Sign up for Free Sandbox

Compute Engine

List of the Google IAM permissions granted via Compute Engine access shortcuts.

Read

Grants the following IAM permissions on the specified instance or zone:

          compute.instances.get
          compute.instances.list
          compute.instances.getEffectiveFirewalls
          compute.instances.getGuestAttributes
          compute.instances.getScreenshot
          compute.instances.getSerialPortOutput
          compute.instances.getShieldedInstanceIdentity
          compute.instances.getShieldedVmIdentity
          compute.instances.listEffectiveTags
          compute.instances.listReferrers
          compute.instances.listTagBindings

Write

Grants the following IAM permissions on the specified instance or zone:

          compute.instances.addAccessConfig
          compute.instances.addMaintenancePolicies
          compute.instances.addResourcePolicies
          compute.instances.attachDisk
          compute.instances.createTagBinding
          compute.instances.delete
          compute.instances.deleteAccessConfig
          compute.instances.deleteTagBinding
          compute.instances.detachDisk
          compute.instances.get
          compute.instances.getEffectiveFirewalls
          compute.instances.getGuestAttributes
          compute.instances.getScreenshot
          compute.instances.getSerialPortOutput
          compute.instances.getShieldedInstanceIdentity
          compute.instances.getShieldedVmIdentity
          compute.instances.list
          compute.instances.listEffectiveTags
          compute.instances.listReferrers
          compute.instances.listTagBindings
          compute.instances.osLogin
          compute.instances.removeMaintenancePolicies
          compute.instances.removeResourcePolicies
          compute.instances.reset
          compute.instances.resume
          compute.instances.sendDiagnosticInterrupt
          compute.instances.setDeletionProtection
          compute.instances.setDiskAutoDelete
          compute.instances.setLabels
          compute.instances.setMachineResources
          compute.instances.setMachineType
          compute.instances.setMetadata
          compute.instances.setMinCpuPlatform
          compute.instances.setName
          compute.instances.setScheduling
          compute.instances.setServiceAccount
          compute.instances.setShieldedInstanceIntegrityPolicy
          compute.instances.setTags
          compute.instances.simulateMaintenanceEvent
          compute.instances.start
          compute.instances.startWithEncryptionKey
          compute.instances.stop
          compute.instances.suspend
          compute.instances.update
          compute.instances.updateAccessConfig
          compute.instances.updateDisplayDevice
          compute.instances.updateNetworkInterface
          compute.instances.updateSecurity
          compute.instances.updateShieldedInstanceConfig
          compute.instances.updateShieldedVmConfig
          compute.instances.use
          compute.instances.useReadOnly

Admin

Grants the compute.instanceAdmin predefined role on the specified instance or zone.

Create

Grants the compute.instanceAdmin predefined role on both the specified instance or zone and the region.

SSH

Grants the following IAM permissions on the specified instance or zone:

          compute.disks.listEffectiveTags
          compute.disks.listTagBindings
          compute.images.listEffectiveTags
          compute.images.listTagBindings
          compute.instances.get
          compute.instances.listEffectiveTags
          compute.instances.setMetadata
          compute.instances.listTagBindings
          compute.instances.osLogin
          compute.projects.get
          compute.snapshots.listEffectiveTags
          compute.snapshots.listTagBindings

Grants iam.serviceAccountUser on the service account specified

PreviousCloud StorageNextAWS

Last updated