Workload Certificate roles and permissions

This page lists the IAM roles and permissions for Workload Certificate. To search through all roles and permissions, see the role and permission index.

Workload Certificate roles

Role Permissions

Workload Certificate Admin Beta

(roles/workloadcertificate.admin)

Full access to all Workload Certificate API resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadcertificate.*

  • workloadcertificate.locations.get
  • workloadcertificate.locations.list
  • workloadcertificate.operations.cancel
  • workloadcertificate.operations.delete
  • workloadcertificate.operations.get
  • workloadcertificate.operations.list
  • workloadcertificate.workloadCertificateFeature.get
  • workloadcertificate.workloadCertificateFeature.update
  • workloadcertificate.workloadRegistrations.create
  • workloadcertificate.workloadRegistrations.delete
  • workloadcertificate.workloadRegistrations.get
  • workloadcertificate.workloadRegistrations.list
  • workloadcertificate.workloadRegistrations.update

Workload Certificate Registration Admin Beta

(roles/workloadcertificate.registrationAdmin)

Full access to WorkloadRegistration resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadcertificate.locations.*

  • workloadcertificate.locations.get
  • workloadcertificate.locations.list

workloadcertificate.operations.*

  • workloadcertificate.operations.cancel
  • workloadcertificate.operations.delete
  • workloadcertificate.operations.get
  • workloadcertificate.operations.list

workloadcertificate.workloadRegistrations.*

  • workloadcertificate.workloadRegistrations.create
  • workloadcertificate.workloadRegistrations.delete
  • workloadcertificate.workloadRegistrations.get
  • workloadcertificate.workloadRegistrations.list
  • workloadcertificate.workloadRegistrations.update

Workload Certificate Registration Viewer Beta

(roles/workloadcertificate.registrationViewer)

Read-only access to WorkloadRegistration resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadcertificate.locations.*

  • workloadcertificate.locations.get
  • workloadcertificate.locations.list

workloadcertificate.operations.get

workloadcertificate.operations.list

workloadcertificate.workloadRegistrations.get

workloadcertificate.workloadRegistrations.list

Workload Certificate Service Agent

(roles/workloadcertificate.serviceAgent)

Gives the Workload Certificate service agent access to Cloud Platform resources.

container.clusterRoleBindings.get

container.clusterRoleBindings.list

container.clusters.get

container.clusters.update

container.customResourceDefinitions.create

container.customResourceDefinitions.get

container.customResourceDefinitions.list

container.operations.get

container.thirdPartyObjects.update

gkehub.features.get

gkehub.fleet.create

gkehub.fleet.get

gkehub.locations.*

  • gkehub.locations.get
  • gkehub.locations.list

gkehub.memberships.get

gkehub.memberships.list

gkehub.operations.get

serviceconsumermanagement.tenancyu.addResource

serviceconsumermanagement.tenancyu.create

serviceconsumermanagement.tenancyu.delete

serviceconsumermanagement.tenancyu.removeResource

serviceusage.services.use

workloadcertificate.workloadCertificateFeature.get

workloadcertificate.workloadRegistrations.list

Workload Certificate Viewer Beta

(roles/workloadcertificate.viewer)

Read-only access to Workload Certificate all resources.

resourcemanager.projects.get

resourcemanager.projects.list

workloadcertificate.locations.*

  • workloadcertificate.locations.get
  • workloadcertificate.locations.list

workloadcertificate.operations.get

workloadcertificate.operations.list

workloadcertificate.workloadCertificateFeature.get

workloadcertificate.workloadRegistrations.get

workloadcertificate.workloadRegistrations.list

Workload Certificate permissions

Permission Included in roles

workloadcertificate.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.operations.cancel

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

workloadcertificate.operations.delete

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

workloadcertificate.operations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.operations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

workloadcertificate.workloadCertificateFeature.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.workloadCertificateFeature.update

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

workloadcertificate.workloadRegistrations.create

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Service agent roles

workloadcertificate.workloadRegistrations.delete

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

workloadcertificate.workloadRegistrations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.workloadRegistrations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Workload Certificate Registration Viewer (roles/workloadcertificate.registrationViewer)

Workload Certificate Viewer (roles/workloadcertificate.viewer)

Service agent roles

workloadcertificate.workloadRegistrations.update

Owner (roles/owner)

Editor (roles/editor)

Workload Certificate Admin (roles/workloadcertificate.admin)

Workload Certificate Registration Admin (roles/workloadcertificate.registrationAdmin)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月12日 UTC.