Policy Simulator roles and permissions

This page lists the IAM roles and permissions for Policy Simulator. To search through all roles and permissions, see the role and permission index.

Policy Simulator roles

Role Permissions

Role	Permissions
Simulator Admin ^Beta (`roles/policysimulator.admin`) Admin user that can run and access replays.	`policysimulator.accessPolicySimulationResults.list` `policysimulator.accessPolicySimulations.` `policysimulator.accessPolicySimulations.create` `policysimulator.accessPolicySimulations.get` `policysimulator.accessPolicySimulations.list` `policysimulator.replayResults.list` `policysimulator.replays.` `policysimulator.replays.create` `policysimulator.replays.get` `policysimulator.replays.list` `policysimulator.replays.run`
OrgPolicy Simulator Admin ^Beta (`roles/policysimulator.orgPolicyAdmin`) OrgPolicy Admin that can run and access simulations.	`cloudasset.assets.analyzeOrgPolicy` `cloudasset.assets.exportResource` `cloudasset.assets.listResource` `cloudasset.assets.searchAllResources` `orgpolicy.customConstraints.get` `orgpolicy.customConstraints.list` `orgpolicy.policies.list` `orgpolicy.policy.get` `policysimulator.orgPolicyViolations.list` `policysimulator.orgPolicyViolationsPreviews.*` `policysimulator.orgPolicyViolationsPreviews.create` `policysimulator.orgPolicyViolationsPreviews.get` `policysimulator.orgPolicyViolationsPreviews.list` `resourcemanager.organizations.get`

Simulator Admin ^Beta

(roles/policysimulator.admin)

Admin user that can run and access replays.

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.*

policysimulator.accessPolicySimulations.create
policysimulator.accessPolicySimulations.get
policysimulator.accessPolicySimulations.list

policysimulator.replayResults.list

policysimulator.replays.*

policysimulator.replays.create
policysimulator.replays.get
policysimulator.replays.list
policysimulator.replays.run

OrgPolicy Simulator Admin ^Beta

(roles/policysimulator.orgPolicyAdmin)

OrgPolicy Admin that can run and access simulations.

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

orgpolicy.customConstraints.get

orgpolicy.customConstraints.list

orgpolicy.policies.list

orgpolicy.policy.get

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.*

policysimulator.orgPolicyViolationsPreviews.create
policysimulator.orgPolicyViolationsPreviews.get
policysimulator.orgPolicyViolationsPreviews.list

resourcemanager.organizations.get

Policy Simulator permissions

Permission	Included in roles
`policysimulator.accessPolicySimulationResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Deny Admin (`roles/iam.denyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.accessPolicySimulations.create`	Owner (`roles/owner`) Simulator Admin (`roles/policysimulator.admin`) Deny Admin (`roles/iam.denyAdmin`)
`policysimulator.accessPolicySimulations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Simulator Admin (`roles/policysimulator.admin`) Deny Admin (`roles/iam.denyAdmin`) Support User (`roles/iam.supportUser`)
`policysimulator.accessPolicySimulations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Deny Admin (`roles/iam.denyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.orgPolicyViolations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.create`	Owner (`roles/owner`) Editor (`roles/editor`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) Support User (`roles/iam.supportUser`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.orgPolicyViolationsPreviews.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Organization Policy Administrator (`roles/orgpolicy.policyAdmin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`) OrgPolicy Simulator Admin (`roles/policysimulator.orgPolicyAdmin`)
`policysimulator.replayResults.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.create`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)
`policysimulator.replays.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Simulator Admin (`roles/policysimulator.admin`) Security Auditor (`roles/iam.securityAuditor`) Support User (`roles/iam.supportUser`)
`policysimulator.replays.run`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Simulator Admin (`roles/policysimulator.admin`)

Policy Simulator roles and permissions