IAM bindings reference

Legend: + additive, • conditional.

Organization [organization #0]

members	roles
GCP organization domain domain	roles/browser
gcp-devops group	roles/cloudsupport.techSupportEditor roles/logging.viewer roles/monitoring.viewer
gcp-network-admins group	roles/cloudasset.owner roles/cloudsupport.techSupportEditor roles/compute.orgFirewallPolicyAdmin `+` roles/compute.xpnAdmin `+`
gcp-organization-admins group	roles/cloudasset.owner roles/cloudsupport.admin roles/compute.osAdminLogin roles/compute.osLoginExternalUser roles/iam.workforcePoolAdmin roles/owner roles/resourcemanager.folderAdmin roles/resourcemanager.organizationAdmin roles/resourcemanager.projectCreator roles/resourcemanager.tagAdmin roles/orgpolicy.policyAdmin `+` roles/compute.xpnAdmin `+`
gcp-security-admins group	roles/cloudasset.owner roles/cloudsupport.techSupportEditor roles/iam.securityReviewer roles/logging.admin roles/securitycenter.admin roles/accesscontextmanager.policyAdmin `+` roles/iam.organizationRoleAdmin `+` roles/orgpolicy.policyAdmin `+`
prod-bootstrap-0 serviceAccount	roles/essentialcontacts.admin roles/logging.admin roles/resourcemanager.organizationAdmin roles/resourcemanager.projectCreator roles/resourcemanager.projectMover roles/resourcemanager.tagAdmin roles/iam.organizationRoleAdmin `+` roles/orgpolicy.policyAdmin `+`
prod-bootstrap-0r serviceAccount	organizations/[organization #0]/roles/organizationAdminViewer `+` organizations/[organization #0]/roles/tagViewer `+` roles/essentialcontacts.viewer roles/logging.viewer roles/resourcemanager.folderViewer roles/resourcemanager.tagViewer roles/iam.organizationRoleViewer `+` roles/orgpolicy.policyViewer `+`
prod-resman-0 serviceAccount	roles/logging.admin roles/resourcemanager.folderAdmin roles/resourcemanager.projectCreator roles/resourcemanager.tagAdmin roles/resourcemanager.tagUser organizations/[organization #0]/roles/organizationIamAdmin `•` roles/orgpolicy.policyAdmin `+`
prod-resman-0r serviceAccount	organizations/[organization #0]/roles/organizationAdminViewer `+` organizations/[organization #0]/roles/tagViewer `+` roles/logging.viewer roles/resourcemanager.folderViewer roles/resourcemanager.tagViewer roles/serviceusage.serviceUsageViewer roles/orgpolicy.policyViewer `+`

Project prod-audit-logs-0

members	roles
prod-bootstrap-0 serviceAccount	roles/owner
prod-bootstrap-0r serviceAccount	roles/viewer
service-org-xxxxxx serviceAccount	roles/logging.bucketWriter `+•`

Project prod-iac-core-0

members	roles
gcp-devops group	roles/iam.serviceAccountAdmin roles/iam.serviceAccountTokenCreator
gcp-organization-admins group	roles/iam.serviceAccountTokenCreator roles/iam.workloadIdentityPoolAdmin
SERVICE_IDENTITY_service-networking serviceAccount	roles/servicenetworking.serviceAgent `+`
prod-bootstrap-0 serviceAccount	roles/owner
prod-bootstrap-0r serviceAccount	organizations/[organization #0]/roles/storageViewer roles/viewer
prod-bootstrap-1 serviceAccount	roles/logging.logWriter `+`
prod-bootstrap-1r serviceAccount	roles/logging.logWriter `+`
prod-resman-0 serviceAccount	roles/cloudbuild.builds.editor roles/iam.serviceAccountAdmin roles/iam.workloadIdentityPoolAdmin roles/source.admin roles/storage.admin roles/resourcemanager.projectIamAdmin `•` roles/serviceusage.serviceUsageConsumer `+`
prod-resman-0r serviceAccount	organizations/[organization #0]/roles/storageViewer roles/browser roles/cloudbuild.builds.viewer roles/iam.serviceAccountViewer roles/iam.workloadIdentityPoolViewer roles/source.reader roles/viewer roles/serviceusage.serviceUsageViewer `+`
prod-resman-1 serviceAccount	roles/logging.logWriter `+`
prod-resman-1r serviceAccount	roles/logging.logWriter `+`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IAM.md

IAM.md

IAM bindings reference

Organization [organization #0]

Project prod-audit-logs-0

Project prod-iac-core-0

Files

IAM.md

Latest commit

History

IAM.md

File metadata and controls

IAM bindings reference

Organization [organization #0]

Project prod-audit-logs-0

Project prod-iac-core-0