This document provides information on Identity and Access Management (IAM) roles and permissions for Route Optimization. IAM lets you grant granular access to specific Route Optimization resources and helps prevent access to other resources. IAM lets you apply the security principle of least privilege, which states that no one should have more permissions than they actually need.
When a principal (a user, group, or service account) calls a Google Cloud API, that principal must have the appropriate IAM permissions to use the resource. To give a principal the required permissions, you grant an IAM role to the principal.
To familiarize yourself with managing access in Google Cloud in general, see IAM overview.
The predefined IAM roles to allow principals to access Route Optimization are:
-
Route Optimization Editor (roles/routeoptimization.editor): grants the user or services account read and write access to Route Optimization resources in the project. This includes the ability to callOptimizeToursandBatchOptimizeTours, as well as to retrieve long running operations usingGetOperation. -
Route Optimization Viewer (roles/routeoptimization.viewer): grants read-only access to Route Optimization resources in the project. This role enables the ability to callOptimizeToursand access to Long Running Operations usingGetOperation.
gcloud projects add-iam-policy-binding PROJECT \ --member user:someone@example.com \ --role roles/routeoptimization.editor
For more information, see Grant an IAM role by using the Google Cloud console.
What's next
After configuring roles, you must create an OAuth token: