The gcp.permissions.cloud website uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format.
gcp.permissions.cloud was built in order to provide an alternate, community-driven source of truth for Google Cloud identity. If you would like to contribute to or suggest a feature for this website, please raise it in the gcp.permissions.cloud repo. If you have found a data issue with the IAM permissions or API methods, please raise it in the IAM Dataset repo.
The website can be navigated using the left sidebar or by quickly looking up a specific managed policy, IAM permission or API method in the top search bar.
Using the Dashboard
The dashboard has a small selection of statistics about the global state of IAM permissions and API methods.
Using Predefined Roles
The predefined roles section lists all known predefined roles with the ability to view individual roles in-depth. Additional analysis is presented about the effective IAM permissions the policy provides.
The following table represents the attributes available on either a managed policy or an effective IAM action within it:
||A predefined role tag indicating that the predefined role is in beta and is not recommended for production use.
||A predefined role action tag that indicates the action is not documented in the official permissions reference.
||A predefined role tag that indicates the presence of a malformed statement within the policy.
||A predefined role tag that indicates the policy is deprecated.
Using IAM Permissions
IAM Permissions are available on all service pages. Each IAM permission details its own name, access level, the predefined roles that contain the permission, as well as the API methods that are known to consume that permission.
Using API Methods
API Methods are available on all service pages. Each API Method details its own name, description, and the API versions of the method.