1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMCustomRole
3metadata:
4 name: logmondev
5 namespace: o11y
6 annotations:
7 description: |
8 Provides only the required permissions for viewing logs and metrics, and creating dashboards and alerts
9spec:
10 permissions:
11 - cloudnotifications.activities.list
12 - logging.buckets.get
13 - logging.buckets.list
14 - logging.exclusions.get
15 - logging.exclusions.list
16 - logging.locations.get
17 - logging.locations.list
18 - logging.logEntries.download
19 - logging.logEntries.list
20 - logging.logMetrics.create
21 - logging.logMetrics.get
22 - logging.logMetrics.list
23 - logging.logMetrics.delete
24 - logging.logMetrics.update
25 - logging.logServiceIndexes.list
26 - logging.logServices.list
27 - logging.logs.list
28 - logging.notificationRules.create
29 - logging.notificationRules.update
30 - logging.notificationRules.delete
31 - logging.operations.get
32 - logging.operations.list
33 - logging.queries.create
34 - logging.queries.delete
35 - logging.queries.get
36 - logging.queries.list
37 - logging.queries.listShared
38 - logging.queries.share
39 - logging.queries.update
40 - logging.queries.updateShared
41 - logging.sinks.get
42 - logging.sinks.list
43 - logging.usage.get
44 - logging.views.access
45 - logging.views.get
46 - logging.views.list
47 - logging.views.listLogs
48 - logging.views.listResourceKeys
49 - logging.views.listResourceValues
50 - monitoring.alertPolicies.create
51 - monitoring.alertPolicies.delete
52 - monitoring.alertPolicies.get
53 - monitoring.alertPolicies.list
54 - monitoring.alertPolicies.update
55 - monitoring.dashboards.get
56 - monitoring.dashboards.list
57 - monitoring.dashboards.create
58 - monitoring.dashboards.delete
59 - monitoring.dashboards.update
60 - monitoring.groups.get
61 - monitoring.groups.list
62 - monitoring.incidents.get
63 - monitoring.incidents.update
64 - monitoring.metricDescriptors.get
65 - monitoring.metricDescriptors.list
66 - monitoring.monitoredResourceDescriptors.get
67 - monitoring.monitoredResourceDescriptors.list
68 - monitoring.notificationChannelDescriptors.get
69 - monitoring.notificationChannelDescriptors.list
70 - monitoring.notificationChannels.create
71 - monitoring.notificationChannels.delete
72 - monitoring.notificationChannels.get
73 - monitoring.notificationChannels.list
74 - monitoring.notificationChannels.sendVerificationCode
75 - monitoring.notificationChannels.update
76 - monitoring.notificationChannels.verify
77 - monitoring.publicWidgets.get
78 - monitoring.publicWidgets.list
79 - monitoring.services.get
80 - monitoring.services.list
81 - monitoring.slos.get
82 - monitoring.slos.list
83 - monitoring.timeSeries.list
84 - monitoring.uptimeCheckConfigs.create
85 - monitoring.uptimeCheckConfigs.update
86 - monitoring.uptimeCheckConfigs.delete
87 - monitoring.uptimeCheckConfigs.get
88 - monitoring.uptimeCheckConfigs.list
89 - opsconfigmonitoring.resourceMetadata.list
90 - resourcemanager.projects.get
91 - serviceusage.services.use
92 - stackdriver.projects.get
93 - stackdriver.resourceMetadata.list
94 title: logmondev
View as plain text