As I mentioned earlier, certain permissions and roles are required before using Cloud Logging. In the previous lesson, we touched on the roles that are available. Now, let’s take a quick look at all of the underlying permissions that are granted when each role is assigned. Now, I’m not going to expect you to memorize all these, nor is Google, for that matter. However, it is important to at least understand these for context.

On the screen is a table that shows the logging permission that are assigned when someone is assigned the Logs Viewer role. Notice in this screenshot, that these permissions are typically used to manage projects, the organization, folders, and billing accounts.

This next screenshot here shows the permissions assigned with the Private Logs Viewer and the Logs Writer roles. These permissions are also used to manage projects, organizations, folders, and billing accounts.

What you see on the screen now are the permissions that the Logs Configuration Writer role provides. These permissions are used to manage projects, organizations, folders, and billing accounts.

The Logs Bucket Writer and Logs View Accessor permission sets are shown on the screen now.

As we move along here, let’s take a look at the underlying permissions that get assigned when someone is assigned the Logging Admin role.

The last three roles I want to touch on here are the Viewer role, the Editor role, and the Owner role.

Notice, here, that all three of these permission sets are typically used when working with projects, organizations, and folders.

As far as API permissions go, there are different permissions that are necessary to use the Logging API. It’s a long list, so I’m not going to show a screenshot here. Instead, bounce out to the link on your screen to view them.

Now, like I said, you aren’t expected to memorize this stuff. However, understanding these underlying permissions will prove useful when the time comes where you need to maybe create a custom role.