Google Cloud Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on Google Cloud Platform (GCP) resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Create GCP Native Key | CreatKeyCCKM AddKmsCCKM | keycreate view |
| GCP add versions | AddKeyVersionCCKM | keycreate view |
| GCP refresh key version | ReadKeyCCKM AddKeyVersionCCKM | keyupdate view |
| Get GCP Refresh Key | ReadKeyCCKM AddKeyVersionCCKM | keyupdate view |
| Update All Versions Jobs | ReadVersionsCCKM UpdateAllVersionsStatusKeysCCKM ReadKeyCCKM UpdateKeyCCKM UpdateDestroyKeyCCKM | keyupdate keydestroy keycanceldestroy view |
| Enable Key Version | ReadKeyCCKM UpdateKeyCCKM | keyupdate view |
| Disable Key version | ReadKeyCCKM UpdateKeyCCKM | keyupdate view |
| Schedule destruction of Key Version | ReadKeyCCKM UpdateDestroyKeyCCKM | keydestroy view |
| Cancel scheduled destruction of a key version | ReadKeyCCKM UpdateRestoreKeyCCKM | keycanceldestroy view |
| Enable Auto rotaiton | UpdateKeyCCKM ReadKeyCCKM | keyupdate view |
| Disable the auto-rotation | UpdateKeyCCKM | keyupdate view |
| Download Public Key | GetKeyVersionCCKM | |
| Upload GCP Key | For local: CreatKeyCCKM UploadKey ReadKey For dsm: CreateKeyCCKM UploadKey ReadKey For hsm: CreateKeyCCKM UploadKey ReadKey | keyupload view |
| Synchronization Jobs | ReadGcpKeyRing SyncStatusKeysCCKM SyncKeysCCKM ReadKeyCCKM | keysynchronize view |
| Cancel Synchronization Jobs | AddKeyRingsCCKM SyncStatusKeysCCKM | keysynchronize view |
| Generate GCP Report | ReadGcpKeyRing CreateReportCCKM ReportStatusCCKM | |
| Get Google Cloud KeyRings | GetKeyRingsCCKM | view |
| Add Google Cloud KeyRings | AddKeyRingsCCKM ReadGcpKeyRing | view |
| Key Ring ACLS | ApplyAclsCCKM ReadKeyRingsCCKM | view |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List GCP Keys | ReadKeyCCKM | view |
| Get GCP Key | ReadKeyCCKM | view |
| List of GCP Key Versions | AddKeyRingsCCKM ReadVersionsCCKM | view |
| Get GCP Key Versions details | view | |
| Get GCP Update all Versions Jobs | ||
| Get Synchronization Jobs | SyncStatusKeysCCKM | view |
| Get Synchronization Jobs in id | SyncStatusKeysCCKM | view |
| List GCP Report | ReportStatusCCKM PermissionCCKMAddVault | |
| Get GCP Report | ReportStatusCCKM | |
| Get Contents | ReportStatusCCKM | |
| Get CSV Content | ReportStatusCCKM | |
| Get Syncronized status | SyncStatusKeysCCKM | view |
| List Key Rings | ReadGcpKeyRing AddKeyRingCCKM | view |
| Get Key Ring by id | ReadKeyRingsCCKM | view |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Upate GCP Key | ReadKeyCCKM UpdateKeyCCKM | keyupdate view |
| Update Key Ring | UpdateCCKMKeyRing ReadKeyRingsCCKM | view |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete GCP Report | ReportStatusCCKM DeleteReportsCCKM | |
| Delete Key Ring | ReadKeyRingsCCKM DeleteKeyRingCCKM | view |