IAM roles and permissions

This page applies to Apigee and Apigee hybrid.

You can view and grant roles using the permissions panel on the IAM & Admin > IAM page in your Google Cloud project.

Go to IAM & Admin

The following table lists the roles and the corresponding permissions required to create and manage API hub resources.

IAM role name	Description	Required permissions
Cloud API hub Viewer	This role can view all resources in API hub	`apihub.googleapis.com/locations.searchResources` `apihub.googleapis.com/apis.list` `apihub.googleapis.com/apis.get` `apihub.googleapis.com/specs.list` `apihub.googleapis.com/specs.get` `apihub.googleapis.com/apiOperations.list` `apihub.googleapis.com/apiOperations.get` `apihub.googleapis.com/versions.list` `apihub.googleapis.com/versions.get` `apihub.googleapis.com/deployments.list` `apihub.googleapis.com/deployments.get` `apihub.googleapis.com/attributes.list` `apihub.googleapis.com/attributes.get` `apihub.googleapis.com/definitions.list` `apihub.googleapis.com/definitions.get` `apihub.googleapis.com/definitions.get` `apihub.googleapis.com/externalApis.get` `apihub.googleapis.com/externalApis.list` `apihub.googleapis.com/dependencies.get` `apihub.googleapis.com/dependencies.list` `apihub.googleapis.com/plugins.get` `apihub.googleapis.com/plugins.list` `apihub.googleapis.com/runTimeProjectAttachments.get` `apihub.googleapis.com/runTimeProjectAttachments.list` `apihub.googleapis.com/hostProjectRegistrations.list` `apihub.googleapis.com/hostProjectRegistrations.get` `apihub.googleapis.com/apiHubInstances.get` `apihub.googleapis.com/apiHubInstances.list` `apihub.googleapis.com/styleGuides.get` `cloudresourcemanager.googleapis.com/projects.get` `cloudresourcemanager.googleapis.com/projects.list`
Cloud API hub Plugins Admin	All permissions related to plugins	`cloudresourcemanager.googleapis.com/projects.get` `cloudresourcemanager.googleapis.com/projects.list` `apihub.googleapis.com/plugins.get` `apihub.googleapis.com/plugins.list` `apihub.googleapis.com/plugins.enable` `apihub.googleapis.com/plugins.disable` `apihub.googleapis.com/specs.lint` `apihub.googleapis.com/styleGuides.get` `apihub.googleapis.com/styleGuides.update`
Cloud API hub Editor	Editor role for resources	In addition to the permissions of the `Cloud API hub viewer` role, this role has the following permissions: `apihub.googleapis.com/apis.create` `apihub.googleapis.com/apis.update` `apihub.googleapis.com/apis.delete` `apihub.googleapis.com/versions.create` `apihub.googleapis.com/versions.update` `apihub.googleapis.com/versions.delete` `apihub.googleapis.com/specs.create` `apihub.googleapis.com/specs.update` `apihub.googleapis.com/specs.delete` `apihub.googleapis.com/deployments.create` `apihub.googleapis.com/deployments.update` `apihub.googleapis.com/deployments.delete` `apihub.googleapis.com/specs.lint`
Cloud API hub Provisioning Admin	All permissions related to provisioning	`cloudresourcemanager.googleapis.com/projects.get` `cloudresourcemanager.googleapis.com/projects.list` `apihub.googleapis.com/hostProjectRegistrations.list` `apihub.googleapis.com/hostProjectRegistrations.get` `apihub.googleapis.com/hostProjectRegistrations.create` `apihub.googleapis.com/hostProjectRegistrations.register` `apihub.googleapis.com/hostProjectRegistrations.delete` `apihub.googleapis.com/runTimeProjectAttachments.list` `apihub.googleapis.com/runTimeProjectAttachments.get` `apihub.googleapis.com/runTimeProjectAttachments.lookup` `apihub.googleapis.com/runTimeProjectAttachments.create` `apihub.googleapis.com/runTimeProjectAttachments.attach` `apihub.googleapis.com/runTimeProjectAttachments.delete` `apihub.googleapis.com/apiHubInstances.get` `apihub.googleapis.com/apiHubInstances.list` `apihub.googleapis.com/apiHubInstances.create` `apihub.googleapis.com/apiHubInstances.delete`
Cloud API hub Attributes Admin	All permissions related to attributes	`cloudresourcemanager.googleapis.com/projects.get` `cloudresourcemanager.googleapis.com/projects.list` `apihub.googleapis.com/attributes.create` `apihub.googleapis.com/attributes.update` `apihub.googleapis.com/attributes.delete` `apihub.googleapis.com/attributes.list` `apihub.googleapis.com/attributes.get`
Cloud API hub Admin	All permissions	This role has all the permissions of the following roles: Cloud API hub Editor Cloud API hub Attributes Admin Cloud API hub Provisioning Admin Cloud API hub Plugins Admin