Tier
ViewerCategoria
IAMEscopo
project
Privilégios
3
Role ID
roles/viewerViewer
Read-only access to resources
Descrição
Read-only access to all resources. Cannot create, modify, or delete.
Privilégios / Capacidades(3)
Read all resources in the project
List all services and configurations
No write access
Permissions(11)
resourcemanager.projects.getresourcemanager.projects.listcompute.instances.listcompute.instances.getstorage.buckets.liststorage.buckets.getstorage.objects.liststorage.objects.getbigquery.datasets.getlogging.logEntries.listmonitoring.timeSeries.listRole Definition (JSON)
{
"name": "roles/viewer",
"title": "Project Viewer",
"description": "Read-only access to all resources. Cannot create, modify, or delete.",
"stage": "GA",
"includedPermissions": [
"resourcemanager.projects.get",
"resourcemanager.projects.list",
"compute.instances.list",
"compute.instances.get",
"storage.buckets.list",
"storage.buckets.get",Roles relacionadasIAM
Project Owner
Full control of all GCP resources including IAM policies, billing, and all services.
Project Editor
Full edit access to all resources, excluding IAM policy management and billing.
IAM Admin
Full administrative access to IAM service accounts, roles, and policies.
Security Admin
Can get and set any IAM policy. Used by security teams to audit and configure access.
Security Reviewer
Can get IAM policies and read security configurations. Read-only security auditor.