentity.viewer)

Readonly access to Workload Identity API resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadidentity.locations.*

  • workloadidentity.locations.get
  • workloadidentity.locations.list

workloadidentity.operations.get

workloadidentity.operations.list

Workload Identity Federation permissions

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workload Identity API Admin (roles/workloadidentity.admin)

Workload Identity API Viewer (roles/workloadidentity.viewer)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workload Identity API Admin (roles/workloadidentity.admin)

Workload Identity API Viewer (roles/workloadidentity.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Workload Identity API Admin (roles/workloadidentity.admin)

Owner (roles/owner)

Editor (roles/editor)

Workload Identity API Admin (roles/workloadidentity.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Workload Identity API Admin (roles/workloadidentity.admin)

Workload Identity API Viewer (roles/workloadidentity.viewer)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Workload Identity API Admin (roles/workloadidentity.admin)

Workload Identity API Viewer (roles/workloadidentity.viewer)

Security Auditor (roles/iam.securityAuditor)

Support User (roles/iam.supportUser)

Owner (roles/owner)

Editor (roles/editor)

Workload Identity API Admin (roles/workloadidentity.admin)