Access Control with IAM
Service Usage uses Identity and Access Management (IAM) to control access to services. This page explains the IAM roles and permissions related to Service Usage and how to use them to control access.
Resource model
For Service Usage, there are three relevant resources:
-
The service you are using.
The project from which you are using the service.
The operation or long-running operation returned by certain methods.
Each Service Usage method requires a permission on one or more of these resources.
IAM permissions
The following table shows the required permissions for each Service Usage API method. You can also find this information in the API reference.
IAM roles
With IAM, you give users permission by granting them a role. The following tables list IAM basic and predefined roles, and the permissions related to Service Usage that those roles include.
For more information about roles, see Understanding roles.
Basic roles
Name | Title | Permissions |
---|---|---|
roles/viewer |
Viewer |
serviceusage.services.get serviceusage.services.list serviceusage.quotas.get |
|
Editor Owner |
serviceusage.services.get serviceusage.services.list serviceusage.services.disable serviceusage.services.enable serviceusage.services.use serviceusage.quotas.get serviceusage.quotas.update |
Predefined roles
Role | Permissions |
---|---|
API Keys Admin( Ability to create, delete, update, get and list API keys for a project. |
|
API Keys Viewer( Ability to get and list API keys for a project. |
|
Service Usage Admin( Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project. |
|
Service Usage Consumer( Ability to inspect service states and operations, and consume quota and billing for a consumer project. |
|
Service Usage Viewer( Ability to inspect service states and operations for a consumer project. |
|