IAM.md

IAM bindings reference

Legend: + additive, • conditional.

Project cmn

members	roles
gcp-data-analysts group	roles/datacatalog.viewer
gcp-data-engineers group	roles/dlp.estimatesAdmin roles/dlp.reader roles/dlp.user
gcp-data-security group	roles/datacatalog.admin roles/dlp.admin
prc-0 serviceAccount	roles/datacatalog.categoryFineGrainedReader roles/datacatalog.viewer roles/dlp.user

Project cur

members	roles
gcp-data-analysts group	roles/bigquery.dataViewer roles/bigquery.jobUser roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectViewer
gcp-data-engineers group	roles/bigquery.dataViewer roles/bigquery.jobUser roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.admin
SERVICE_IDENTITY_service-networking serviceAccount	roles/servicenetworking.serviceAgent +
cur-sa-0 serviceAccount	roles/bigquery.dataViewer roles/bigquery.jobUser roles/datacatalog.tagTemplateViewer roles/datacatalog.viewer roles/storage.objectViewer
prc-0 serviceAccount	roles/bigquery.dataOwner roles/bigquery.jobUser roles/storage.admin

Project lnd

members	roles
gcp-data-engineers group	roles/storage.admin
lnd-sa-0 serviceAccount	roles/storage.objectCreator
prc-0 serviceAccount	roles/storage.objectAdmin
prc-cmp-0 serviceAccount	roles/storage.objectViewer

Project prc

members	roles
gcp-data-engineers group	roles/composer.admin roles/composer.environmentAndStorageObjectAdmin roles/iam.serviceAccountUser roles/iap.httpsResourceAccessor roles/serviceusage.serviceUsageConsumer roles/storage.admin
SERVICE_IDENTITY_cloudcomposer-accounts serviceAccount	roles/composer.ServiceAgentV2Ext roles/storage.admin
SERVICE_IDENTITY_service-networking serviceAccount	roles/servicenetworking.serviceAgent +
prc-0 serviceAccount	roles/bigquery.jobUser roles/dataflow.worker roles/dataproc.worker
prc-cmp-0 serviceAccount	roles/bigquery.jobUser roles/composer.worker roles/dataflow.admin roles/dataproc.editor roles/iam.serviceAccountUser roles/storage.admin