Assign roles to Google Cloud Platform users

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • You assign Cloud Provisioning and Governance roles to user groups and to individual users based on user activities and responsibilities.

    Avant de commencer

    Role required: user_admin or admin

    Procédure

    Assign the following roles to groups and users as appropriate:
    Descriptive name and

    role name

    		 Description and tasks Access rights in Cloud Provisioning and Governance
    Root administrator

    [sn_cmp.cmp_root_admin]

    		 Highest level of application access for Cloud Provisioning and Governance. All
    Cloud administrator

    [sn_cmp.cloud_admin]

    		 Configures the Cloud Provisioning and Governance application and sets up the cloud infrastructure. Cloud infrastructure:

    Service accounts and cloud account

    Networks and IPAM

    Settings for provider services that auto-update the CMDB:
    • AWS Config
    • Azure Alert
    • Google Cloud Logging
    • IBM Cloud Update
    • VMware Events
    Governor

    [sn_cmp.cloud_governor]

    		 Monitors overall cloud usage and enforces compliance of the organization's rules, quotas, and policies. Also manages tags and permissions to various objects. Governance:
    • Policies
    • Pools
    • Quotas
    • Permissions
    Service Designer

    [sn.cmp.cloud_service_designer]

    		 Creates blueprints, ARM and CloudFormation templates, and catalog items. Cloud Service Design:
    • Cloud templates
    • Blueprints
    • Blueprint catalog items
    • Resource blocks
    Cloud user

    [sn_cmp.cloud_service_user]

    		 Requests and manages stacks and resources. Cloud User Portal.

    When you assign the role to a group, all members of the group share quota limitations and ownership of certain resources.

    You can access all the task records, assigned to you or otherwise, if you have the cloud service user role.
    Cloud operator

    [sn_cmp.cloud_operator]

    		 Monitors and troubleshoots the Cloud Provisioning and Governance application. Dashboards and reports:
    • Cloud Operations Dashboard
    • Cloud Root Cause Analysis
    • Cloud Orchestration Trail
    • Cloud API Trail
    Cloud Event Integration

    [sn_cmp.cloud_event_integration]

    Remarque :
    Not supported by IBM Cloud Connector.
    		 Authorizes access to the instance for external services that auto-update the CMDB when cloud events occur. This role gives the access to the cloud event REST endpoint.
    Cloud infrastructure:
    • Service accounts and cloud account
    • Networks and IPAM
    Settings for provider services that auto-update the CMDB:
    • AWS Config
    • Azure Alert
    • Google Cloud Logging
    • VMware Events
    Cloud Group administrator

    [sn_cmp.cloud_group_admin]

    		 Grants admin access to any group that you belong to.