Logging Admin
(roles/logging.admin)
Provides all permissions necessary to use all features of Cloud Logging.
Lowest-level resources where you can grant this role:
|
logging.buckets.copyLogEntries
logging.buckets.create
logging.buckets.createTagBinding
logging.buckets.delete
logging.buckets.deleteTagBinding
logging.buckets.get
logging.buckets.list
logging.buckets.listEffectiveTags
logging.buckets.listTagBindings
logging.buckets.undelete
logging.buckets.update
logging.exclusions.*
logging.exclusions.createlogging.exclusions.deletelogging.exclusions.getlogging.exclusions.listlogging.exclusions.update
logging.fields.access
logging.links.*
logging.links.createlogging.links.deletelogging.links.getlogging.links.list
logging.locations.*
logging.locations.getlogging.locations.list
logging.logEntries.*
logging.logEntries.createlogging.logEntries.downloadlogging.logEntries.listlogging.logEntries.route
logging.logMetrics.*
logging.logMetrics.createlogging.logMetrics.deletelogging.logMetrics.getlogging.logMetrics.listlogging.logMetrics.update
logging.logScopes.*
logging.logScopes.createlogging.logScopes.deletelogging.logScopes.getlogging.logScopes.listlogging.logScopes.update
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.*
logging.logs.deletelogging.logs.list
logging.notificationRules.*
logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.getlogging.notificationRules.listlogging.notificationRules.update
logging.operations.*
logging.operations.cancellogging.operations.getlogging.operations.list
logging.privateLogEntries.list
logging.queries.*
logging.queries.deleteSharedlogging.queries.getSharedlogging.queries.listSharedlogging.queries.sharelogging.queries.updateSharedlogging.queries.usePrivate
logging.settings.*
logging.settings.getlogging.settings.update
logging.sinks.*
logging.sinks.createlogging.sinks.deletelogging.sinks.getlogging.sinks.listlogging.sinks.update
logging.sqlAlerts.*
logging.sqlAlerts.createlogging.sqlAlerts.update
logging.usage.get
logging.views.*
logging.views.accesslogging.views.createlogging.views.deletelogging.views.getlogging.views.getIamPolicylogging.views.listlogging.views.listLogslogging.views.listResourceKeyslogging.views.listResourceValueslogging.views.setIamPolicylogging.views.update
observability.scopes.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Logs Bucket Writer
(roles/logging.bucketWriter)
Ability to write logs to a log bucket.
Lowest-level resources where you can grant this role:
|
logging.buckets.write
|
Logs Configuration Writer
(roles/logging.configWriter)
Provides permissions to read and write the configurations of logs-based
metrics and sinks for exporting logs.
Lowest-level resources where you can grant this role:
|
logging.buckets.create
logging.buckets.createTagBinding
logging.buckets.delete
logging.buckets.deleteTagBinding
logging.buckets.get
logging.buckets.list
logging.buckets.listEffectiveTags
logging.buckets.listTagBindings
logging.buckets.undelete
logging.buckets.update
logging.exclusions.*
logging.exclusions.createlogging.exclusions.deletelogging.exclusions.getlogging.exclusions.listlogging.exclusions.update
logging.links.*
logging.links.createlogging.links.deletelogging.links.getlogging.links.list
logging.locations.*
logging.locations.getlogging.locations.list
logging.logMetrics.*
logging.logMetrics.createlogging.logMetrics.deletelogging.logMetrics.getlogging.logMetrics.listlogging.logMetrics.update
logging.logScopes.*
logging.logScopes.createlogging.logScopes.deletelogging.logScopes.getlogging.logScopes.listlogging.logScopes.update
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.notificationRules.*
logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.getlogging.notificationRules.listlogging.notificationRules.update
logging.operations.*
logging.operations.cancellogging.operations.getlogging.operations.list
logging.settings.*
logging.settings.getlogging.settings.update
logging.sinks.*
logging.sinks.createlogging.sinks.deletelogging.sinks.getlogging.sinks.listlogging.sinks.update
logging.sqlAlerts.*
logging.sqlAlerts.createlogging.sqlAlerts.update
logging.views.create
logging.views.delete
logging.views.get
logging.views.getIamPolicy
logging.views.list
logging.views.update
observability.scopes.get
resourcemanager.projects.get
resourcemanager.projects.list
|
Log Field Accessor
(roles/logging.fieldAccessor)
Ability to read restricted fields in a log bucket.
Lowest-level resources where you can grant this role:
|
logging.fields.access
|
Log Link Accessor
(roles/logging.linkViewer)
Ability to see links for a bucket.
|
logging.links.get
logging.links.list
|
Logs Writer
(roles/logging.logWriter)
Provides the permissions to write log entries.
Lowest-level resources where you can grant this role:
|
logging.logEntries.create
logging.logEntries.route
|
Private Logs Viewer
(roles/logging.privateLogViewer)
Provides permissions of the Logs Viewer role and in addition, provides
read-only access to log entries in private logs.
Lowest-level resources where you can grant this role:
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.locations.getlogging.locations.list
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.privateLogEntries.list
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.access
logging.views.get
logging.views.list
observability.scopes.get
resourcemanager.projects.get
|
Cloud Logging Service Agent
(roles/logging.serviceAgent)
Grants a Cloud Logging Service Account the ability to create and link datasets.
|
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.link
|
SQL Alert Writer
Beta
(roles/logging.sqlAlertWriter)
Ability to write SQL Alerts.
|
logging.sqlAlerts.*
logging.sqlAlerts.createlogging.sqlAlerts.update
|
Logs View Accessor
(roles/logging.viewAccessor)
Ability to read logs in a view.
Lowest-level resources where you can grant this role:
|
logging.logEntries.download
logging.views.access
logging.views.listLogs
logging.views.listResourceKeys
logging.views.listResourceValues
|
Logs Viewer
(roles/logging.viewer)
Provides access to view logs.
Lowest-level resources where you can grant this role:
|
logging.buckets.get
logging.buckets.list
logging.exclusions.get
logging.exclusions.list
logging.links.get
logging.links.list
logging.locations.*
logging.locations.getlogging.locations.list
logging.logEntries.list
logging.logMetrics.get
logging.logMetrics.list
logging.logScopes.get
logging.logScopes.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list
logging.operations.get
logging.operations.list
logging.queries.getShared
logging.queries.listShared
logging.queries.usePrivate
logging.sinks.get
logging.sinks.list
logging.usage.get
logging.views.get
logging.views.list
observability.scopes.get
resourcemanager.projects.get
|