Access Context Manager roles and permissions Stay organized with collections Save and categorize content based on your preferences.
This page lists the IAM roles and permissions for Access Context Manager. To search through all roles and permissions, see the role and permission index.
Access Context Manager roles
Role
Permissions
Cloud Access Binding Admin
(roles/accesscontextmanager.gcpAccessAdmin)
Create, edit, and change Cloud access bindings.
accesscontextmanager.gcpUserAccessBindings.*
accesscontextmanager.gcpUserAccessBindings.create
accesscontextmanager.gcpUserAccessBindings.delete
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
accesscontextmanager.gcpUserAccessBindings.update
Cloud Access Binding Reader
(roles/accesscontextmanager.gcpAccessReader)
Read access to Cloud access bindings.
accesscontextmanager.gcpUserAccessBindings.get
accesscontextmanager.gcpUserAccessBindings.list
Access Context Manager Admin
(roles/accesscontextmanager.policyAdmin)
Full access to policies, access levels, access zones and authorized orgs descs.
accesscontextmanager.accessLevels.*
accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update
accesscontextmanager.authorizedOrgsDescs.*
accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update
accesscontextmanager.policies.*
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.*
accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update
cloudasset.assets.searchAllResources
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
Access Context Manager Editor
(roles/accesscontextmanager.policyEditor)
Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.
accesscontextmanager.accessLevels.*
accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.accessLevels.update
accesscontextmanager.authorizedOrgsDescs.*
accesscontextmanager.authorizedOrgsDescs.create
accesscontextmanager.authorizedOrgsDescs.delete
accesscontextmanager.authorizedOrgsDescs.get
accesscontextmanager.authorizedOrgsDescs.list
accesscontextmanager.authorizedOrgsDescs.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.*
accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.replaceAll
accesscontextmanager.servicePerimeters.update
cloudasset.assets.searchAllResources
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
Access Context Manager Reader
(roles/accesscontextmanager.policyReader)
Read access to policies, access levels, access zones and authorized orgs descs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-12-17 UTC."],[],[]]
