Stay organized with collections Save and categorize content based on your preferences.
This page lists the IAM roles and permissions for Privileged Access Manager. To search through all roles and permissions, see the role and permission index.
Privileged Access Manager roles Role Permissions Privileged Access Manager Admin(roles/privilegedaccessmanager.admin)
Full access to Privileged Access Manager resources.
privilegedaccessmanager.*
privilegedaccessmanager.entitlements.createprivilegedaccessmanager.entitlements.deleteprivilegedaccessmanager.entitlements.getprivilegedaccessmanager.entitlements.listprivilegedaccessmanager.entitlements.setIamPolicyprivilegedaccessmanager.entitlements.updateprivilegedaccessmanager.grants.getprivilegedaccessmanager.grants.listprivilegedaccessmanager.grants.revokeprivilegedaccessmanager.locations.checkOnboardingStatusprivilegedaccessmanager.locations.getprivilegedaccessmanager.locations.listprivilegedaccessmanager.operations.deleteprivilegedaccessmanager.operations.getprivilegedaccessmanager.operations.listresourcemanager.projects.get
(roles/privilegedaccessmanager.folderServiceAgent)
Gives privileged access manager service account access to modify IAM policies on GCP folders
Warning: Do not grant service agent roles to any principals except service agents.resourcemanager.folders.get
resourcemanager.folders.getIamPolicy
resourcemanager.folders.setIamPolicy
(roles/privilegedaccessmanager.organizationServiceAgent)
Gives privileged access manager service account access to modify IAM policies on GCP organizations
Warning: Do not grant service agent roles to any principals except service agents.resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.organizations.setIamPolicy
(roles/privilegedaccessmanager.projectServiceAgent)
Gives privileged access manager service account access to modify IAM policies on GCP projects
Warning: Do not grant service agent roles to any principals except service agents.resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.setIamPolicy
(roles/privilegedaccessmanager.serviceAgent)
Gives privileged access manager service account access to modify IAM policies on GCP resources
Warning: Do not grant service agent roles to any principals except service agents.resourcemanager.folders.get
resourcemanager.folders.getIamPolicy
resourcemanager.folders.setIamPolicy
resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.organizations.setIamPolicy
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.setIamPolicy
(roles/privilegedaccessmanager.viewer)
Readonly access to Privileged Access Manager resources.
privilegedaccessmanager.entitlements.get
privilegedaccessmanager.entitlements.list
privilegedaccessmanager.grants.get
privilegedaccessmanager.grants.list
privilegedaccessmanager.locations.get
privilegedaccessmanager.locations.list
privilegedaccessmanager.operations.get
privilegedaccessmanager.operations.list
resourcemanager.projects.get
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4