Syensqo IS - Customer Support

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

What is Application Owner within the GCP's IAM?

This is a custom role within Solvay to indicate the actual owner responsible for this GCP project. 
This application owner is expected to be awared of the resources and the uses of this GCP project.

This role is used by GCP Cloudops for the following:

  1. Get approval on any requests on the assigned GCP project.
  2. Notify on any security finding and require to follow up.
  3. Access to the Billing dashboard

This role has no actual permission to change any resources within this GCP projects.
It is mainly for the following:

  1. Access to view the GCP billing for this project.
  2. Access to view the logging for this project.
  3. Access to view the IAM (Identity Access Management) to see the access granted for this project.
  4. Access to view the SCC (Security Command Center) for this project.

Any changes will be required to request to the Cloudops.

Permissions granted for this "Application Owner" role

  • billing.resourceCosts.get
  • logging.buckets.get
  • logging.buckets.list
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.links.get
  • logging.links.list
  • logging.locations.get
  • logging.locations.list
  • logging.logEntries.list
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logServiceIndexes.list
  • logging.logServices.list
  • logging.logs.list
  • logging.operations.get
  • logging.operations.list
  • logging.privateLogEntries.list
  • logging.queries.create
  • logging.queries.delete
  • logging.queries.get
  • logging.queries.list
  • logging.queries.listShared
  • logging.queries.update
  • logging.sinks.get
  • logging.sinks.list
  • logging.usage.get
  • logging.views.access
  • logging.views.get
  • logging.views.list
  • resourcemanager.folders.get
  • resourcemanager.folders.list
  • resourcemanager.organizations.get
  • resourcemanager.projects.get
  • resourcemanager.projects.getIamPolicy
  • resourcemanager.projects.list
  • securitycenter.findings.group
  • securitycenter.findings.list
  • securitycenter.findings.listFindingPropertyNames
  • securitycenter.sources.get
  • securitycenter.sources.list
  • securitycenter.userinterfacemetadata.get


To better understand on the roles and permission, you can read from Google Documentation.


The best way to get IT support is to use the new Service One Platform.