diff --git a/config/iam/roles/kustomization.yaml b/config/iam/roles/kustomization.yaml
index 627fb1f3..0ae09ac6 100644
--- a/config/iam/roles/kustomization.yaml
+++ b/config/iam/roles/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
   - gateway-admin.yaml
   - gateway-viewer.yaml
   - location-admin.yaml
+  - location-viewer.yaml
   - networking-admin.yaml
   - networking-viewer.yaml
   - domain-admin.yaml
diff --git a/config/iam/roles/location-viewer.yaml b/config/iam/roles/location-viewer.yaml
new file mode 100644
index 00000000..545d282d
--- /dev/null
+++ b/config/iam/roles/location-viewer.yaml
@@ -0,0 +1,13 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: Role
+metadata:
+  name: networking.datumapis.com-location-viewer
+  annotations:
+    kubernetes.io/display-name: Location Viewer
+    kubernetes.io/description: "View access to location resources"
+spec:
+  launchStage: Beta
+  includedPermissions:
+    - networking.datumapis.com/locations.list
+    - networking.datumapis.com/locations.get
+    - networking.datumapis.com/locations.watch