Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.
Sensitive Data Protection IAM permissions Stay organized with collections Save and categorize content based on your preferences.
IAM permissions
Common permissions
Some methods do not have Sensitive Data Protection-specific permissions. Instead, they use common ones, as the methods can cause billable events, but do not access any protected cloud resources.
All actions that trigger billable events such as the projects.content methods require the serviceusage.services.use permission for the project that's specified in parent. The roles/editor, roles/owner, and roles/dlp.user roles contain the required permission or you can define your own custom roles containing this permission.
This permission ensures you are authorized to bill the project you specify.
Service account
To access both Google Cloud resources and execute calls to Sensitive Data Protection, Sensitive Data Protection uses the credentials of the Cloud Data Loss Prevention Service Agent to authenticate to other APIs. A service agent is a special type of service account that runs internal Google processes on your behalf. The service agent is identifiable using the email:
The Cloud Data Loss Prevention Service Agent is automatically granted common permissions on the project that are needed for inspecting resources and is listed in the IAM section of the Google Cloud console. The service agent exists indefinitely with the project and is only deleted when the project is deleted. Sensitive Data Protection relies on this service agent, so you should not remove it.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-15 UTC."],[],[]]