Skip to main content
Skip table of contents

Manage Service Accounts in a project (Enterprise)

The following steps are needed to grant/revoke permissions for creating/updating/deleting device registries to service accounts:

To Add/Edit/Delete Service Accounts

  1. Open the project selector window (drop-down at the top of the page).

    image-20240126-202718.png

  2. Click the edit icon (image-20240429-185348.png) to update the project area settings.

  3. Select the second tab, PRINCIPAL MANAGEMENT.

    image-20250814-182433.png

  4. Click ADD and select Service Account:

    image-20250814-182745.png

Provide the Name, Description, select Roles, and click CREATE.


To edit a Service Account, click the Edit icon (Pencil) to the right.
To download a Service Account credentials click the Download icon to the right.
To delete a Service account, select the checkbox (left), click Remove (top-right) then confirm by clicking REMOVE in the modal:

image-20250814-185813.png


Roles

The following table describes the permissions of roles that can be assigned to Users and Service Accounts.

Role Name

Id

Permissions

Levels Assignable

Cloud IoT Viewer

roles/cloudiot.viewer

  • cloudiot.registries.get

  • cloudiot.registries.list

  • cloudiot.devices.get

  • cloudiot.devices.list

Project level, Registry level

Cloud IoT Device Controller

roles/cloudiot.deviceController

  • all permissions from Cloud IoT Viewer

  • cloudiot.devices.updateConfig

  • cloudiot.devices.sendCommand

Project level, Registry level

Cloud IoT Provisioner

roles/cloudiot.provisioner

  • all permissions from Cloud IoT Device Controller

  • cloudiot.devices.create

  • cloudiot.devices.delete

  • cloudiot.devices.update

Project level, Registry level

Cloud IoT Editor

roles/cloudiot.editor

  • all permissions from Cloud IoT Provisioner

  • cloudiot.registries.create

  • cloudiot.registries.delete

  • cloudiot.registries.update

  • cloudiot.registries.migrate

Project level, Registry level

Cloud IoT Admin

roles/cloudiot.admin

  • all permissions from Cloud IoT Editor

  • cloudiot.registries.getIamPolicy

  • cloudiot.registries.setIamPolicy

  • cloudiot.projects.update

  • cloudiot.projects.delete

  • cloudiot.projects.updateUsers

  • cloudiot.projects.updateServiceAccounts

  • cloudiot.projects.listPrincipals

  • cloudiot.projects.deleteServiceAccounts

  • cloudiot.projects.createServiceAccounts

Project level

Cloud IoT Project Admin

roles/project.admin

  • all permissions from Cloud IoT Admin

Project level (or higher perhaps if that concept gets created)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close