Confidential Computing roles and permissions

This page lists the IAM roles and permissions for Confidential Computing. To search through all roles and permissions, see the role and permission index.

Confidential Computing roles

Role Permissions

Confidential Space Workload User

(roles/confidentialcomputing.workloadUser)

Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.

confidentialcomputing.*

  • confidentialcomputing.challenges.create
  • confidentialcomputing.challenges.verify
  • confidentialcomputing.locations.get
  • confidentialcomputing.locations.list

logging.logEntries.create

Confidential Computing permissions

Permission Included in roles

confidentialcomputing.challenges.create

Owner (roles/owner)

Editor (roles/editor)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

confidentialcomputing.challenges.verify

Owner (roles/owner)

Editor (roles/editor)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

confidentialcomputing.locations.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Support User (roles/iam.supportUser)

confidentialcomputing.locations.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Confidential Space Workload User (roles/confidentialcomputing.workloadUser)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月12日 UTC.