You can specify the following permissions in an IAM custom role.
| Name | Used By | Access Level | Predefined Roles |
|---|
You can use the following methods in the Google Cloud CLI, SDKs or API.
| Method | Description | API Versions | IAM Action |
|---|
Consume the above permissions with your own tooling.
Number of known IAM actions within Google Cloud IAM.
Number of known API methods within all of Google Cloud.
Number of predefined roles provided by Google Cloud.
The gcp.permissions.cloud website uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format.
gcp.permissions.cloud was built in order to provide an alternate, community-driven source of truth for Google Cloud identity. If you would like to contribute to or suggest a feature for this website, please raise it in the gcp.permissions.cloud repo. If you have found a data issue with the IAM permissions or API methods, please raise it in the IAM Dataset repo.
The website can be navigated using the left sidebar or by quickly looking up a specific managed policy, IAM permission or API method in the top search bar.
The dashboard has a small selection of statistics about the global state of IAM permissions and API methods.
The predefined roles section lists all known predefined roles with the ability to view individual roles in-depth. Additional analysis is presented about the effective IAM permissions the policy provides.
The following table represents the attributes available on either a managed policy or an effective IAM action within it:
| Tag | Description |
|---|---|
| credentials exposure | A predefined role or predefined role action tag that indicates the presence of an action that could produce a response that contains credentials. |
| data access | A predefined role or predefined role action tag that indicates the presence of an action that could return data within Google Cloud data stores. |
| possible privesc | A predefined role or predefined role action tag that indicates the presence of an action that could potentially lead to a privilege escalation. |
| beta | A predefined role tag indicating that the predefined role is in beta and is not recommended for production use. |
| undocumented actions | A predefined role action tag that indicates the action is not documented in the official permissions reference. |
| malformed | A predefined role tag that indicates the presence of a malformed statement within the policy. |
| deprecated | A predefined role tag that indicates the policy is deprecated. |
IAM Permissions are available on all service pages. Each IAM permission details its own name, access level, the predefined roles that contain the permission, as well as the API methods that are known to consume that permission.
API Methods are available on all service pages. Each API Method details its own name, description, and the API versions of the method.