Binary Authorization roles and permissions

This page lists the IAM roles and permissions for Binary Authorization. To search through all roles and permissions, see the role and permission index.

Binary Authorization roles

Role Permissions

Binary Authorization Attestor Admin

(roles/binaryauthorization.attestorsAdmin)

Administrator of Binary Authorization Attestors

binaryauthorization.attestors.*

  • binaryauthorization.attestors.create
  • binaryauthorization.attestors.delete
  • binaryauthorization.attestors.get
  • binaryauthorization.attestors.getIamPolicy
  • binaryauthorization.attestors.list
  • binaryauthorization.attestors.setIamPolicy
  • binaryauthorization.attestors.update
  • binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Editor

(roles/binaryauthorization.attestorsEditor)

Editor of Binary Authorization Attestors

binaryauthorization.attestors.create

binaryauthorization.attestors.delete

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.update

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Image Verifier

(roles/binaryauthorization.attestorsVerifier)

Caller of Binary Authorization Attestors VerifyImageAttested

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Attestor Viewer

(roles/binaryauthorization.attestorsViewer)

Viewer of Binary Authorization Attestors

binaryauthorization.attestors.get

binaryauthorization.attestors.list

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Administrator

(roles/binaryauthorization.policyAdmin)

Administrator of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.*

  • binaryauthorization.continuousValidationConfig.get
  • binaryauthorization.continuousValidationConfig.getIamPolicy
  • binaryauthorization.continuousValidationConfig.setIamPolicy
  • binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

  • binaryauthorization.platformPolicies.create
  • binaryauthorization.platformPolicies.delete
  • binaryauthorization.platformPolicies.evaluatePolicy
  • binaryauthorization.platformPolicies.get
  • binaryauthorization.platformPolicies.list
  • binaryauthorization.platformPolicies.replace

binaryauthorization.policy.*

  • binaryauthorization.policy.evaluatePolicy
  • binaryauthorization.policy.get
  • binaryauthorization.policy.getIamPolicy
  • binaryauthorization.policy.setIamPolicy
  • binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Editor

(roles/binaryauthorization.policyEditor)

Editor of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.continuousValidationConfig.update

binaryauthorization.platformPolicies.*

  • binaryauthorization.platformPolicies.create
  • binaryauthorization.platformPolicies.delete
  • binaryauthorization.platformPolicies.evaluatePolicy
  • binaryauthorization.platformPolicies.get
  • binaryauthorization.platformPolicies.list
  • binaryauthorization.platformPolicies.replace

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

binaryauthorization.policy.update

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Evaluator

(roles/binaryauthorization.policyEvaluator)

Evaluator of Binary Authorization Policy

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.evaluatePolicy

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Policy Viewer

(roles/binaryauthorization.policyViewer)

Viewer of Binary Authorization Policy

binaryauthorization.continuousValidationConfig.get

binaryauthorization.platformPolicies.get

binaryauthorization.platformPolicies.list

binaryauthorization.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

Binary Authorization Service Agent

(roles/binaryauthorization.serviceAgent)

Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.

artifactregistry.dockerimages.get

artifactregistry.repositories.downloadArtifacts

binaryauthorization.attestors.get

binaryauthorization.attestors.list

binaryauthorization.attestors.verifyImageAttested

binaryauthorization.platformPolicies.evaluatePolicy

binaryauthorization.policy.evaluatePolicy

cloudasset.assets.exportResource

cloudasset.feeds.create

cloudasset.feeds.delete

cloudasset.feeds.get

cloudasset.feeds.update

containeranalysis.notes.get

containeranalysis.notes.list

containeranalysis.notes.listOccurrences

containeranalysis.occurrences.get

containeranalysis.occurrences.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.objects.list

Binary Authorization permissions

Permission Included in roles

binaryauthorization.attestors.create

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

binaryauthorization.attestors.delete

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

binaryauthorization.attestors.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.attestors.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

binaryauthorization.attestors.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Binary Authorization Attestor Viewer (roles/binaryauthorization.attestorsViewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.attestors.setIamPolicy

Owner (roles/owner)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Security Admin (roles/iam.securityAdmin)

binaryauthorization.attestors.update

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Service agent roles

binaryauthorization.attestors.verifyImageAttested

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Attestor Admin (roles/binaryauthorization.attestorsAdmin)

Binary Authorization Attestor Editor (roles/binaryauthorization.attestorsEditor)

Binary Authorization Attestor Image Verifier (roles/binaryauthorization.attestorsVerifier)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.continuousValidationConfig.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

binaryauthorization.continuousValidationConfig.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

binaryauthorization.continuousValidationConfig.setIamPolicy

Owner (roles/owner)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

binaryauthorization.continuousValidationConfig.update

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

binaryauthorization.platformPolicies.create

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

binaryauthorization.platformPolicies.delete

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

binaryauthorization.platformPolicies.evaluatePolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

binaryauthorization.platformPolicies.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.platformPolicies.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.platformPolicies.replace

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

binaryauthorization.policy.evaluatePolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Cloud Run Service Agent (roles/serverless.serviceAgent)

Service agent roles

binaryauthorization.policy.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Binary Authorization Policy Evaluator (roles/binaryauthorization.policyEvaluator)

Binary Authorization Policy Viewer (roles/binaryauthorization.policyViewer)

Dev Ops (roles/iam.devOps)

Support User (roles/iam.supportUser)

Service agent roles

binaryauthorization.policy.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

binaryauthorization.policy.setIamPolicy

Owner (roles/owner)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Dev Ops (roles/iam.devOps)

Security Admin (roles/iam.securityAdmin)

binaryauthorization.policy.update

Owner (roles/owner)

Editor (roles/editor)

Binary Authorization Policy Administrator (roles/binaryauthorization.policyAdmin)

Binary Authorization Policy Editor (roles/binaryauthorization.policyEditor)

Dev Ops (roles/iam.devOps)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月10日 UTC.