18 KiB
18 KiB
IAM bindings reference
Legend: + additive, • conditional.
Project dev-data-cmn-0
| members | roles |
|---|---|
| gcp-data-analysts group |
roles/datacatalog.viewer |
| gcp-data-engineers group |
roles/dlp.estimatesAdmin roles/dlp.reader roles/dlp.user |
| gcp-data-security group |
roles/datacatalog.admin roles/dlp.admin |
| dev-data-load-df-0 serviceAccount |
roles/datacatalog.viewer roles/dlp.user |
| dev-data-trf-bq-0 serviceAccount |
roles/datacatalog.categoryFineGrainedReader roles/datacatalog.viewer |
| dev-data-trf-df-0 serviceAccount |
roles/datacatalog.categoryFineGrainedReader roles/datacatalog.viewer roles/dlp.user |
Project dev-data-dtl-0-0
| members | roles |
|---|---|
| gcp-data-analysts group |
roles/bigquery.dataViewer roles/bigquery.jobUser roles/bigquery.metadataViewer roles/bigquery.user roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectViewer |
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/storage.admin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-load-df-0 serviceAccount |
roles/bigquery.dataOwner roles/bigquery.jobUser roles/storage.objectCreator |
| dev-data-trf-bq-0 serviceAccount |
roles/bigquery.dataOwner roles/datacatalog.categoryAdmin |
| dev-data-trf-df-0 serviceAccount |
roles/bigquery.dataOwner |
Project dev-data-dtl-1-0
| members | roles |
|---|---|
| gcp-data-analysts group |
roles/bigquery.dataViewer roles/bigquery.jobUser roles/bigquery.metadataViewer roles/bigquery.user roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectViewer |
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/storage.admin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-load-df-0 serviceAccount |
roles/datacatalog.categoryAdmin |
| dev-data-trf-bq-0 serviceAccount |
roles/bigquery.dataOwner roles/bigquery.jobUser |
| dev-data-trf-df-0 serviceAccount |
roles/bigquery.dataOwner roles/storage.objectCreator roles/storage.objectViewer |
Project dev-data-dtl-2-0
| members | roles |
|---|---|
| gcp-data-analysts group |
roles/bigquery.dataViewer roles/bigquery.jobUser roles/bigquery.metadataViewer roles/bigquery.user roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectViewer |
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/storage.admin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-load-df-0 serviceAccount |
roles/datacatalog.categoryAdmin |
| dev-data-trf-bq-0 serviceAccount |
roles/bigquery.dataOwner roles/bigquery.jobUser |
| dev-data-trf-df-0 serviceAccount |
roles/bigquery.dataOwner roles/storage.objectCreator roles/storage.objectViewer |
Project dev-data-dtl-plg-0
| members | roles |
|---|---|
| gcp-data-analysts group |
roles/bigquery.dataEditor roles/bigquery.jobUser roles/bigquery.metadataViewer roles/bigquery.user roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectAdmin |
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/storage.admin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
Project dev-data-lnd-0
| members | roles |
|---|---|
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/pubsub.editor roles/storage.admin |
| dev-data-lnd-bq-0 serviceAccount |
roles/bigquery.dataEditor |
| dev-data-lnd-cs-0 serviceAccount |
roles/storage.objectCreator |
| dev-data-lnd-ps-0 serviceAccount |
roles/pubsub.publisher |
| dev-data-load-df-0 serviceAccount |
roles/bigquery.user roles/pubsub.subscriber roles/storage.admin roles/storage.objectAdmin |
| dev-data-orc-cmp-0 serviceAccount |
roles/pubsub.subscriber roles/storage.objectViewer |
Project dev-data-lod-0
| members | roles |
|---|---|
| gcp-data-engineers group |
roles/compute.viewer roles/dataflow.admin roles/dataflow.developer roles/viewer |
| SERVICE_IDENTITY_dataflow-service-producer-prod serviceAccount |
roles/storage.objectAdmin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-load-df-0 serviceAccount |
roles/bigquery.jobUser roles/dataflow.admin roles/dataflow.worker roles/storage.objectAdmin |
| dev-data-orc-cmp-0 serviceAccount |
roles/dataflow.admin |
Project dev-data-orc-0
| members | roles |
|---|---|
| gcp-data-engineers group |
roles/bigquery.dataEditor roles/bigquery.jobUser roles/cloudbuild.builds.editor roles/composer.admin roles/composer.environmentAndStorageObjectAdmin roles/iam.serviceAccountUser roles/iap.httpsResourceAccessor roles/storage.admin roles/storage.objectAdmin |
| SERVICE_IDENTITY_cloudcomposer-accounts serviceAccount |
roles/storage.objectAdmin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-load-df-0 serviceAccount |
roles/bigquery.dataEditor roles/storage.objectViewer |
| dev-data-orc-cmp-0 serviceAccount |
roles/bigquery.jobUser roles/composer.worker roles/iam.serviceAccountUser roles/storage.objectAdmin |
| dev-data-trf-df-0 serviceAccount |
roles/bigquery.dataEditor |
Project dev-data-trf-0
| members | roles |
|---|---|
| gcp-data-engineers group |
roles/bigquery.jobUser roles/dataflow.admin |
| SERVICE_IDENTITY_dataflow-service-producer-prod serviceAccount |
roles/storage.objectAdmin |
| SERVICE_IDENTITY_service-networking serviceAccount |
roles/servicenetworking.serviceAgent + |
| dev-data-orc-cmp-0 serviceAccount |
roles/dataflow.admin |
| dev-data-trf-bq-0 serviceAccount |
roles/bigquery.jobUser |
| dev-data-trf-df-0 serviceAccount |
roles/dataflow.worker roles/storage.objectAdmin |
Project dev-net-spoke-0
| members | roles |
|---|---|
| PROJECT_CLOUD_SERVICES serviceAccount |
roles/compute.networkUser + |
| SERVICE_IDENTITY_cloudcomposer-accounts serviceAccount |
roles/composer.sharedVpcAgent + |
| SERVICE_IDENTITY_container-engine-robot serviceAccount |
roles/compute.networkUser +roles/container.hostServiceAgentUser + |
| SERVICE_IDENTITY_dataflow-service-producer-prod serviceAccount |
roles/compute.networkUser +roles/compute.networkUser +roles/compute.networkUser +roles/container.hostServiceAgentUser + |
| dev-data-load-df-0 serviceAccount |
roles/compute.networkUser + |
| dev-data-trf-df-0 serviceAccount |
roles/compute.networkUser + |