Tier
AdminCategoria
ObservabilityEscopo
project
Privilégios
5
Role ID
roles/logging.adminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full control of all Cloud Logging: log buckets, sinks, views, and exclusions.
Privilégios / Capacidades(5)
Read all logs including private logs
Create and manage log sinks and exports
Configure log buckets and views
Set exclusion filters
Manage log-based metrics
Role Definition (JSON)
{
"name": "roles/logging.admin",
"title": "Logging Admin",
"description": "Full control of all Cloud Logging: log buckets, sinks, views, and exclusions.",
"stage": "GA",
"includedPermissions": [
"Read all logs including private logs",
"Create and manage log sinks and exports",
"Configure log buckets and views",
"Set exclusion filters",
"Manage log-based metrics"
]Roles relacionadasObservability
Logs Configuration Writer
Create and manage log sinks, log-based metrics, and exclusion filters.
Logs Writer
Write log entries to Cloud Logging. Used by service accounts running workloads.
Private Logs Viewer
Read all log entries including private logs (data access audit logs).
Logs Viewer
Read all non-private log entries. Cannot access data access audit logs.
Monitoring Admin
Full access to all Cloud Monitoring: dashboards, alerting policies, uptime checks.