Google Cloud Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on Google Cloud Platform (GCP) resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Create GCP Native Key | CreatKeyCCKM AddKmsCCKM |
keycreate view |
| GCP add versions | AddKeyVersionCCKM | keycreate view |
| GCP refresh key version | ReadKeyCCKM AddKeyVersionCCKM |
keyupdate view |
| Get GCP Refresh Key | ReadKeyCCKM AddKeyVersionCCKM |
keyupdate view |
| Update All Versions Jobs | ReadVersionsCCKM UpdateAllVersionsStatusKeysCCKM ReadKeyCCKM UpdateKeyCCKM UpdateDestroyKeyCCKM |
keyupdate keydestroy keycanceldestroy view |
| Enable Key Version | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Disable Key version | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Schedule destruction of Key Version | ReadKeyCCKM UpdateDestroyKeyCCKM |
keydestroy view |
| Cancel scheduled destruction of a key version | ReadKeyCCKM UpdateRestoreKeyCCKM |
keycanceldestroy view |
| Enable Auto rotaiton | UpdateKeyCCKM ReadKeyCCKM |
keyupdate view |
| Disable the auto-rotation | UpdateKeyCCKM | keyupdate view |
| Download Public Key | GetKeyVersionCCKM | |
| Upload GCP Key | • For local: CreatKeyCCKM UploadKey ReadKey • dsm: CreateKeyCCKM UploadKey ReadKey • hsm: CreateKeyCCKM UploadKey ReadKey |
keyupload view |
| Synchronization Jobs | ReadGcpKeyRing SyncStatusKeysCCKM SyncKeysCCKM ReadKeyCCKM |
keysynchronize view |
| Cancel Synchronization Jobs | AddKeyRingsCCKM SyncStatusKeysCCKM |
keysynchronize view |
| Generate GCP Report | ReadGcpKeyRing CreateReportCCKM ReportStatusCCKM |
|
| Get Google Cloud KeyRings | GetKeyRingsCCKM | view |
| Add Google Cloud KeyRings | AddKeyRingsCCKM ReadGcpKeyRing |
view |
| Key Ring ACLS | ApplyAclsCCKM ReadKeyRingsCCKM |
view |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List GCP Keys | ReadKeyCCKM | view |
| Get GCP Key | ReadKeyCCKM | view |
| List of GCP Key Versions | AddKeyRingsCCKM ReadVersionsCCKM |
view |
| Get GCP Key Versions details | view | |
| Get GCP Update all Versions Jobs | ||
| Get Synchronization Jobs | SyncStatusKeysCCKM | view |
| Get Synchronization Jobs in id | SyncStatusKeysCCKM | view |
| List GCP Report | ReportStatusCCKM PermissionCCKMAddVault |
|
| Get GCP Report | ReportStatusCCKM | |
| Get Contents | ReportStatusCCKM | |
| Get CSV Content | ReportStatusCCKM | |
| Get Syncronized status | SyncStatusKeysCCKM | view |
| List Key Rings | ReadGcpKeyRing AddKeyRingCCKM |
view |
| Get Key Ring by id | ReadKeyRingsCCKM | view |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Upate GCP Key | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Update Key Ring | UpdateCCKMKeyRing ReadKeyRingsCCKM |
view |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete GCP Report | ReportStatusCCKM DeleteReportsCCKM |
|
| Delete Key Ring | ReadKeyRingsCCKM DeleteKeyRingCCKM |
view |