Google Cloud Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on Google Cloud Platform (GCP) resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Create GCP Native Key | PermissionCCKMCreateKey PermissionCCKMAddKMS | KEYCREATE |
| GCP add versions | PermissionCCKMAddKeyVersion PermissionCCKMAddKeyRings | KEYCREATE |
| GCP refresh key version | PermissionCCKMReadKey PermissionCCKMAddKeyVersion PermissionCCKMAddKeyRings | KEYUPDATE |
| Get GCP Refresh Key | PermissionCCKMReadKey PermissionCCKMAddKeyRings PermissionCCKMAddKeyVersion | KEYUPDATE |
| Update All Versions Jobs | PermissionCCKMAddKeyRings PermissionCCKMReadVersions PermissionCCKMUpdateAllVersionsStatus PermissionCCKMReadKey PermissionCCKMUpdateKey PermissionCCKMRestoreKey PermissionCCKMDestroyKey | KEYUPDATE KEYDESTROY KEYCANCELDESTROY |
| Enable Key Version | PermissionCCKMReadKey PermissionCCKMUpdateKey PermissionCCKMAddKeyRings | KEYUPDATE |
| Disable Key version | PermissionCCKMReadKey PermissionCCKMAddKeyRings PermissionCCKMUpdateKey | KEYUPDATE |
| Schedule destruction of Key Version | PermissionCCKMAddKeyRings PermissionCCKMReadKey PermissionCCKMDestroyKey | KEYDESTROY |
| Cancel scheduled destruction of a key version | PermissionCCKMAddKeyRings PermissionCCKMReadKey PermissionCCKMRestoreKey | KEYCANCELDESTROY |
| Enable Auto rotaiton | PermissionCCKMAddKeyRings PermissionCCKMUpdateKey | KEYUPDATE |
| Disable the auto-rotation | PermissionCCKMUpdateKey PermissionCCKMAddKeyRings | KEYUPDATE |
| Download Public Key | PermissionCCKMAddKeyRings PermissionCCKMGetKeyVersion | |
| Upload GCP Key | PermissionCCKMCreateKey PermissionUploadKey | KEYUPLOAD |
| Synchronization Jobs | PermissionCCKMReadGCPKeyRings PermissionCCKMSyncStatus PermissionCCKMSync PermissionCCKMReadKey | KEYSYNC |
| Cancle Synchronization Jobs | PermissionCCKMAddOCIVAULTS | KEYSYNC |
| Generate GCP Report | PermissionCCKMReadGCPKeyRings PermissionCCKMReport PermissionCCKMReportStatus | REPORTCREATE VIEW |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List GCP Keys | PermissionCCKMReadKey | VIEW |
| Get GCP Key | PermissionCCKMAddKeyRings PermissionCCKMReadKey | VIEW |
| List of GCP Key Versions | PermissionCCKMAddKeyRings PermissionCCKMReadVersions | VIEW |
| Get GCP Key Versions details | PermissionCCKMAddKeyRings | VIEW |
| Get GCP Update all Versions Jobs | ||
| Get Synchronization Jobs | PermissionCCKMSyncStatus | VIEW |
| Get Synchronization Jobs in id | PermissionCCKMSyncStatus | VIEW |
| List GCP Report | PermissionCCKMReportStatus | VIEW |
| Get GCP Report | PermissionCCKMReportStatus | VIEW |
| Get Contents | PermissionCCKMReportStatus | REPORTVIEW VIEW |
| Get CSV Content | PermissionCCKMReportStatus | REPORTDOWNLOAD VIEW |
| Get Syncronized status | PermissionCCKMSyncStatus | VIEW |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Upate GCP Key | PermissionCCKMReadKey PermissionCCKMUpdateKey PermissionCCKMAddKeyRings | KEYUPDATE |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete GCP Report | PermissionCCKMReportStatus PermissionCCKMDeleteReports | REPORTDELETE VIEW |