roles/accessapproval.approver
Ability to view or act on access approval requests and view configuration.
Access Approval Approver
['accessapproval.requests.approve', 'accessapproval.requests.dismiss', 'accessapproval.requests.get', 'accessapproval.requests.invalidate', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accessapproval.configEditor
Ability to update the Access Approval configuration
Access Approval Config Editor
['accessapproval.serviceAccounts.get', 'accessapproval.settings.delete', 'accessapproval.settings.get', 'accessapproval.settings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accessapproval.invalidator
Ability to invalidate existing approved approval requests
Access Approval Invalidator
['accessapproval.requests.invalidate', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accessapproval.viewer
Ability to view access approval requests and configuration
Access Approval Viewer
['accessapproval.requests.get', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accesscontextmanager.policyAdmin
Full access to policies, access levels, access zones and authorized orgs descs.
Access Context Manager Admin
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.setIamPolicy', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accesscontextmanager.policyEditor
Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.
Access Context Manager Editor
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/accesscontextmanager.policyReader
Read access to policies, access levels, access zones and authorized orgs descs.
Access Context Manager Reader
['accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/axt.admin
Enable Access Transparency for Organization
Access Transparency Admin
['axt.labels.get', 'axt.labels.set', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/actions.Admin
Access to edit and deploy an action
Actions Admin
['actions.agent.claimContentProvider', 'actions.agent.get', 'actions.agent.update', 'actions.agentVersions.create', 'actions.agentVersions.delete', 'actions.agentVersions.deploy', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'firebase.projects.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/actions.Viewer
Access to view an action
Actions Viewer
['actions.agent.get', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/policyanalyzer.activityAnalysisViewer
Viewer user that can read all activity analysis.
Activity Analysis Viewer
['policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query']
Copy Permissions BETA
roles/serviceconsumermanagement.tenancyUnitsAdmin
Administrate tenancy units
Admin of Tenancy Units
['serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource']
Copy Permissions BETA
roles/advisorynotifications.admin
Grants write access to settings in Advisory Notifications
Advisory Notifications Admin
['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'advisorynotifications.settings.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/advisorynotifications.viewer
Grants view access in Advisory Notifications
Advisory Notifications Viewer
['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/ml.admin
Full access to AI Platform.
AI Platform Admin
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get']
Copy Permissions GA
roles/ml.developer
Access to create training and prediction jobs, models and versions, send online prediction requests.
AI Platform Developer
['ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'resourcemanager.projects.get']
Copy Permissions GA
roles/ml.jobOwner
Full access to the job.
AI Platform Job Owner
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update']
Copy Permissions GA
roles/ml.modelOwner
Full access to the model and its versions.
AI Platform Model Owner
['ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update']
Copy Permissions GA
roles/ml.modelUser
Permissions to read the model and its versions, and use them for prediction.
AI Platform Model User
['ml.models.get', 'ml.models.predict', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict']
Copy Permissions GA
roles/notebooks.serviceAgent
Provide access for notebooks service agent to manage notebook instances in user projects
AI Platform Notebooks Service Agent
['aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.clusters.get', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.list', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.list', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/ml.operationOwner
Full access to the operation.
AI Platform Operation Owner
['ml.operations.cancel', 'ml.operations.get', 'ml.operations.list']
Copy Permissions GA
roles/ml.serviceAgent
AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.
AI Platform Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.updateData', 'firebase.projects.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/ml.viewer
Read-only access to AI Platform resources.
AI Platform Viewer
['ml.jobs.get', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.list', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/recommender.alloydbAdmin
Admin of AlloyDB insights and recommendations.
AlloyDB Recommender Admin
['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.alloydbViewer
Viewer of AlloyDB insights and recommendations.
AlloyDB Recommender Viewer
['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/alloydb.serviceAgent
Gives the AlloyDB service account permission to manage customer resources
AlloyDB Service Agent
['alloydb.clusters.list']
Copy Permissions GA
roles/analyticshub.admin
Administer Data Exchanges and Listings
Analytics Hub Admin
['analyticshub.dataExchanges.create', 'analyticshub.dataExchanges.delete', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.setIamPolicy', 'analyticshub.dataExchanges.update', 'analyticshub.dataExchanges.viewSubscriptions', 'analyticshub.listings.create', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/analyticshub.listingAdmin
Grants full control over the Listing, including updating, deleting and setting ACLs
Analytics Hub Listing Admin
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/analyticshub.publisher
Can publish to Data Exchanges thus creating Listings
Analytics Hub Publisher
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.create', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/analyticshub.subscriber
Can browse Data Exchanges and subscribe to Listings
Analytics Hub Subscriber
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.subscribe', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.subscribe', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/analyticshub.subscriptionOwner
Grants full control over the Subscription, including updating and deleting
Analytics Hub Subscription Owner
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/analyticshub.viewer
Can browse Data Exchanges and Listings
Analytics Hub Viewer
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/androidmanagement.user
Full access to manage devices.
Android Management User
['androidmanagement.enterprises.manage', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/anthosaudit.serviceAgent
Gives the Anthos Audit service agent access toCloud Platform resources.
Anthos Audit Service Agent
['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/anthosconfigmanagement.serviceAgent
Gives the Anthos Config Management service agent access toCloud Platform resources.
Anthos Config Management Service Agent
['container.clusters.get', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/anthosidentityservice.serviceAgent
Gives the Anthos Identity service agent access to Cloud Platform resources.
Anthos Identity Service Agent
['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/gkemulticloud.admin
Admin access to Anthos Multi-cloud resources.
Anthos Multi-cloud Admin
['gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.getAdminKubeconfig', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.getAdminKubeconfig', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkemulticloud.containerServiceAgent
Grants the Anthos Multi-Cloud Container Service Account access to manage resources.
Anthos Multi-Cloud Container Service Agent
['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'cloudnotifications.activities.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list']
Copy Permissions GA
roles/gkemulticloud.controlPlaneMachineServiceAgent
Grants the Anthos Multi-Cloud Control Plane Machine Service Account access to manage resources.
Anthos Multi-Cloud Control Plane Machine Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use']
Copy Permissions GA
roles/gkemulticloud.nodePoolMachineServiceAgent
Grants the Anthos Multi-Cloud Node Pool Machine Service Account access to manage resources.
Anthos Multi-Cloud Node Pool Machine Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use']
Copy Permissions GA
roles/gkemulticloud.serviceAgent
Grants the Anthos Multi-Cloud Service Account access to manage resources.
Anthos Multi-Cloud Service Agent
['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureNodePools.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkemulticloud.telemetryWriter
Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.
Anthos Multi-cloud Telemetry Writer
['logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'opsconfigmonitoring.resourceMetadata.write']
Copy Permissions GA
roles/gkemulticloud.viewer
Viewer access to Anthos Multi-cloud resources.
Anthos Multi-cloud Viewer
['gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/anthospolicycontroller.serviceAgent
Gives the Anthos Policy Controller service agent access toCloud Platform resources.
Anthos Policy Controller Service Agent
['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/anthos.serviceAgent
Gives the Anthos service agent access to Cloud Platformresources.
Anthos Service Agent
['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/anthosservicemesh.serviceAgent
Gives the Anthos Service Mesh service agent access to Cloud Platform resources.
Anthos Service Mesh Service Agent
['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.use', 'compute.networks.updatePolicy', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regions.list', 'compute.zones.list', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.get', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.deployments.get', 'container.deployments.list', 'container.events.get', 'container.events.list', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.list', 'container.jobs.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.get', 'container.namespaces.list', 'container.operations.get', 'container.pods.get', 'container.pods.list', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.get', 'container.services.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'logging.logEntries.create', 'meshconfig.projects.init', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'serviceusage.services.get', 'serviceusage.services.use', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list']
Copy Permissions GA
roles/anthossupport.serviceAgent
Gives the Anthos Support Service Agent access to Cloud Platform resource.
Anthos Support Service Agent
['gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get']
Copy Permissions GA
roles/serviceusage.apiKeysAdmin
Ability to create, delete, update, get and list API keys for a project.
API Keys Admin
['apikeys.keys.create', 'apikeys.keys.delete', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apikeys.keys.undelete', 'apikeys.keys.update', 'orgpolicy.policy.get', 'serviceusage.apiKeys.regenerate', 'serviceusage.apiKeys.revert']
Copy Permissions GA
roles/serviceusage.apiKeysViewer
Ability to get and list API keys for a project.
API Keys Viewer
['apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup']
Copy Permissions GA
roles/apim.admin
Full access to API Management resources.
API Management Admin
['apim.apiObservations.batchEditTags', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.create', 'apim.observationJobs.delete', 'apim.observationJobs.disable', 'apim.observationJobs.enable', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.create', 'apim.observationSources.delete', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.cancel', 'apim.operations.delete', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apim.viewer
Readonly access to API Management resources.
API Management Viewer
['apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.runtimeProjectServiceAgent
Gives API-Hub Service Account access to runtime project resources.
API-Hub Runtime Project Service Agent
['apigee.deployments.list', 'apigee.envgroupattachments.list', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.organizations.get', 'apigee.proxyrevisions.get']
Copy Permissions GA
roles/apigateway.admin
Full access to ApiGateway and related resources.
ApiGateway Admin
['apigateway.apiconfigs.create', 'apigateway.apiconfigs.delete', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.setIamPolicy', 'apigateway.apiconfigs.update', 'apigateway.apis.create', 'apigateway.apis.delete', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.setIamPolicy', 'apigateway.apis.update', 'apigateway.gateways.create', 'apigateway.gateways.delete', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.setIamPolicy', 'apigateway.gateways.update', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.cancel', 'apigateway.operations.delete', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/apigateway.viewer
Read-only access to ApiGateway and related resources.
ApiGateway Viewer
['apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/apigee.analyticsAgent
Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization
Apigee Analytics Agent
['apigee.datalocation.get', 'apigee.environments.getDataLocation', 'apigee.runtimeconfigs.get']
Copy Permissions GA
roles/apigee.analyticsEditor
Analytics editor for an Apigee Organization
Apigee Analytics Editor
['apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.analyticsViewer
Analytics viewer for an Apigee Organization
Apigee Analytics Viewer
['apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.get', 'apigee.reports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.apiAdminV2
Full read/write access to all apigee API resources
Apigee API Admin
['apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.deployments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.apiReaderV2
Reader of apigee resources
Apigee API Reader
['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigeeconnect.Admin
Admin of Apigee Connect
Apigee Connect Admin
['apigeeconnect.connections.list']
Copy Permissions GA
roles/apigeeconnect.Agent
Ability to set up Apigee Connect agent between external clusters and Google.
Apigee Connect Agent
['apigeeconnect.endpoints.connect']
Copy Permissions GA
roles/apigee.deploymentInvoker
Invoker of deployments in the apigee runtime
Apigee Deployment Invoker
['apigee.deployments.invoke']
Copy Permissions GA
roles/apigee.developerAdmin
Developer admin of apigee resources
Apigee Developer Admin
['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.get', 'apigee.rateplans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.environmentAdmin
Full read/write access to apigee environment resources, including deployments.
Apigee Environment Admin
['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.ingressconfigs.get', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeIntegrationAdminRole
A user that has full access to all Apigee integrations.
Apigee Integration Admin
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeSuspensionResolver
A role that can approve / reject Apigee integrations that contain a suspension/wait task.
Apigee Integration Approver
['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeIntegrationDeployerRole
A developer that can deploy/undeploy Apigee integrations to the integration runtime.
Apigee Integration Deployer
['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeIntegrationEditorRole
A developer that can list, create and update Apigee integrations.
Apigee Integration Editor
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeIntegrationInvokerRole
A role that can invoke Apigee integrations.
Apigee Integration Invoker
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.apigeeIntegrationsViewer
A developer that can list and view Apigee integrations.
Apigee Integration Viewer
['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.monetizationAdmin
All permissions related to monetization
Apigee Monetization Admin
['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.admin
Full access to all apigee resource features
Apigee Organization Admin
['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.caches.delete', 'apigee.caches.list', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datalocation.get', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.endpointattachments.create', 'apigee.endpointattachments.delete', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.create', 'apigee.envgroupattachments.delete', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.create', 'apigee.envgroups.delete', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.envgroups.update', 'apigee.environments.create', 'apigee.environments.delete', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.manageRuntime', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.create', 'apigee.instanceattachments.delete', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.create', 'apigee.instances.delete', 'apigee.instances.get', 'apigee.instances.list', 'apigee.instances.reportStatus', 'apigee.instances.update', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.nataddresses.activate', 'apigee.nataddresses.create', 'apigee.nataddresses.delete', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.create', 'apigee.organizations.delete', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.organizations.update', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'apigee.projects.migrate', 'apigee.projects.previewMigration', 'apigee.projects.update', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.runtimeconfigs.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.setupcontexts.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.portalAdmin
Portal admin for an Apigee Organization
Apigee Portal Admin
['apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.readOnlyAdmin
Viewer of all apigee resources
Apigee Read-only Admin
['apigee.addonsconfig.get', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appkeys.get', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.canaryevaluations.get', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datalocation.get', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.deployments.get', 'apigee.deployments.list', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerbalances.get', 'apigee.developermonetizationconfigs.get', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.get', 'apigee.instances.list', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.get', 'apigee.portals.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.references.get', 'apigee.references.list', 'apigee.reports.get', 'apigee.reports.list', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.runtimeconfigs.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.traceconfig.get', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.runtimeAgent
Curated set of permissions for a runtime agent to access Apigee Organization resources
Apigee Runtime Agent
['apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.entitlements.get', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.projectorganizations.get', 'apigee.runtimeconfigs.get']
Copy Permissions GA
roles/apigee.securityAdmin
Security admin for an Apigee Organization
Apigee Security Admin
['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.securityViewer
Security viewer for an Apigee Organization
Apigee Security Viewer
['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apigee.serviceAgent
Service agent that grants access to Apigee resources - API Products, Developers, Developer Apps, and App Keys.
Apigee Service Agent
['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.proxyrevisions.get', 'apigee.runtimeconfigs.get', 'cloudtrace.traces.patch', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.views.create', 'logging.views.get', 'logging.views.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/apigee.synchronizerManager
Curated set of permissions for a Synchronizer to manage environments in an Apigee Organization
Apigee Synchronizer Manager
['apigee.environments.get', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get']
Copy Permissions GA
roles/apim.apiDiscoveryServiceAgent
Gives APIM the ability to manage resources in consumer project
APIM API Discovery Service Agent
['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.globalOperations.get', 'compute.networks.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.subnetworks.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list']
Copy Permissions GA
roles/appdevelopmentexperience.serviceAgent
Give the App Development Experience service agent access toCloud Platform resources.
App Development Experience Service Agent
['container.clusters.get', 'container.clusters.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/appengine.appAdmin
Full management of App Engine apps (but not storage).
App Engine Admin
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.codeViewer
Ability to view App Engine app status and deployed source code.
App Engine Code Viewer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.getFileContents', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.appCreator
Ability to create the App Engine resource for the project.
App Engine Creator
['appengine.applications.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.deployer
Necessary permissions to deploy new code to App Engine, and remove old versions.
App Engine Deployer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengineflex.serviceAgent
Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts.
App Engine flexible environment Service Agent
['billing.accounts.get', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.create', 'compute.addresses.delete', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.create', 'compute.disks.list', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.globalAddresses.create', 'compute.globalAddresses.delete', 'compute.globalAddresses.get', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.use', 'compute.machineTypes.get', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionOperations.get', 'compute.regions.get', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/appengine.debugger
Ability to read or manage v2 instances.
App Engine Managed VM Debug Access
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.memcacheDataAdmin
Can get, set, delete, and flush App Engine Memcache items.
App Engine Memcache Data Admin
['appengine.applications.get', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.serviceAdmin
Can view and change traffic splits, scaling settings, and delete old versions; can't create new versions.
App Engine Service Admin
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/appengine.serviceAgent
Give App Engine Standard Enviroment service account access to managed resources. Includes access to service accounts.
App Engine Standard Environment Service Agent
['appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.aptartifacts.create', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'datastore.databases.get', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'serviceusage.services.enable', 'serviceusage.services.get', 'storage.buckets.create', 'storage.buckets.get']
Copy Permissions GA
roles/appengine.appViewer
Ability to view App Engine app status.
App Engine Viewer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apphub.admin
Full access to App Hub resources.
App Hub Admin
['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.setIamPolicy', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.attach', 'apphub.serviceProjectAttachments.create', 'apphub.serviceProjectAttachments.delete', 'apphub.serviceProjectAttachments.detach', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apphub.editor
Edit access to App Hub resources.
App Hub Editor
['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.list', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/apphub.viewer
View access to App Hub resources.
App Hub Viewer
['apphub.applications.get', 'apphub.applications.list', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.get', 'apphub.services.list', 'apphub.workloads.get', 'apphub.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/applianceactivation.troubleshooter
Grants access to send new commands to run on appliances and view the outputs
Appliance troubleshooter
['applianceactivation.rttCommands.create', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/applianceactivation.approver
Grants access to approve commands to run on appliances
Appliance troubleshooting commands approver
['applianceactivation.rttCommands.approve', 'applianceactivation.rttCommands.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/integrations.integrationAdmin
A user that has full access (CRUD) to all integrations.
Application Integration Admin
['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.suspensionResolver
A role that can resolve suspended integrations.
Application Integration Approver
['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.integrationDeployer
A developer that can deploy/undeploy integrations to the integration runtime.
Application Integration Deployer
['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.integrationEditor
A developer that can list, create and update integrations.
Application Integration Editor
['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.integrationInvoker
A role that can invoke integrations.
Application Integration Invoker
['integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.serviceAgent
Service agent that grants access to execute an integration.
Application Integration Service Agent
['cloudfunctions.functions.invoke', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.connections.get', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'pubsub.schemas.attach', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.jobs.run', 'run.routes.invoke', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/integrations.sfdcInstanceAdmin
A user that has full access (CRUD) to all SFDC instances.
Application Integration SFDC Instance Admin
['integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.sfdcInstanceEditor
A developer that can list, create and update integrations.
Application Integration SFDC Instance Editor
['integrations.sfdcChannels.create', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.sfdcInstanceViewer
A developer that can list and view SFDC instances.
Application Integration SFDC Instance Viewer
['integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.integrationViewer
A developer that can list and view integrations.
Application Integration Viewer
['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'integrations.testCases.get', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/artifactregistry.admin
Administrator access to create and manage repositories.
Artifact Registry Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions GA
roles/artifactregistry.createOnPushRepoAdmin
Access to manage artifacts in repositories, as well as create new repositories on push
Artifact Registry Create-on-Push Repository Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions GA
roles/artifactregistry.createOnPushWriter
Access to read and write repository items, as well as create new repositories on push
Artifact Registry Create-on-Push Writer
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create']
Copy Permissions GA
roles/artifactregistry.reader
Access to read repository items.
Artifact Registry Reader
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list']
Copy Permissions GA
roles/artifactregistry.repoAdmin
Access to manage artifacts in repositories.
Artifact Registry Repository Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions GA
roles/artifactregistry.serviceAgent
Gives the Artifact Registry service account access to managed resources.
Artifact Registry Service Agent
['artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.versions.delete', 'pubsub.topics.publish']
Copy Permissions GA
roles/artifactregistry.writer
Access to read and write repository items.
Artifact Registry Writer
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create']
Copy Permissions GA
roles/assuredoss.admin
Access to use Assured OSS and manage configuration.
Assured OSS Admin
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccountKeys.create', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.create', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/assuredoss.projectAdmin
Access to use Assured OSS and manage configuration.
Assured OSS Project Admin
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/assuredoss.reader
Access to use Assured OSS and view Assured OSS configuration.
Assured OSS Reader
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/assuredoss.user
Access to use Assured OSS.
Assured OSS User
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/assuredworkloads.admin
Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
Assured Workloads Administrator
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/assuredworkloads.editor
Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
Assured Workloads Editor
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/assuredworkloads.monitoringServiceAgent
Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.
Assured Workloads Monitoring Service Agent
['cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get']
Copy Permissions GA
roles/assuredworkloads.reader
Grants read access to all Assured Workloads resources and CRM resources - project/folder
Assured Workloads Reader
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/assuredworkloads.serviceAgent
Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.
Assured Workloads Service Agent
['cloudkms.cryptoKeys.create', 'cloudkms.keyRings.create', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use']
Copy Permissions GA
roles/securitycenter.attackSurfaceManagementScannerServiceAgent
Gives Mandiant Attack Surface Management the ability to scan Cloud Platform resources.
Attack Surface Management Scanner Service Agent
['apigateway.apiconfigs.get', 'cloudasset.assets.listResource', 'dns.managedZones.list', 'dns.resourceRecordSets.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/auditmanager.admin
Full access to Audit Manager resources.
Audit Manager Admin
['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.enrollResource', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/auditmanager.serviceAgent
Grants Audit Manager Service Agent access to various list/get rpcs of products to perform an audit.
Audit Manager Auditing Service Agent
['bigquery.datasets.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudsql.instances.list', 'compute.autoscalers.list', 'compute.backendServices.list', 'compute.disks.list', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.globalForwardingRules.list', 'compute.instanceGroupManagers.list', 'compute.instanceGroups.list', 'compute.instances.list', 'compute.regionSslPolicies.list', 'compute.regionTargetHttpProxies.list', 'compute.regionUrlMaps.list', 'compute.routers.list', 'compute.securityPolicies.list', 'compute.sslCertificates.list', 'compute.sslPolicies.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetSslProxies.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.zones.list', 'container.clusters.list', 'logging.buckets.list', 'monitoring.timeSeries.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'secretmanager.secrets.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list']
Copy Permissions GA
roles/auditmanager.auditor
Allows creating and viewing an audit report.
Audit Manager Auditor
['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/automl.admin
Full access to all AutoML resources
AutoML Admin
['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/automl.editor
Editor of all AutoML resources
AutoML Editor
['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.list', 'automl.models.predict', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/automl.predictor
Predict using models
AutoML Predictor
['automl.models.predict', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/automl.serviceAgent
AutoML service agent can act as Cloud Storage admin and export BigQuery tables, which can be backed by Cloud Storage and Cloud Bigtable.
AutoML Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'serviceusage.services.use', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/automl.viewer
Viewer of all AutoML resources
AutoML Viewer
['automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.get', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/autoscaling.metricsWriter
Access to write metrics for autoscaling site
Autoscaling Metrics Writer
['autoscaling.sites.writeMetrics']
Copy Permissions BETA
roles/autoscaling.recommendationsReader
Access to read recommendations from autoscaling site
Autoscaling Recommendations Reader
['autoscaling.sites.readRecommendations']
Copy Permissions BETA
roles/autoscaling.sitesAdmin
Full access to all autoscaling site features
Autoscaling Site Admin
['autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'autoscaling.sites.setIamPolicy', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/autoscaling.stateWriter
Access to write state for autoscaling site
Autoscaling State Writer
['autoscaling.sites.writeState']
Copy Permissions BETA
roles/backupdr.admin
Provides full access to all Backup and DR resources.
Backup and DR Admin
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.backupUser
Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.
Backup and DR Backup User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.backupvaultAccessor
Allows the Backup Appliance permissions to create and manage backups in a backup vault.
Backup and DR Backup Vault Accessor
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions GA
roles/backupdr.backupvaultAdmin
Allows the Backup Appliance full administrative control of backup vault resources.
Backup and DR Backup Vault Admin
['backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions GA
roles/backupdr.backupvaultLister
Allows the Backup Appliance permission to list backup vaults in a given project.
Backup and DR Backup Vault Lister
['backupdr.backupVaults.list']
Copy Permissions GA
roles/backupdr.backupvaultViewer
Allows read-only permissions to access backup vault resources and backups.
Backup and DR Backup Vault Viewer
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions GA
roles/backupdr.cloudStorageOperator
Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.
Backup and DR Cloud Storage Operator
['storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/backupdr.computeEngineOperator
Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.
Backup and DR Compute Engine Operator
['backupdr.managementServers.createConnection', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.pscInterfaceCreate', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.updateDisplayDevice', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.use', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.mangementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions BETA
roles/backupdr.managementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions BETA
roles/backupdr.mountUser
Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.
Backup and DR Mount User
['backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.restoreUser
Allows the user to restore or mount from a backup. This role cannot create a backup plan.
Backup and DR Restore User
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.serviceAgent
Grants the Backup and DR Service access to protect GCE instances.
Backup and DR Service Agent
['compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.user
Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.
Backup and DR User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.userv2
Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.
Backup and DR User V2
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/backupdr.viewer
Provides read-only access to all Backup and DR resources.
Backup and DR Viewer
['backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkebackup.admin
Full access to all Backup for GKE resources.
Backup for GKE Admin
['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.cancel', 'gkebackup.operations.delete', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkebackup.backupAdmin
Allows administrators to manage all BackupPlan and Backup resources.
Backup for GKE Backup Admin
['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkebackup.delegatedBackupAdmin
Allows administrators to manage Backup resources for specific BackupPlans
Backup for GKE Delegated Backup Admin
['gkebackup.backupPlans.get', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list']
Copy Permissions GA
roles/gkebackup.delegatedRestoreAdmin
Allows administrators to manage Restore resources for specific RestorePlans
Backup for GKE Delegated Restore Admin
['gkebackup.restorePlans.get', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list']
Copy Permissions GA
roles/gkebackup.restoreAdmin
Allows administrators to manage all RestorePlan and Restore resources.
Backup for GKE Restore Admin
['gkebackup.backupPlans.get', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkebackup.serviceAgent
Grants the Backup for GKE Service Account access to managed resources.
Backup for GKE Service Agent
['compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.regionOperations.get', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.zoneOperations.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkebackup.operations.get', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.updateLiens']
Copy Permissions GA
roles/gkebackup.viewer
Read-only access to all Backup for GKE resources.
Backup for GKE Viewer
['gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.admin
Administrator of Bare Metal Solution resources
Bare Metal Solution Admin
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.editor
Editor of Bare Metal Solution resources
Bare Metal Solution Editor
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.instancesadmin
Admin of Bare Metal Solution Instance resources
Bare Metal Solution Instances Admin
['baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.instancesviewer
Viewer of Bare Metal Solution Instance resources
Bare Metal Solution Instances Viewer
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.procurementsadmin
Administrator of Bare Metal Solution Procurements
Bare Metal Solution Procurements Admin
['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions GA
roles/baremetalsolution.procurementseditor
Editor of Bare Metal Solution Procurements
Bare Metal Solution Procurements Editor
['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions GA
roles/baremetalsolution.procurementsviewer
Viewer of Bare Metal Solution Procurements
Bare Metal Solution Procurements Viewer
['baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions GA
roles/baremetalsolution.serviceAgent
Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution.
Bare Metal Solution Service Agent
['compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.networks.get', 'compute.networks.list', 'compute.projects.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/baremetalsolution.storageadmin
Administrator of Bare Metal Solution storage resources
Bare Metal Solution Storage Admin
['baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.viewer
Viewer of Bare Metal Solution resources
Bare Metal Solution Viewer
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/batch.admin
Administrator of Batch resources
Batch Administrator
['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/batch.agentReporter
Reporter of Batch agent states.
Batch Agent Reporter
['batch.states.report']
Copy Permissions GA
roles/batch.jobsEditor
Editor of Batch Jobs
Batch Job Editor
['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/batch.jobsViewer
Viewer of Batch Jobs, Task Groups and Tasks
Batch Job Viewer
['batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/batch.resourceAllowancesEditor
Editor of Batch ResourceAllowances
Batch ResourceAllowance Editor
['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/batch.resourceAllowancesViewer
Viewer of Batch ResourceAllowances
Batch ResourceAllowance Viewer
['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/proximitybeacon.attachmentEditor
Can create and delete attachments; can list and get a project's beacons; can list a project's namespaces.
Beacon Attachment Editor
['proximitybeacon.attachments.create', 'proximitybeacon.attachments.delete', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.namespaces.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/proximitybeacon.attachmentPublisher
Grants necessary permissions to use beacons to create attachments in namespaces not owned by this project.
Beacon Attachment Publisher
['proximitybeacon.beacons.attach', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/proximitybeacon.attachmentViewer
Can view all attachments under a namespace; no beacon or namespace permissions.
Beacon Attachment Viewer
['proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/proximitybeacon.beaconEditor
Necessary access to register, modify, and view beacons; no attachment or namespace permissions.
Beacon Editor
['proximitybeacon.beacons.create', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/biglake.admin
Provides full access to all BigLake resources.
BigLake Admin
['biglake.catalogs.create', 'biglake.catalogs.delete', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.create', 'biglake.databases.delete', 'biglake.databases.get', 'biglake.databases.list', 'biglake.databases.update', 'biglake.locks.check', 'biglake.locks.create', 'biglake.locks.delete', 'biglake.locks.list', 'biglake.tables.create', 'biglake.tables.delete', 'biglake.tables.get', 'biglake.tables.list', 'biglake.tables.lock', 'biglake.tables.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/biglake.viewer
Provides read-only access to all BigLake resources.
BigLake Viewer
['biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.get', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.get', 'biglake.tables.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.admin
Administer all BigQuery resources and data
BigQuery Admin
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.connectionAdmin
BigQuery Connection Admin
['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use']
Copy Permissions GA
roles/bigqueryconnection.serviceAgent
Gives BigQuery Connection Service access to Cloud SQL instances in user projects.
BigQuery Connection Service Agent
['cloudsql.instances.connect', 'cloudsql.instances.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/bigquery.connectionUser
BigQuery Connection User
['bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.use']
Copy Permissions GA
roles/bigquerycontinuousquery.serviceAgent
Gives BigQuery Continuous Query access to the service accounts in the user project.
BigQuery Continuous Query Service Agent
['iam.serviceAccounts.getAccessToken']
Copy Permissions GA
roles/bigquery.dataEditor
Access to edit all the contents of datasets
BigQuery Data Editor
['bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.dataOwner
Full access to datasets and all of their contents
BigQuery Data Owner
['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquerydatapolicy.admin
Role for managing Data Policies in BigQuery
BigQuery Data Policy Admin
['bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update']
Copy Permissions GA
roles/bigquerydatapolicy.viewer
Role for viewing Data Policies in BigQuery
BigQuery Data Policy Viewer
['bigquery.dataPolicies.get', 'bigquery.dataPolicies.list']
Copy Permissions GA
roles/bigquerydatatransfer.serviceAgent
Gives BigQuery Data Transfer Service access to start bigquery jobs in consumer project.
BigQuery Data Transfer Service Agent
['bigquery.config.get', 'bigquery.jobs.create', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.regionOperations.get', 'compute.subnetworks.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'logging.logEntries.route', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.dataViewer
Access to view datasets and all of their contents
BigQuery Data Viewer
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.createSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.filteredDataViewer
Access to view filtered table data defined by a row access policy
BigQuery Filtered Data Viewer
['bigquery.rowAccessPolicies.getFilteredData']
Copy Permissions GA
roles/bigquery.jobUser
Access to run jobs
BigQuery Job User
['bigquery.config.get', 'bigquery.jobs.create', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.bigqueryMaterializedViewAdmin
Admin of BigQuery Materialized View Insights and Recommendations.
BigQuery Materialized View Recommender Admin
['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewInsights.update', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryMaterializedViewRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.bigqueryMaterializedViewViewer
Viewer of BigQuery Materialized View Insights and Recommendations.
BigQuery Materialized View Recommender Viewer
['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.metadataViewer
Access to view table and dataset metadata
BigQuery Metadata Viewer
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.get', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigqueryomni.serviceAgent
Gives BigQuery Omni access to tables in user projects.
BigQuery Omni Service Agent
['bigquery.jobs.create', 'bigquery.tables.updateData']
Copy Permissions GA
roles/recommender.bigqueryPartitionClusterAdmin
Admin of BigQuery Partitioning Clustering recommendations.
BigQuery Partitioning Clustering Recommender Admin
['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.update', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.bigqueryTableStatsInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.bigqueryPartitionClusterViewer
Viewer of BigQuery Partitioning Clustering recommendations.
BigQuery Partitioning Clustering Recommender Viewer
['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/bigquery.readSessionUser
Access to create and use read sessions
BigQuery Read Session User
['bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountAdmin
Billing Account Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Billing Account Admin
['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update']
Copy Permissions BETA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountViewer
Billing Account Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Billing Account Viewer
['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list']
Copy Permissions BETA
roles/recommender.bigQueryCapacityCommitmentsProjectAdmin
Project Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Project Admin
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.bigQueryCapacityCommitmentsProjectViewer
Project Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Project Viewer
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/bigquery.resourceAdmin
Administers BigQuery workloads, including slot assignments, commitments, and reservations.
BigQuery Resource Admin
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.resourceEditor
Manages BigQuery workloads, but is unable to create or modify slot commitments.
BigQuery Resource Editor
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.resourceViewer
Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.
BigQuery Resource Viewer
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.bigQueryCapacityCommitmentsAdmin
Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Slot Recommender Admin
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.bigQueryCapacityCommitmentsViewer
Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Slot Recommender Viewer
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/bigqueryspark.serviceAgent
Gives BigQuery Spark access to the service accounts in the user project.
BigQuery Spark Service Agent
['iam.serviceAccounts.getAccessToken']
Copy Permissions GA
roles/bigquery.studioAdmin
Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.
BigQuery Studio Admin
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'compute.reservations.get', 'compute.reservations.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.studioUser
Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.
BigQuery Studio User
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'bigquery.config.get', 'bigquery.jobs.create', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigquery.user
When applied to a project, access to run queries, create datasets, read dataset metadata, and list tables. When applied to a dataset, access to read dataset metadata and list tables within the dataset.
BigQuery User
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.jobs.create', 'bigquery.jobs.list', 'bigquery.models.list', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.list', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.list', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/bigtable.admin
Full access to all Bigtable resources and ability to assign Bigtable IAM roles.
Bigtable Administrator
['bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/bigtable.reader
Read access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families.
Bigtable Reader
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/bigtable.user
Read and write access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families.
Bigtable User
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/bigtable.viewer
Read access to metadata for instances, clusters, and tables, including column families.
Bigtable Viewer
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/billing.admin
Authorized to see and manage all aspects of billing accounts.
Billing Account Administrator
['billing.accounts.close', 'billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.move', 'billing.accounts.redeemPromotion', 'billing.accounts.removeFromOrganization', 'billing.accounts.reopen', 'billing.accounts.setIamPolicy', 'billing.accounts.update', 'billing.accounts.updatePaymentInfo', 'billing.accounts.updateUsageExportSpec', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.create', 'billing.resourceAssociations.delete', 'billing.resourceAssociations.list', 'billing.subscriptions.create', 'billing.subscriptions.get', 'billing.subscriptions.list', 'billing.subscriptions.update', 'cloudasset.assets.searchAllResources', 'cloudnotifications.activities.list', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'logging.logEntries.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/billing.costsManager
Can view and export cost information of billing accounts.
Billing Account Costs Manager
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.updateUsageExportSpec', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.resourceAssociations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update']
Copy Permissions GA
roles/billing.creator
Creator of billing accounts.
Billing Account Creator
['billing.accounts.create', 'resourcemanager.organizations.get']
Copy Permissions GA
roles/recommender.billingAccountCudAdmin
Admin of Billing Account Usage Commitment Recommender.
Billing Account Usage Commitment Recommender Admin
['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update']
Copy Permissions BETA
roles/recommender.billingAccountCudViewer
Viewer of Billing Account Usage Commitment Recommender.
Billing Account Usage Commitment Recommender Viewer
['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list']
Copy Permissions BETA
roles/billing.user
Can associate projects with billing accounts
Billing Account User
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.redeemPromotion', 'billing.credits.list', 'billing.resourceAssociations.create']
Copy Permissions GA
roles/billing.viewer
Can view information about billing accounts.
Billing Account Viewer
['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.get', 'billing.budgets.list', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.list', 'billing.subscriptions.get', 'billing.subscriptions.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list']
Copy Permissions GA
roles/binaryauthorization.attestorsAdmin
Adminstrator of Binary Authorization Attestors
Binary Authorization Attestor Admin
['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.setIamPolicy', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.attestorsEditor
Editor of Binary Authorization Attestors
Binary Authorization Attestor Editor
['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.attestorsVerifier
Caller of Binary Authorization Attestors VerifyImageAttested
Binary Authorization Attestor Image Verifier
['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.attestorsViewer
Viewer of Binary Authorization Attestors
Binary Authorization Attestor Viewer
['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.policyAdmin
Administrator of Binary Authorization Policy
Binary Authorization Policy Administrator
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.setIamPolicy', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.setIamPolicy', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.policyEditor
Editor of Binary Authorization Policy
Binary Authorization Policy Editor
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.policyEvaluator
Evaluator of Binary Authorization Policy
Binary Authorization Policy Evaluator
['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.policyViewer
Viewer of Binary Authorization Policy
Binary Authorization Policy Viewer
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/binaryauthorization.serviceAgent
Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.
Binary Authorization Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.update', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.listOccurrences', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.list']
Copy Permissions GA
roles/blockchainnodeengine.admin
Full access to Blockchain Node Engine resources.
Blockchain Node Engine Admin
['blockchainnodeengine.blockchainNodes.create', 'blockchainnodeengine.blockchainNodes.delete', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.blockchainNodes.update', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.cancel', 'blockchainnodeengine.operations.delete', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/blockchainnodeengine.serviceAgent
Grants Blockchain Node Engine access to metrics in user project
Blockchain Node Engine Service Agent
['monitoring.timeSeries.list']
Copy Permissions GA
roles/blockchainnodeengine.viewer
Readonly access to Blockchain Node Engine resources.
Blockchain Node Engine Viewer
['blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/blockchainvalidatormanager.admin
Full access to Blockchain Validator Manager resources.
Blockchain Validator Manager Admin
['blockchainvalidatormanager.blockchainValidatorConfigs.create', 'blockchainvalidatormanager.blockchainValidatorConfigs.delete', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.update', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.cancel', 'blockchainvalidatormanager.operations.delete', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/blockchainvalidatormanager.viewer
Readonly access to Blockchain Validator Manager resources.
Blockchain Validator Viewer
['blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/browser
Access to browse GCP resources.
Browser
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/privateca.admin
Full access to all CA Service resources.
CA Service Admin
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create']
Copy Permissions GA
roles/privateca.auditor
Read-only access to all CA Service resources.
CA Service Auditor
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/privateca.certificateManager
Create certificates and read-only access for CA Service resources.
CA Service Certificate Manager
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.create', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/privateca.certificateRequester
Request certificates from CA Service.
CA Service Certificate Requester
['privateca.certificates.create']
Copy Permissions GA
roles/privateca.templateUser
Read, list and use certificate templates.
CA Service Certificate Template User
['privateca.certificateTemplates.get', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.use']
Copy Permissions GA
roles/privateca.caManager
Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.
CA Service Operation Manager
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.update', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.update', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create']
Copy Permissions GA
roles/privateca.poolReader
Read CA Pools in CA Service.
CA Service Pool Reader
['privateca.caPools.get']
Copy Permissions GA
roles/privateca.workloadCertificateRequester
Request certificates from CA Service with caller's identity.
CA Service Workload Certificate Requester
['privateca.certificates.createForSelf']
Copy Permissions GA
roles/capacityplanner.viewer
Read-only access to Capacity Planner usage resources
Capacity Planner Usage Viewer
['capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'cloudquotas.quotas.get', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.reservations.get', 'compute.reservations.list', 'monitoring.timeSeries.list', 'resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get']
Copy Permissions BETA
roles/billing.carbonViewer
Carbon Footprint Viewer
['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.list']
Copy Permissions GA
roles/carestudio.viewer
This role can view all properties of Patients.
Care Studio Patients Viewer
['carestudio.patients.get', 'carestudio.patients.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudprivatecatalogproducer.admin
Can manage catalog and view its associations.
Catalog Admin
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudprivatecatalog.consumer
Can browse catalogs in the target resource context.
Catalog Consumer
['cloudprivatecatalog.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudprivatecatalogproducer.manager
Can manage associations between a catalog and a target resource.
Catalog Manager
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudprivatecatalogproducer.orgAdmin
Can manage catalog org settings.
Catalog Org Admin
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/certificatemanager.editor
Edit access to Certificate Manager all resources.
Certificate Manager Editor
['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/certificatemanager.owner
Full access to Certificate Manager all resources.
Certificate Manager Owner
['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.delete', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.cancel', 'certificatemanager.operations.delete', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.delete', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/certificatemanager.serviceAgent
Grants Certificate Manager access to services and APIs in the user project.
Certificate Manager Service Agent
['certificatemanager.locations.get']
Copy Permissions GA
roles/certificatemanager.viewer
Read-only access to Certificate Manager all resources.
Certificate Manager Viewer
['certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/integrations.certificateViewer
A developer that can list and view Certificates.
Certificate Viewer
['integrations.certificates.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/chat.owner
Can view and modify app configurations
Chat Apps Owner
['chat.bots.get', 'chat.bots.update']
Copy Permissions GA
roles/chat.reader
Can view app configurations
Chat Apps Viewer
['chat.bots.get']
Copy Permissions GA
roles/chronicle.admin
Full access to the Chronicle API services, including global settings.
Chronicle API Admin
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.bigQueryAccess.provide', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessLabels.create', 'chronicle.dataAccessLabels.delete', 'chronicle.dataAccessLabels.get', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessLabels.update', 'chronicle.dataAccessScopes.create', 'chronicle.dataAccessScopes.delete', 'chronicle.dataAccessScopes.get', 'chronicle.dataAccessScopes.list', 'chronicle.dataAccessScopes.permit', 'chronicle.dataAccessScopes.update', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.extensionValidationReports.get', 'chronicle.extensionValidationReports.list', 'chronicle.feedServiceAccounts.fetch', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.create', 'chronicle.feeds.delete', 'chronicle.feeds.disable', 'chronicle.feeds.enable', 'chronicle.feeds.generateSecret', 'chronicle.feeds.get', 'chronicle.feeds.list', 'chronicle.feeds.update', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.generateWorkspaceConnectionToken', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.parserExtensions.activate', 'chronicle.parserExtensions.create', 'chronicle.parserExtensions.delete', 'chronicle.parserExtensions.generateKeyValueMappings', 'chronicle.parserExtensions.get', 'chronicle.parserExtensions.legacySubmitParserExtension', 'chronicle.parserExtensions.list', 'chronicle.parserExtensions.removeSyslog', 'chronicle.parsers.activate', 'chronicle.parsers.activateReleaseCandidate', 'chronicle.parsers.copyPrebuiltParser', 'chronicle.parsers.create', 'chronicle.parsers.deactivate', 'chronicle.parsers.delete', 'chronicle.parsers.generateEventTypesSuggestions', 'chronicle.parsers.get', 'chronicle.parsers.list', 'chronicle.parsers.runParser', 'chronicle.parsingErrors.list', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.validationErrors.list', 'chronicle.validationReports.get', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/chronicle.editor
Modify Access to Chronicle API resources.
Chronicle API Editor
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/chronicle.globalDataAccess
Grants global access to data i.e. all data can be accessed.
Chronicle API Global Data Access
['chronicle.globalDataAccessScopes.permit']
Copy Permissions BETA
roles/chronicle.limitedViewer
Grants readonly access to Chronicle API resources, excluding Rules and Retrohunts.
Chronicle API Limited Viewer
['chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.get', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/chronicle.restrictedDataAccess
Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions.
Chronicle API Restricted Data Access
['chronicle.dataAccessScopes.permit']
Copy Permissions BETA
roles/chronicle.restrictedDataAccessViewer
Grants readonly access to Chronicle API resources without global data access scope.
Chronicle API Restricted Data Access Viewer
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.report', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/chronicle.viewer
Readonly access to the Chronicle API resources.
Chronicle API Viewer
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/chroniclesm.admin
Admins can view and modify Chronicle service details.
Chronicle Service Admin
['chroniclesm.gcpAssociations.create', 'chroniclesm.gcpAssociations.delete', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update']
Copy Permissions GA
roles/chronicle.serviceAgent
Grants Chronicle scoped access to customer project
Chronicle Service Agent
['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.datasets.create', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'chronicle.instances.get', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get']
Copy Permissions GA
roles/chroniclesm.viewer
Viewers can see Chronicle service details but not change them.
Chronicle Service Viewer
['chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpSettings.get']
Copy Permissions GA
roles/chronicle.soarAdmin
Grants admin access to Chronicle SOAR.
Chronicle SOAR Admin
['chronicle.instances.soarAdmin', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions BETA
roles/chronicle.soarServiceAgent
Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources.
Chronicle SOAR Service Agent
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.list', 'compute.instances.stop', 'compute.instances.updateNetworkInterface', 'compute.networks.updatePolicy', 'compute.zones.list', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'resourcemanager.organizations.getIamPolicy', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.list', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.update', 'securitycenter.sources.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.update']
Copy Permissions GA
roles/chronicle.soarThreatManager
Grants threat manager access to Chronicle SOAR.
Chronicle SOAR Threat Manager
['chronicle.instances.soarThreatManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions BETA
roles/chronicle.soarVulnerabilityManager
Grants vulnerability manager access to Chronicle SOAR.
Chronicle SOAR Vulnerability Manager
['chronicle.instances.soarVulnerabilityManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions BETA
roles/ciem.serviceAgent
Gives CIEM Service Account permission to access GCP resources
CIEM Service Agent
['cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'resourcemanager.organizations.get']
Copy Permissions GA
roles/accesscontextmanager.gcpAccessAdmin
Create, edit, and change Cloud access bindings.
Cloud Access Binding Admin
['accesscontextmanager.gcpUserAccessBindings.create', 'accesscontextmanager.gcpUserAccessBindings.delete', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.gcpUserAccessBindings.update']
Copy Permissions GA
roles/accesscontextmanager.gcpAccessReader
Read access to Cloud access bindings.
Cloud Access Binding Reader
['accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list']
Copy Permissions GA
roles/cloudaicompanion.serviceAgent
Gives Cloud AI Companion components the proper permissions to function.
Cloud AI Companion Service Agent
['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use']
Copy Permissions GA
roles/alloydb.admin
Full access to Cloud AlloyDB all resources.
Cloud AlloyDB Admin
['alloydb.backups.create', 'alloydb.backups.createTagBinding', 'alloydb.backups.delete', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.backups.update', 'alloydb.clusters.create', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.delete', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.export', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.import', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.clusters.promote', 'alloydb.clusters.switchover', 'alloydb.clusters.update', 'alloydb.clusters.upgrade', 'alloydb.databases.list', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.executeSql', 'alloydb.instances.failover', 'alloydb.instances.get', 'alloydb.instances.injectFault', 'alloydb.instances.list', 'alloydb.instances.restart', 'alloydb.instances.update', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.cancel', 'alloydb.operations.delete', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.create', 'alloydb.users.delete', 'alloydb.users.get', 'alloydb.users.list', 'alloydb.users.login', 'alloydb.users.update', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/alloydb.client
Connectivity access to Cloud AlloyDB instances.
Cloud AlloyDB Client
['alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.instances.connect', 'alloydb.instances.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/alloydb.databaseUser
Role allowing access to login as a database user.
Cloud AlloyDB Database User
['alloydb.clusters.get', 'alloydb.instances.executeSql', 'alloydb.instances.get', 'alloydb.users.login', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/alloydb.viewer
Read-only access to Cloud AlloyDB all resources.
Cloud AlloyDB Viewer
['alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.export', 'alloydb.clusters.get', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.databases.list', 'alloydb.instances.get', 'alloydb.instances.list', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.get', 'alloydb.users.list', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apigateway_management.serviceAgent
Gives Cloud API Gateway service account access to retrieve aService configuration.
Cloud API Gateway Management Service Agent
['iam.serviceAccounts.get', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.list', 'servicemanagement.services.update', 'serviceusage.services.get']
Copy Permissions GA
roles/apigateway.serviceAgent
Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.
Cloud API Gateway Service Agent
['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'servicemanagement.services.check', 'servicemanagement.services.quota', 'servicemanagement.services.report']
Copy Permissions GA
roles/apihub.admin
Full access to all API hub resources.
Cloud API Hub Admin
['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.attributeAdmin
Full access to all Cloud API hub attribute's resources.
Cloud API hub Attributes Admin
['apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.editor
Edit access to most of Cloud API Hub resources.
Cloud API Hub Editor
['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.pluginAdmin
Full access to all Cloud API hub plugin's resources.
Cloud API hub Plugins Admin
['apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.specs.lint', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.provisioningAdmin
Full access to Cloud API hub provisioning related resources.
Cloud API hub Provisioning Admin
['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apihub.viewer
View access to all Cloud API hub resources.
Cloud API hub Viewer
['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apis.get', 'apihub.apis.list', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.get', 'apihub.specs.list', 'apihub.styleGuides.get', 'apihub.versions.get', 'apihub.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apigeeregistry.admin
Full access to Cloud Apigee Registry Registry and Runtime resources.
Cloud Apigee Registry Admin
['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.setIamPolicy', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.setIamPolicy', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.instances.get', 'apigeeregistry.instances.update', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.cancel', 'apigeeregistry.operations.delete', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.setIamPolicy', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.setIamPolicy', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apigeeregistry.editor
Edit access to Cloud Apigee Registry Registry resources.
Cloud Apigee Registry Editor
['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apigeeregistry.viewer
Read-only access to Cloud Apigee Registry Registry resources.
Cloud Apigee Registry Viewer
['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/apigeeregistry.worker
The role used by Apigee Registry application workers to read and update Apigee Registry Artifacts.
Cloud Apigee Registry Worker
['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudAssetInsightsAdmin
Admin of all Cloud Asset insights.
Cloud Asset Insights Admin
['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.cloudAssetInsightsViewer
Viewer of all Cloud Asset insights.
Cloud Asset Insights Viewer
['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudasset.owner
Full access to cloud assets metadata
Cloud Asset Owner
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.locations.get', 'recommender.locations.list']
Copy Permissions GA
roles/cloudasset.serviceAgent
Gives Cloud Asset service agent permissions to Cloud Storage and BigQuery for exporting Assets, and permission to publish to Cloud Pub/Sub topics for Asset Real Time Feed.
Cloud Asset Service Agent
['bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'pubsub.topics.publish', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get']
Copy Permissions GA
roles/cloudasset.viewer
Read only access to cloud assets metadata
Cloud Asset Viewer
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list']
Copy Permissions GA
roles/beyondcorp.admin
Full access to all Cloud BeyondCorp resources.
Cloud BeyondCorp Admin
['beyondcorp.appConnections.create', 'beyondcorp.appConnections.delete', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.setIamPolicy', 'beyondcorp.appConnections.update', 'beyondcorp.appConnectors.create', 'beyondcorp.appConnectors.delete', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.reportStatus', 'beyondcorp.appConnectors.setIamPolicy', 'beyondcorp.appConnectors.update', 'beyondcorp.appGateways.create', 'beyondcorp.appGateways.delete', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.setIamPolicy', 'beyondcorp.appGateways.update', 'beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/beyondcorp.clientConnectorAdmin
Full access to all BeyondCorp Client Connector resources.
Cloud BeyondCorp Client Connector Admin
['beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/beyondcorp.clientConnectorServiceUser
Access Client Connector Service
Cloud BeyondCorp Client Connector Service User
['beyondcorp.clientConnectorServices.access']
Copy Permissions BETA
roles/beyondcorp.clientConnectorViewer
Read-only access to all BeyondCorp Client Connector resources.
Cloud BeyondCorp Client Connector Viewer
['beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/beyondcorp.partnerServiceDelegateAdmin
Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.
Cloud BeyondCorp Partner Service Delegate Admin
['beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.create', 'beyondcorp.partnerTenants.delete', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.partnerTenants.update', 'beyondcorp.proxyConfigs.create', 'beyondcorp.proxyConfigs.delete', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.proxyConfigs.update', 'resourcemanager.organizations.get']
Copy Permissions BETA
roles/beyondcorp.partnerServiceDelegateViewer
Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.
Cloud BeyondCorp Partner Service Delegate Viewer
['beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'resourcemanager.organizations.get']
Copy Permissions BETA
roles/beyondcorp.subscriptionAdmin
Full access to all BeyondCorp Subscription resources.
Cloud BeyondCorp Subscription Admin
['beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.organizations.get']
Copy Permissions BETA
roles/beyondcorp.subscriptionViewer
Read-only access to all BeyondCorp Subscription resources.
Cloud BeyondCorp Subscription Viewer
['beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get']
Copy Permissions BETA
roles/beyondcorp.viewer
Read-only access to all Cloud BeyondCorp resources.
Cloud BeyondCorp Viewer
['beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudbuild.builds.approver
Can approve or reject pending builds.
Cloud Build Approver
['cloudbuild.builds.approve', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.connectionAdmin
Can manage connections and repositories.
Cloud Build Connection Admin
['cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.connectionViewer
Can view and list connections and repositories.
Cloud Build Connection Viewer
['cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.builds.editor
Can create and cancel builds
Cloud Build Editor
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.integrationsEditor
Can update Integrations
Cloud Build Integrations Editor
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.integrationsOwner
Can create/delete Integrations
Cloud Build Integrations Owner
['cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'compute.firewalls.create', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regions.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.integrationsViewer
Can view Integrations
Cloud Build Integrations Viewer
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.loggingServiceAgent
Gives the Cloud Build logging-specific service account access to write logs.
Cloud Build Logging Service Agent
['logging.buckets.write']
Copy Permissions GA
roles/cloudbuild.readTokenAccessor
Can view the connection and access its read-only token.
Cloud Build Read Only Token Accessor
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.get']
Copy Permissions GA
roles/cloudbuild.builds.builder
Can perform builds
Cloud Build Service Account
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.topics.create', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/cloudbuild.serviceAgent
Gives Cloud Build service account access to managed resources.
Cloud Build Service Agent
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.regionOperations.get', 'compute.subnetworks.get', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'developerconnect.connections.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.networks.access', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/cloudbuild.tokenAccessor
Can view the connection and access its read/write and read-only tokens.
Cloud Build Token Accessor
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list']
Copy Permissions GA
roles/cloudbuild.builds.viewer
Can view builds
Cloud Build Viewer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.workerPoolEditor
Can update and view WorkerPools
Cloud Build WorkerPool Editor
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.workerPoolOwner
Can create, delete, update, and view WorkerPools
Cloud Build WorkerPool Owner
['cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudbuild.workerPoolUser
Can run builds in the WorkerPool
Cloud Build WorkerPool User
['cloudbuild.workerpools.use']
Copy Permissions GA
roles/cloudbuild.workerPoolViewer
Can view WorkerPools
Cloud Build WorkerPool Viewer
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/composer.serviceAgent
Cloud Composer API service agent can manage environments.
Cloud Composer API Service Agent
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'cloudaicompanion.entitlements.get', 'cloudnotifications.activities.list', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'composer.dags.get', 'composer.environments.get', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.list', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/composer.ServiceAgentV2Ext
Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.
Cloud Composer v2 API Service Agent Extension
['iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.setIamPolicy']
Copy Permissions GA
roles/cloudcontrolspartner.accessApprovalServiceAgent
Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner.
Cloud Controls Partner Access Approval Service Agent
['accessapproval.requests.get', 'accessapproval.requests.list']
Copy Permissions GA
roles/cloudcontrolspartner.admin
Full access to Cloud Controls Partner resources.
Cloud Controls Partner Admin
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list']
Copy Permissions GA
roles/cloudcontrolspartner.editor
Editor access to Cloud Controls Partner resources.
Cloud Controls Partner Editor
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions GA
roles/cloudcontrolspartner.ekmServiceAgent
Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information.
Cloud Controls Partner EKM Service Agent
['cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.verifyConnectivity']
Copy Permissions GA
roles/cloudcontrolspartner.inspectabilityReader
Readonly access to Cloud Controls Partner inspectability resources.
Cloud Controls Partner Inspectability Reader
['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.platformcontrols.get']
Copy Permissions GA
roles/cloudcontrolspartner.monitoringReader
Readonly access to Cloud Controls Partner monitoring resources.
Cloud Controls Partner Monitoring Reader
['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions GA
roles/cloudcontrolspartner.monitoringServiceAgent
Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability.
Cloud Controls Partner Monitoring Service Agent
['assuredworkloads.violations.get', 'assuredworkloads.violations.list']
Copy Permissions GA
roles/cloudcontrolspartner.reader
Readonly access to Cloud Controls Partner resources.
Cloud Controls Partner Reader
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions GA
roles/cloudcontrolspartner.supportCaseServiceAgent
Gives the Partner Console service account access to support cases for workloads associated with a partner.
Cloud Controls Partner Support Case Service Agent
['cloudsupport.techCases.get']
Copy Permissions GA
roles/recommender.cloudCostRecommendationAdmin
Admin of Cloud Cost General Recommendations Insights and Recommendations.
Cloud Cost General Recommendations Recommender Admin
['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralInsights.update', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudCostGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudCostRecommendationViewer
Viewer of Cloud Cost General Recommendations Insights and Recommendations.
Cloud Cost General Recommendations Recommender Viewer
['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datafusion.accessor
Read-only access to Cloud Data Fusion Instances. Use it on instance level along with the namespace grants to provide access to the specific namespace.
Cloud Data Fusion Accessor
['datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datafusion.admin
Full access to Cloud Data Fusion Instances, Namespaces and related resources.
Cloud Data Fusion Admin
['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.create', 'datafusion.instances.createTagBinding', 'datafusion.instances.delete', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.instances.restart', 'datafusion.instances.runtime', 'datafusion.instances.setIamPolicy', 'datafusion.instances.update', 'datafusion.instances.upgrade', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.cancel', 'datafusion.operations.delete', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.create', 'datafusion.pipelineConnections.delete', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.update', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datafusion.serviceAgent
Gives Cloud Data Fusion service account access to Service Networking, Cloud Dataproc, Cloud Storage, BigQuery, Cloud Spanner, and Cloud Bigtable resources.
Cloud Data Fusion API Service Agent
['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalOperations.get', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.update', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.removePeering', 'compute.networks.update', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zones.get', 'compute.zones.list', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.list', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.terminate', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.update', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.update', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicenetworking.services.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.getDdl', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.write', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/datafusion.developer
Access Cloud Data Fusion Instances, develop and run pipelines.
Cloud Data Fusion Developer
['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datafusion.operator
Access Cloud Data Fusion Instances, operate namespaces and related resources.
Cloud Data Fusion Operator
['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datafusion.runner
Access to Cloud Data Fusion runtime resources.
Cloud Data Fusion Runner
['datafusion.instances.runtime']
Copy Permissions GA
roles/datafusion.viewer
Read-only access to Cloud Data Fusion Instances, Namespaces and related resources.
Cloud Data Fusion Viewer
['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataflow.serviceAgent
Gives Cloud Dataflow service account access to managed resources. Includes access to service accounts.
Cloud Dataflow Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create', 'cloudnotifications.activities.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/dataplex.serviceAgent
Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.
Cloud Dataplex Service Agent
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.get', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.assets.getIamPolicy', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.projects.search', 'dataplex.zones.getIamPolicy', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.get', 'dataproc.operations.cancel', 'dataproc.operations.get', 'dataproc.operations.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'logging.logEntries.create', 'logging.logEntries.route', 'metastore.services.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/datastore.backupSchedulesAdmin
Manage backup schedules in Cloud Datastore.
Cloud Datastore Backup Schedules Admin
['datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.databases.getMetadata', 'datastore.databases.list']
Copy Permissions GA
roles/datastore.backupSchedulesViewer
Read access to backup schedules in Cloud Datastore.
Cloud Datastore Backup Schedules Viewer
['datastore.backupSchedules.get', 'datastore.backupSchedules.list']
Copy Permissions GA
roles/datastore.backupsAdmin
Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.
Cloud Datastore Backups Admin
['datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list']
Copy Permissions GA
roles/datastore.backupsViewer
Read access to metadata about backups in Cloud Datastore.
Cloud Datastore Backups Viewer
['datastore.backups.get', 'datastore.backups.list']
Copy Permissions GA
roles/datastore.bulkAdmin
Full access to manage bulk operations.
Cloud Datastore Bulk Admin
['datastore.databases.bulkDelete', 'datastore.databases.getMetadata', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.importExportAdmin
Full access to manage imports and exports.
Cloud Datastore Import Export Admin
['appengine.applications.get', 'datastore.databases.export', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.indexAdmin
Full access to manage index definitions.
Cloud Datastore Index Admin
['appengine.applications.get', 'datastore.databases.getMetadata', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.keyVisualizerViewer
Full access to Key Visualizer scans.
Cloud Datastore Key Visualizer Viewer
['datastore.databases.getMetadata', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.owner
Full access to Cloud Datastore.
Cloud Datastore Owner
['appengine.applications.get', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.restoreAdmin
Restore into Cloud Datastore Databases from Cloud Datastore Backups.
Cloud Datastore Restore Admin
['datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.create', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.operations.get', 'datastore.operations.list']
Copy Permissions GA
roles/datastore.user
Provides read/write access to data in a Cloud Datastore database. Intended for application developers and service accounts.
Cloud Datastore User
['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastore.viewer
Read access to all Cloud Datastore resources.
Cloud Datastore Viewer
['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddebugger.agent
Cloud Debugger agents are allowed to register and provide debug snapshot data.
Cloud Debugger Agent
['clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create']
Copy Permissions BETA
roles/clouddebugger.user
User Access to Cloud Debugger. Can create, delete and view snapshots and logpoints.
Cloud Debugger User
['clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list']
Copy Permissions BETA
roles/clouddeploy.admin
Full control of Cloud Deploy resources.
Cloud Deploy Admin
['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.setIamPolicy', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.approver
Permission to approve or reject rollouts.
Cloud Deploy Approver
['clouddeploy.config.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.customTargetTypeAdmin
Permission to manage CustomTargetType resources
Cloud Deploy Custom Target Type Admin
['clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.developer
Permission to manage deployment configuration without permission to access operational resources, such as targets.
Cloud Deploy Developer
['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.operator
Permission to manage deployment configuration.
Cloud Deploy Operator
['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.policyAdmin
Permission to manage Deploy Policies.
Cloud Deploy Policy Admin
['clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/clouddeploy.policyOverrider
Permission to override Deploy Policies.
Cloud Deploy Policy Overrider
['clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/clouddeploy.releaser
Permission to create Cloud Deploy releases and rollouts.
Cloud Deploy Releaser
['clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.create', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploy.jobRunner
Permission to execute Cloud Deploy work without permission to deliver to a target.
Cloud Deploy Runner
['clouddeploy.config.get', 'logging.logEntries.create', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/clouddeploy.serviceAgent
Gives Cloud Deploy Service Account access to managed resources.
Cloud Deploy Service Agent
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.get']
Copy Permissions GA
roles/clouddeploy.viewer
Can view Cloud Deploy resources.
Cloud Deploy Viewer
['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/clouddeploymentmanager.serviceAgent
Allows Deployment Manager service to actuate resources across DM projects and folders
Cloud Deployment Manager Service Agent
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.update', 'appengine.applications.get', 'appengine.operations.get', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.update', 'bigquery.connections.get', 'bigquery.datasets.create', 'bigquery.datasets.delete', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.update', 'bigquery.jobs.create', 'bigquery.routines.create', 'bigquery.routines.get', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.setCategory', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.instances.create', 'bigtable.instances.delete', 'bigtable.instances.get', 'bigtable.instances.update', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.get', 'bigtable.tables.update', 'billing.resourceAssociations.create', 'billing.resourcebudgets.write', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.update', 'cloudfunctions.operations.get', 'cloudprivatecatalog.targets.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.update', 'cloudsql.backupRuns.create', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.get', 'cloudsql.instances.import', 'cloudsql.instances.restart', 'cloudsql.instances.update', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendBuckets.create', 'compute.backendBuckets.delete', 'compute.backendBuckets.get', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.create', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.get', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.setLabels', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.delete', 'compute.images.deprecate', 'compute.images.get', 'compute.images.setLabels', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.listTagBindings', 'compute.instances.resume', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateDisplayDevice', 'compute.instances.use', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.setLabels', 'compute.interconnects.use', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.use', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.packetMirrorings.create', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.get', 'compute.projects.get', 'compute.projects.setUsageExportBucket', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.get', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.use', 'compute.regions.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.use', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.update', 'compute.routers.use', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.securityPolicies.create', 'compute.securityPolicies.delete', 'compute.securityPolicies.get', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.get', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.delete', 'compute.sslCertificates.get', 'compute.sslPolicies.create', 'compute.sslPolicies.delete', 'compute.sslPolicies.get', 'compute.sslPolicies.use', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.mirror', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.delete', 'compute.targetInstances.get', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.delete', 'compute.targetPools.get', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.update', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.operations.get', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.update', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.update', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'datacatalog.taxonomies.get', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.nodeGroups.create', 'dataproc.operations.get', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.update', 'deploymentmanager.operations.get', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.update', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.policies.delete', 'dns.policies.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'file.instances.create', 'file.instances.delete', 'file.instances.get', 'file.instances.update', 'file.operations.get', 'firebase.projects.get', 'firebase.projects.update', 'firebaseanalytics.resources.googleAnalyticsEdit', 'iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.update', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'iam.serviceAccounts.update', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.update', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'logging.notificationRules.create', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.update', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.update', 'networksecurity.serverTlsPolicies.use', 'pubsub.schemas.attach', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.publish', 'pubsub.topics.update', 'redis.instances.create', 'redis.instances.delete', 'redis.instances.get', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.operations.get', 'resourcemanager.folders.create', 'resourcemanager.folders.delete', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.update', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.create', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.delete', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.update', 'resourcemanager.projects.updateLiens', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicemanagement.services.bind', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.create', 'spanner.databaseOperations.get', 'spanner.databases.create', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.updateDdl', 'spanner.instanceOperations.get', 'spanner.instances.create', 'spanner.instances.delete', 'spanner.instances.get', 'spanner.instances.update', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.update', 'storage.hmacKeys.create', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.operations.get', 'workflows.operations.get', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get']
Copy Permissions GA
roles/recommender.cloudDeprecationRecommendationAdmin
Admin of Cloud Deprecation General Recommender Insights and Recommendations.
Cloud Deprecation General Recommender Admin
['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralInsights.update', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudDeprecationRecommendationViewer
Viewer of Cloud Deprecation General Recommender Insights and Recommendations.
Cloud Deprecation General Recommender Viewer
['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dns.serviceAgent
Gives Cloud DNS Service Agent access to Cloud Platform resources.
Cloud DNS Service Agent
['compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalOperations.get', 'compute.healthChecks.get']
Copy Permissions GA
roles/domains.admin
Full access to Cloud Domains Registrations and related resources.
Cloud Domains Admin
['domains.locations.get', 'domains.locations.list', 'domains.operations.cancel', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.configureContact', 'domains.registrations.configureDns', 'domains.registrations.configureManagement', 'domains.registrations.create', 'domains.registrations.createTagBinding', 'domains.registrations.delete', 'domains.registrations.deleteTagBinding', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'domains.registrations.setIamPolicy', 'domains.registrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/domains.viewer
Read-only access to Cloud Domains Registrations and related resources.
Cloud Domains Viewer
['domains.locations.get', 'domains.locations.list', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/endpoints.serviceAgent
Gives the Cloud Endpoints service account access to Endpoints services and the ability to act as a service controller.
Cloud Endpoints Service Agent
['servicemanagement.services.check', 'servicemanagement.services.get', 'servicemanagement.services.quota', 'servicemanagement.services.report']
Copy Permissions GA
roles/file.editor
Read-write access to Filestore instances and related resources.
Cloud Filestore Editor
['file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update']
Copy Permissions BETA
roles/file.serviceAgent
Gives Cloud Filestore service account access to managed resources.
Cloud Filestore Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.routes.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/file.viewer
Read-only access to Filestore instances and related resources.
Cloud Filestore Viewer
['file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.locations.get', 'file.locations.list', 'file.operations.get', 'file.operations.list', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings']
Copy Permissions BETA
roles/firewallinsights.serviceAgent
Gives Cloud Firewall Insights service agent permissions to retrieve Firewall, VM and route resources on user behalf.
Cloud Firewall Insights Service Agent
['compute.backendServices.list', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.healthChecks.list', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.list', 'compute.instanceGroups.list', 'compute.instances.get', 'compute.instances.list', 'compute.networks.getEffectiveFirewalls', 'compute.networks.list', 'compute.projects.get', 'compute.regionTargetTcpProxies.list', 'compute.routers.list', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.list', 'compute.targetPools.list', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.vpnTunnels.list']
Copy Permissions GA
roles/cloudfunctions.admin
Full access to functions, operations and locations.
Cloud Functions Admin
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudfunctions.developer
Read and write access to all functions-related resources.
Cloud Functions Developer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudfunctions.invoker
Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead.
Cloud Functions Invoker
['cloudfunctions.functions.invoke']
Copy Permissions GA
roles/cloudfunctions.serviceAgent
Gives Cloud Functions service account access to managed resources.
Cloud Functions Service Agent
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'compute.globalOperations.get', 'compute.networks.access', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebasedatabase.instances.get', 'firebasedatabase.instances.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions GA
roles/cloudfunctions.viewer
Read-only access to functions and locations.
Cloud Functions Viewer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/ids.admin
Full access to Cloud IDS all resources.
Cloud IDS Admin
['ids.endpoints.create', 'ids.endpoints.delete', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.setIamPolicy', 'ids.endpoints.update', 'ids.locations.get', 'ids.locations.list', 'ids.operations.cancel', 'ids.operations.delete', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/ids.viewer
Read-only access to Cloud IDS all resources.
Cloud IDS Viewer
['ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.locations.get', 'ids.locations.list', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/config.admin
Full access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Admin
['config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.deleteState', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.list', 'config.deployments.lock', 'config.deployments.setIamPolicy', 'config.deployments.unlock', 'config.deployments.update', 'config.deployments.updateState', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.export', 'config.previews.get', 'config.previews.list', 'config.previews.upload', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.getState', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/config.agent
Required permissions to make Cloud Infrastructure Manager work with the user-specified service account
Cloud Infrastructure Manager Agent
['cloudbuild.connections.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.list', 'cloudquotas.quotas.get', 'config.artifacts.import', 'config.deployments.deleteState', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.updateState', 'config.previews.upload', 'config.revisions.getState', 'logging.logEntries.create', 'monitoring.timeSeries.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions BETA
roles/config.viewer
Read-only access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Viewer
['config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.get', 'config.locations.list', 'config.operations.get', 'config.operations.list', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudiot.admin
Full control of all Cloud IoT resources and permissions.
Cloud IoT Admin
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.getIamPolicy', 'cloudiot.registries.list', 'cloudiot.registries.setIamPolicy', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions GA
roles/cloudiot.serviceAgent
Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs.
Cloud IoT Core Service Agent
['logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish']
Copy Permissions GA
roles/cloudiot.deviceController
Access to update the device configuration, but not to create or delete devices.
Cloud IoT Device Controller
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions GA
roles/cloudiot.editor
Read-write access to all Cloud IoT resources.
Cloud IoT Editor
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions GA
roles/cloudiot.provisioner
Access to create and delete devices from registries, but not to modify the registries, and enable devices to publish to topics associated with IoT registry.
Cloud IoT Provisioner
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions GA
roles/cloudiot.viewer
Read-only access to all Cloud IoT resources.
Cloud IoT Viewer
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions GA
roles/cloudkms.admin
Enables management of crypto resources.
Cloud KMS Admin
['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.destroy', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.restore', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.locations.optOutKeyDeletionMsa', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.autokeyAdmin
Enables management of AutokeyConfig.
Cloud KMS Autokey Admin
['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.projects.showEffectiveAutokeyConfig']
Copy Permissions GA
roles/cloudkms.autokeyUser
Grants ability to use KeyHandle resources.
Cloud KMS Autokey User
['cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig']
Copy Permissions GA
roles/cloudkms.cryptoOperator
Enables all Crypto Operations.
Cloud KMS Crypto Operator
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.cryptoKeyDecrypter
Enables Decrypt operations
Cloud KMS CryptoKey Decrypter
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.cryptoKeyDecrypterViaDelegation
Enables Decrypt operations via other GCP services
Cloud KMS CryptoKey Decrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.cryptoKeyEncrypter
Enables Encrypt operations
Cloud KMS CryptoKey Encrypter
['cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.cryptoKeyEncrypterViaDelegation
Enables Encrypt operations via other GCP services
Cloud KMS CryptoKey Encrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.cryptoKeyEncrypterDecrypter
Enables Encrypt and Decrypt operations
Cloud KMS CryptoKey Encrypter/Decrypter
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation
Enables Encrypt and Decrypt operations via other GCP services
Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.publicKeyViewer
Enables GetPublicKey operations
Cloud KMS CryptoKey Public Key Viewer
['cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.signer
Enables Sign operations
Cloud KMS CryptoKey Signer
['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.signerVerifier
Enables Sign, Verify, and GetPublicKey operations
Cloud KMS CryptoKey Signer/Verifier
['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.verifier
Enables Verify and GetPublicKey operations
Cloud KMS CryptoKey Verifier
['cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkms.ekmConnectionsAdmin
Enables management of EkmConnections.
Cloud KMS EkmConnections Admin
['cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.verifyConnectivity', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.expertRawAesCbc
Enables raw AES-CBC keys management.
Cloud KMS Expert Raw AES-CBC Key Manager
['cloudkms.cryptoKeyVersions.manageRawAesCbcKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.expertRawAesCtr
Enables raw AES-CTR keys management.
Cloud KMS Expert Raw AES-CTR Key Manager
['cloudkms.cryptoKeyVersions.manageRawAesCtrKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.expertRawPKCS1
Enables raw PKCS#1 keys management.
Cloud KMS Expert Raw PKCS#1 Key Manager
['cloudkms.cryptoKeyVersions.manageRawPKCS1Keys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudkms.importer
Enables ImportCryptoKeyVersion, CreateImportJob, ListImportJobs, and GetImportJob operations
Cloud KMS Importer
['cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.importJobs.useToImport', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/cloudkmskacls.serviceAgent
Grants Cloud KMS KACLS Service Agent access to KMS resource permissions to perform DEK encryption/decryption.
Cloud KMS KACLS Service Agent
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeys.get']
Copy Permissions GA
roles/cloudkms.orgServiceAgent
Gives Cloud KMS organization-level service account access to managed resources.
Cloud KMS Organization Service Agent
['cloudasset.assets.searchAllResources']
Copy Permissions GA
roles/cloudkms.protectedResourcesViewer
Enables viewing protected resources.
Cloud KMS Protected Resources Viewer
['cloudkms.protectedResources.search']
Copy Permissions GA
roles/cloudkms.serviceAgent
Gives Cloud KMS service account access to managed resources.
Cloud KMS Service Agent
['cloudasset.assets.listCloudkmsCryptoKeys']
Copy Permissions GA
roles/cloudkms.viewer
Enables Get and List operations.
Cloud KMS Viewer
['cloudkms.autokeyConfigs.get', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.get', 'cloudkms.keyRings.list', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/lifesciences.admin
Full control of Cloud Life Sciences resources.
Cloud Life Sciences Admin
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions BETA
roles/lifesciences.editor
Access to read and edit Cloud Life Sciences resources.
Cloud Life Sciences Editor
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions BETA
roles/lifesciences.serviceAgent
Gives Cloud Life Sciences Service Account access to compute resources. Includes access to service accounts.
Cloud Life Sciences Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/lifesciences.viewer
Access to read Cloud Life Sciences resources.
Cloud Life Sciences Viewer
['lifesciences.operations.get', 'lifesciences.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/lifesciences.workflowsRunner
Full access to operate on Cloud Life Sciences workflows.
Cloud Life Sciences Workflows Runner
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions BETA
roles/logging.serviceAgent
Grants a Cloud Logging Service Account the ability to create and link datasets.
Cloud Logging Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.link']
Copy Permissions GA
roles/recommender.cloudManageabilityRecommendationAdmin
Admin of Cloud Manageability General Recommendations Insights and Recommendations.
Cloud Manageability General Recommendations Recommender Admin
['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralInsights.update', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudManageabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudManageabilityRecommendationViewer
Viewer of Cloud Manageability General Recommendations Insights and Recommendations.
Cloud Manageability General Recommendations Recommender Viewer
['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/managedidentities.serviceAgent
Gives Managed Identities service account access to managed resources.
Cloud Managed Identities Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/memcache.admin
Full access to Memcached instances and related resources.
Cloud Memorystore Memcached Admin
['compute.networks.list', 'memcache.instances.applyParameters', 'memcache.instances.applySoftwareUpdate', 'memcache.instances.create', 'memcache.instances.delete', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.rescheduleMaintenance', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.instances.upgrade', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/memcache.editor
Read-Write access to Memcached instances and related resources.
Cloud Memorystore Memcached Editor
['memcache.instances.applyParameters', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/memcache.serviceAgent
Gives Cloud Memorystore Memcached service account access to managed resource
Cloud Memorystore Memcached Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/memcache.viewer
Read-only access to Memcached instances and related resources.
Cloud Memorystore Memcached Viewer
['memcache.instances.get', 'memcache.instances.list', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/redis.admin
Full access to Redis instances and related resources.
Cloud Memorystore Redis Admin
['compute.networks.list', 'networkconnectivity.serviceConnectionPolicies.list', 'redis.clusters.connect', 'redis.clusters.create', 'redis.clusters.delete', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.create', 'redis.instances.createTagBinding', 'redis.instances.delete', 'redis.instances.deleteTagBinding', 'redis.instances.export', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.getAuthString', 'redis.instances.import', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.instances.rescheduleMaintenance', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.instances.upgrade', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/redis.dbConnectionUser
Access to connecting to Redis Server db.
Cloud Memorystore Redis Db Connection User
['redis.clusters.connect']
Copy Permissions BETA
roles/redis.editor
Read-Write access to Redis instances and related resources.
Cloud Memorystore Redis Editor
['compute.networks.list', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.list', 'redis.instances.update', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/redis.serviceAgent
Gives Cloud Memorystore Redis service account access to managed resource
Cloud Memorystore Redis Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/redis.viewer
Read-only access to Redis instances and related resources.
Cloud Memorystore Redis Viewer
['redis.clusters.get', 'redis.clusters.list', 'redis.instances.get', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.locations.get', 'redis.locations.list', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/memorystore.serviceAgent
Gives Cloud Memorystore service account access to managed resource
Cloud Memorystore Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudoptimization.admin
Administrator of Cloud Optimization AI resources
Cloud Optimization AI Admin
['cloudoptimization.operations.create', 'cloudoptimization.operations.get']
Copy Permissions GA
roles/cloudoptimization.editor
Editor of Cloud Optimization AI resources
Cloud Optimization AI Editor
['cloudoptimization.operations.create', 'cloudoptimization.operations.get']
Copy Permissions GA
roles/cloudoptimization.viewer
Viewer of Cloud Optimization AI resources
Cloud Optimization AI Viewer
['cloudoptimization.operations.get']
Copy Permissions GA
roles/cloudoptimization.serviceAgent
Grants Cloud Optimization Service Account access to read and write data in the user project.
Cloud Optimization Service Agent
['storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/osconfig.serviceAgent
Grants OS Config Service Account access to Google Compute Engine instances.
Cloud OS Config Service Agent
['cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listPatchDeployments', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.list', 'compute.instances.setMetadata', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.zones.get', 'compute.zones.list', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'iam.serviceAccounts.actAs', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.cloudPerformanceRecommendationAdmin
Admin of Cloud Performance General Recommendations Insights and Recommendations.
Cloud Performance General Recommendations Recommender Admin
['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralInsights.update', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudPerformanceRecommendationViewer
Viewer of Cloud Performance General Recommendations Insights and Recommendations.
Cloud Performance General Recommendations Recommender Viewer
['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudprofiler.agent
Cloud Profiler agents are allowed to register and provide the profiling data.
Cloud Profiler Agent
['cloudprofiler.profiles.create', 'cloudprofiler.profiles.update']
Copy Permissions GA
roles/cloudprofiler.user
Cloud Profiler users are allowed to query and view the profiling data.
Cloud Profiler User
['cloudprofiler.profiles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/pubsub.serviceAgent
Grants Cloud Pub/Sub Service Account access to manage resources.
Cloud Pub/Sub Service Agent
['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudquotas.admin
Full access to Cloud Quotas resources.
Cloud Quotas Admin
['cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudquotas.viewer
Readonly access to Cloud Quotas resources.
Cloud Quotas Viewer
['cloudquotas.quotas.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudReliabilityRecommendationAdmin
Admin of Cloud Reliability General Recommendations Insights and Recommendations.
Cloud Reliability General Recommendations Recommender Admin
['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralInsights.update', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudReliabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudReliabilityRecommendationViewer
Viewer of Cloud Reliability General Recommendations Insights and Recommendations.
Cloud Reliability General Recommendations Recommender Viewer
['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/run.admin
Full control over all Cloud Run resources.
Cloud Run Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list']
Copy Permissions GA
roles/run.builder
Can build Cloud Run functions and source deployed services.
Cloud Run Builder
['artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'logging.logEntries.create', 'source.repos.get', 'storage.objects.get']
Copy Permissions BETA
roles/run.developer
Read and write access to all Cloud Run resources.
Cloud Run Developer
['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list']
Copy Permissions GA
roles/run.invoker
Can invoke Cloud Run services and execute Cloud Run jobs.
Cloud Run Invoker
['run.jobs.run', 'run.routes.invoke']
Copy Permissions GA
roles/serverless.serviceAgent
Gives Cloud Run service account access to managed resources.
Cloud Run Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions GA
roles/run.serviceAgent
Gives Cloud Run service account access to managed resources.
Cloud Run Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'networkservices.meshes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions GA
roles/run.sourceDeveloper
Deploy and manage Cloud Run source deployed resources.
Cloud Run Source Developer
['artifactregistry.repositories.create', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.folders.create', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.create', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions BETA
roles/run.sourceViewer
View Cloud Run source deployed resources.
Cloud Run Source Viewer
['artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions BETA
roles/run.viewer
Can view the state of all Cloud Run resources, including IAM policies.
Cloud Run Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list']
Copy Permissions GA
roles/runtimeconfig.admin
Full access to RuntimeConfig resources.
Cloud RuntimeConfig Admin
['runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.getIamPolicy', 'runtimeconfig.configs.list', 'runtimeconfig.configs.setIamPolicy', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.getIamPolicy', 'runtimeconfig.variables.list', 'runtimeconfig.variables.setIamPolicy', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.getIamPolicy', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.setIamPolicy', 'runtimeconfig.waiters.update']
Copy Permissions GA
roles/cloudscheduler.admin
Full access to jobs and executions.
Cloud Scheduler Admin
['appengine.applications.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudscheduler.jobRunner
Access to run jobs.
Cloud Scheduler Job Runner
['appengine.applications.get', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.run', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudscheduler.serviceAgent
Grants Cloud Scheduler Service Account access to manage resources.
Cloud Scheduler Service Agent
['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish']
Copy Permissions GA
roles/cloudscheduler.viewer
Get and list access to jobs, executions, and locations.
Cloud Scheduler Viewer
['appengine.applications.get', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/recommender.cloudSecurityRecommendationAdmin
Admin of Cloud Security General Recommendations Insights and Recommendations.
Cloud Security General Recommendations Recommender Admin
['recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralInsights.update', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudSecurityRecommendationViewer
Viewer of Cloud Security General Recommendations Insights and Recommendations.
Cloud Security General Recommendations Recommender Viewer
['recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/sourcerepo.serviceAgent
Allow Cloud Source Repositories to integrate with other Cloud services.
Cloud Source Repositories Service Agent
['iam.serviceAccounts.getAccessToken', 'pubsub.topics.publish']
Copy Permissions GA
roles/spanner.admin
Full control of Cloud Spanner resources.
Cloud Spanner Admin
['monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'spanner.backupOperations.cancel', 'spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.create', 'spanner.backupSchedules.delete', 'spanner.backupSchedules.get', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backupSchedules.setIamPolicy', 'spanner.backupSchedules.update', 'spanner.backups.copy', 'spanner.backups.create', 'spanner.backups.delete', 'spanner.backups.get', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.backups.restoreDatabase', 'spanner.backups.setIamPolicy', 'spanner.backups.update', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databaseRoles.use', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.create', 'spanner.databases.createBackup', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.getDdl', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.setIamPolicy', 'spanner.databases.update', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.useDataBoost', 'spanner.databases.useRoleBasedAccess', 'spanner.databases.write', 'spanner.instanceConfigOperations.cancel', 'spanner.instanceConfigOperations.delete', 'spanner.instanceConfigOperations.get', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.create', 'spanner.instanceConfigs.delete', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instanceConfigs.update', 'spanner.instanceOperations.cancel', 'spanner.instanceOperations.delete', 'spanner.instanceOperations.get', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.cancel', 'spanner.instancePartitionOperations.delete', 'spanner.instancePartitionOperations.get', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.create', 'spanner.instancePartitions.delete', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instancePartitions.update', 'spanner.instances.create', 'spanner.instances.createTagBinding', 'spanner.instances.delete', 'spanner.instances.deleteTagBinding', 'spanner.instances.get', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.instances.setIamPolicy', 'spanner.instances.update', 'spanner.instances.updateTag', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list']
Copy Permissions GA
roles/spanner.serviceAgent
Cloud Spanner API Service Agent
Cloud Spanner API Service Agent
['aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.models.get', 'aiplatform.models.list']
Copy Permissions GA
roles/spanner.backupAdmin
Administrator role to manage Cloud Spanner backups. Does not include permissions to restore from Cloud Spanner backups.
Cloud Spanner Backup Admin
['monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'spanner.backupOperations.cancel', 'spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.create', 'spanner.backupSchedules.delete', 'spanner.backupSchedules.get', 'spanner.backupSchedules.list', 'spanner.backupSchedules.update', 'spanner.backups.copy', 'spanner.backups.create', 'spanner.backups.delete', 'spanner.backups.get', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.backups.setIamPolicy', 'spanner.backups.update', 'spanner.databases.createBackup', 'spanner.databases.get', 'spanner.databases.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings']
Copy Permissions GA
roles/spanner.backupWriter
Role with limited permissions to create and manage Cloud Spanner backups. Does not have permission to modify backups.
Cloud Spanner Backup Writer
['spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.create', 'spanner.backupSchedules.get', 'spanner.backupSchedules.list', 'spanner.backups.copy', 'spanner.backups.create', 'spanner.backups.get', 'spanner.backups.list', 'spanner.databases.createBackup', 'spanner.databases.get', 'spanner.databases.list', 'spanner.instancePartitions.get', 'spanner.instances.get']
Copy Permissions GA
roles/spanner.databaseAdmin
Full control of Cloud Spanner databases.
Cloud Spanner Database Admin
['monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databaseRoles.use', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.create', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.getDdl', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.setIamPolicy', 'spanner.databases.update', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.useDataBoost', 'spanner.databases.useRoleBasedAccess', 'spanner.databases.write', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.get', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list']
Copy Permissions GA
roles/spanner.databaseReader
Access to read and/or query a Cloud Spanner database.
Cloud Spanner Database Reader
['spanner.databases.beginReadOnlyTransaction', 'spanner.databases.getDdl', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.instancePartitions.get', 'spanner.instances.get', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list']
Copy Permissions GA
roles/spanner.databaseRoleUser
In conjunction with the IAM role Cloud Spanner Fine-grained Access User, grants permissions to individual Spanner database roles. Add a condition for each desired Spanner database role that includes the resource type of `spanner.googleapis.com/DatabaseRole` and the resource name ending with `/<your Spanner database role>`.
Cloud Spanner Database Role User
['spanner.databaseRoles.use']
Copy Permissions GA
roles/spanner.databaseUser
Access to read, query, write and view and change the schema of Cloud Spanner databases
Cloud Spanner Database User
['spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.getDdl', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.write', 'spanner.instancePartitions.get', 'spanner.instances.get', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list']
Copy Permissions GA
roles/spanner.fineGrainedAccessUser
Grants permissions to use Spanner's fine-grained access control framework. To grant access to specific database roles, also add the Cloud Spanner Database Role User IAM role and its necessary conditions.
Cloud Spanner Fine-grained Access User
['spanner.databaseRoles.list', 'spanner.databases.useRoleBasedAccess']
Copy Permissions GA
roles/spanner.restoreAdmin
Administrator role to restore Cloud Spanner databases from Cloud Spanner backups.
Cloud Spanner Restore Admin
['monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'spanner.backups.get', 'spanner.backups.list', 'spanner.backups.restoreDatabase', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databases.create', 'spanner.databases.get', 'spanner.databases.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings']
Copy Permissions GA
roles/spanner.viewer
Viewer access to Cloud Spanner resources.
Cloud Spanner Viewer
['monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'spanner.databases.list', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings']
Copy Permissions GA
roles/speech.admin
Grants full access to all resources in Speech-to-text
Cloud Speech Administrator
['speech.adaptations.execute', 'speech.config.get', 'speech.config.update', 'speech.customClasses.create', 'speech.customClasses.delete', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.customClasses.undelete', 'speech.customClasses.update', 'speech.locations.get', 'speech.locations.list', 'speech.operations.cancel', 'speech.operations.delete', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.create', 'speech.phraseSets.delete', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.phraseSets.undelete', 'speech.phraseSets.update', 'speech.recognizers.create', 'speech.recognizers.delete', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize', 'speech.recognizers.undelete', 'speech.recognizers.update']
Copy Permissions GA
roles/speech.client
Grants access to the recognition APIs.
Cloud Speech Client
['speech.adaptations.execute', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.locations.get', 'speech.locations.list', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize']
Copy Permissions GA
roles/speech.editor
Grants access to edit resources in Speech-to-text
Cloud Speech Editor
['speech.adaptations.execute', 'speech.customClasses.create', 'speech.customClasses.delete', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.customClasses.undelete', 'speech.customClasses.update', 'speech.locations.get', 'speech.locations.list', 'speech.operations.cancel', 'speech.operations.delete', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.create', 'speech.phraseSets.delete', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.phraseSets.undelete', 'speech.phraseSets.update', 'speech.recognizers.create', 'speech.recognizers.delete', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize', 'speech.recognizers.undelete', 'speech.recognizers.update']
Copy Permissions GA
roles/speech.serviceAgent
Gives Speech-to-Text service account access to GCS resources.
Cloud Speech-to-Text Service Agent
['storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/cloudsql.admin
Full control of Cloud SQL resources.
Cloud SQL Admin
['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudsql.client
Connectivity access to Cloud SQL instances.
Cloud SQL Client
['cloudsql.instances.connect', 'cloudsql.instances.get']
Copy Permissions GA
roles/cloudsql.editor
Full control of existing Cloud SQL instances excluding modifying users, SSL certificates or deleting resources.
Cloud SQL Editor
['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.connect', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.restart', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.get', 'cloudsql.users.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudsql.instanceUser
Role allowing access to a Cloud SQL instance
Cloud SQL Instance User
['cloudsql.instances.get', 'cloudsql.instances.login']
Copy Permissions GA
roles/recommender.cloudsqlAdmin
Admin of Cloud SQL insights and recommendations.
Cloud SQL Recommender Admin
['recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.cloudsqlViewer
Viewer of Cloud SQL insights and recommendations.
Cloud SQL Recommender Viewer
['recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudsql.schemaViewer
Role allowing access to the Cloud SQL instance schema on Dataplex
Cloud SQL Schema Viewer
['cloudsql.schemas.view']
Copy Permissions GA
roles/cloudsql.serviceAgent
Grants Cloud SQL access to services and APIs in the user project
Cloud SQL Service Agent
['cloudsql.instances.get']
Copy Permissions GA
roles/cloudsql.studioUser
Role allowing access to Cloud SQL Studio
Cloud SQL Studio User
['cloudsql.databases.list', 'cloudsql.instances.executeSql', 'cloudsql.instances.get', 'cloudsql.instances.login', 'cloudsql.users.list']
Copy Permissions GA
roles/cloudsql.viewer
Read-only access to Cloud SQL resources.
Cloud SQL Viewer
['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.instances.export', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.get', 'cloudsql.users.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebasestorage.admin
Full management of Cloud Storage for Firebase.
Cloud Storage for Firebase Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasestorage.buckets.addFirebase', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.buckets.removeFirebase', 'firebasestorage.defaultBucket.create', 'firebasestorage.defaultBucket.delete', 'firebasestorage.defaultBucket.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebasestorage.serviceAgent
Access to Cloud Storage for Firebase through API and SDK.
Cloud Storage for Firebase Service Agent
['storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/firebasestorage.viewer
Read-only access for Cloud Storage for Firebase.
Cloud Storage for Firebase Viewer
['firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.defaultBucket.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudjobdiscovery.admin
Access to Cloud Talent Solution Self-Service Tools.
Cloud Talent Solution Admin
['cloudjobdiscovery.tools.access', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudjobdiscovery.jobsEditor
Write access to all job data in Cloud Talent Solution.
Cloud Talent Solution Job Editor
['cloudjobdiscovery.companies.create', 'cloudjobdiscovery.companies.delete', 'cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.companies.update', 'cloudjobdiscovery.events.create', 'cloudjobdiscovery.jobs.create', 'cloudjobdiscovery.jobs.delete', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.jobs.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudjobdiscovery.jobsViewer
Read access to all job data in Cloud Talent Solution.
Cloud Talent Solution Job Viewer
['cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.tenants.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudjobdiscovery.profilesEditor
Write access to all profile data in Cloud Talent Solution.
Cloud Talent Solution Profile Editor
['cloudjobdiscovery.events.create', 'cloudjobdiscovery.profiles.create', 'cloudjobdiscovery.profiles.delete', 'cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.profiles.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudjobdiscovery.profilesViewer
Read access to all profile data in Cloud Talent Solution.
Cloud Talent Solution Profile Viewer
['cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.tenants.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtasks.admin
Full access to queues and tasks.
Cloud Tasks Admin
['cloudtasks.cmekConfig.get', 'cloudtasks.cmekConfig.update', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'cloudtasks.tasks.create', 'cloudtasks.tasks.delete', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'cloudtasks.tasks.run', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtasks.enqueuer
Access to create tasks.
Cloud Tasks Enqueuer
['cloudtasks.tasks.create', 'cloudtasks.tasks.fullView', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtasks.queueAdmin
Admin access to queues.
Cloud Tasks Queue Admin
['cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtasks.serviceAgent
Grants Cloud Tasks Service Account access to manage resources.
Cloud Tasks Service Agent
['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create']
Copy Permissions GA
roles/cloudtasks.taskDeleter
Access to delete tasks.
Cloud Tasks Task Deleter
['cloudtasks.tasks.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtasks.taskRunner
Access to run tasks.
Cloud Tasks Task Runner
['cloudtasks.tasks.fullView', 'cloudtasks.tasks.run', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtasks.viewer
Get and list access to tasks, queues, and locations.
Cloud Tasks Viewer
['cloudtasks.cmekConfig.get', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.get', 'cloudtasks.queues.list', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/tpu.serviceAgent
Give Cloud TPUs service account access to managed resources
Cloud TPU API Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.zones.get', 'compute.zones.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtpu.serviceAgent
Give Cloud TPUs service account access to managed resources
Cloud TPU V2 API Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/cloudtrace.admin
Admin access to Cloud Trace.
Cloud Trace Admin
['cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'cloudtrace.traces.patch', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtrace.agent
Agent access to Cloud Trace. Can write trace data.
Cloud Trace Agent
['cloudtrace.traces.patch']
Copy Permissions GA
roles/cloudtrace.user
User access to Cloud Trace. Can view traces, insights and stats. Can create, list, view, and delete tasks.
Cloud Trace User
['cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtranslate.admin
Full access to all Cloud Translation resources
Cloud Translation API Admin
['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtranslate.editor
Editor of all Cloud Translation resources
Cloud Translation API Editor
['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtranslate.serviceAgent
Gives Cloud Translation Service Account access to consumer resources.
Cloud Translation API Service Agent
['automl.datasets.export', 'automl.datasets.get', 'automl.datasets.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/cloudtranslate.user
User of Cloud Translation and AutoML models
Cloud Translation API User
['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudtranslate.viewer
Viewer of all Translation resources
Cloud Translation API Viewer
['automl.models.get', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.get', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/visionai.serviceAgent
Grants Cloud Vision AI service account permissions to manage resources in consumer project
Cloud Vision AI Service Agent
['aiplatform.endpoints.predict', 'aiplatform.models.export', 'aiplatform.models.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.models.export', 'bigquery.readsessions.create', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'compute.machineTypes.get', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'run.jobs.run', 'run.routes.invoke', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update', 'visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.list', 'visionai.analyses.update', 'visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.list', 'visionai.clusters.update', 'visionai.clusters.watch', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.list', 'visionai.events.update', 'visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.list', 'visionai.operators.update', 'visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.update', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.update', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.update', 'visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions GA
roles/websecurityscanner.serviceAgent
Gives the Cloud Web Security Scanner service account access to compute engine details and app engine details.
Cloud Web Security Scanner Service Agent
['appengine.applications.get', 'cloudasset.assets.listResource', 'compute.addresses.list', 'compute.backendServices.get', 'compute.forwardingRules.get', 'compute.globalForwardingRules.get', 'compute.sslCertificates.list', 'compute.targetHttpProxies.get', 'compute.targetHttpsProxies.get', 'compute.urlMaps.get']
Copy Permissions GA
roles/workflows.serviceAgent
Gives Cloud Workflows service account access to managed resources.
Cloud Workflows Service Agent
['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'serviceusage.services.use']
Copy Permissions GA
roles/workstations.admin
Grants CRUD access to all Workstation resources.
Cloud Workstations Admin
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workstations.operations.get', 'workstations.workstationClusters.create', 'workstations.workstationClusters.delete', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationClusters.update', 'workstations.workstationConfigs.create', 'workstations.workstationConfigs.delete', 'workstations.workstationConfigs.get', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstationConfigs.setIamPolicy', 'workstations.workstationConfigs.update', 'workstations.workstations.create', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list', 'workstations.workstations.setIamPolicy', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update']
Copy Permissions GA
roles/workstations.workstationCreator
Grants ability to create Workstation resources.
Cloud Workstations Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workstations.operations.get', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationConfigs.get', 'workstations.workstations.create']
Copy Permissions GA
roles/workstations.networkAdmin
Grants ability to connect a Workstation Cluster to a shared VPC network.
Cloud Workstations Network Admin
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalOperations.get', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete']
Copy Permissions GA
roles/workstations.operationViewer
Grants ability to view Cloud Workstations API operations.
Cloud Workstations Operation Viewer
['workstations.operations.get']
Copy Permissions GA
roles/workstations.user
Grants runtime access to Workstation resources.
Cloud Workstations User
['workstations.operations.get', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update', 'workstations.workstations.use']
Copy Permissions GA
roles/dataform.codeCreator
Access only to private and shared code resources. The permissions in the Code Creator let you create and list code in Dataform, and access only the code that you created and code that was explicitly shared with you.
Code Creator
['dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataform.codeEditor
Edit access code resources.
Code Editor
['dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.writeFile', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataform.codeOwner
Full access to code resources.
Code Owner
['dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudaicompanion.codeRepositoryIndexesAdmin
Grants full access to Code Repository Indexes resources.
Code Repository Indexes Admin
['cloudaicompanion.codeRepositoryIndexes.create', 'cloudaicompanion.codeRepositoryIndexes.delete', 'cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.codeRepositoryIndexes.update', 'cloudaicompanion.operations.cancel', 'cloudaicompanion.operations.delete', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.create', 'cloudaicompanion.repositoryGroups.delete', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.setIamPolicy', 'cloudaicompanion.repositoryGroups.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudaicompanion.codeRepositoryIndexesViewer
Grants readonly access to Code Repository Indexes resources.
Code Repository Indexes Viewer
['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataform.codeViewer
Read-only access to all code resources.
Code Viewer
['dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.list', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.searchFiles', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.colabEnterpriseAdmin
Admin role of using colab enterprise.
Colab Enterprise Admin
['aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'compute.reservations.get', 'compute.reservations.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.colabEnterpriseUser
User role of using colab enterprise.
Colab Enterprise User
['aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/commerceagreementpublishing.admin
Admin of Commerce Agreement Publishing service
Commerce Agreement Publishing Admin
['commerceagreementpublishing.agreements.create', 'commerceagreementpublishing.agreements.delete', 'commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.agreements.update', 'commerceagreementpublishing.documents.create', 'commerceagreementpublishing.documents.delete', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commerceagreementpublishing.documents.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commerceagreementpublishing.viewer
Viewer of Commerce Agreement Publishing service
Commerce Agreement Publishing Viewer
['commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.admin
Admin of Various Provider Configuration resources
Commerce Business Enablement Configuration Admin
['commercebusinessenablement.leadgenConfig.get', 'commercebusinessenablement.leadgenConfig.update', 'commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerConfig.update', 'commercebusinessenablement.resellerRestrictions.list', 'commercebusinessenablement.resellerRestrictions.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.viewer
Viewer of Various Provider Configuration resource
Commerce Business Enablement Configuration Viewer
['commercebusinessenablement.leadgenConfig.get', 'commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerRestrictions.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.paymentConfigAdmin
Administration of Payment Configuration resource
Commerce Business Enablement PaymentConfig Admin
['commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.paymentConfig.get', 'commercebusinessenablement.paymentConfig.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.paymentConfigViewer
Viewer of Payment Configuration resource
Commerce Business Enablement PaymentConfig Viewer
['commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.paymentConfig.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.rebatesAdmin
Provides admin access to rebates
Commerce Business Enablement Rebates Admin
['commercebusinessenablement.operations.cancel', 'commercebusinessenablement.operations.delete', 'commercebusinessenablement.operations.get', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.refunds.cancel', 'commercebusinessenablement.refunds.create', 'commercebusinessenablement.refunds.delete', 'commercebusinessenablement.refunds.get', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.refunds.start', 'commercebusinessenablement.refunds.update']
Copy Permissions BETA
roles/commercebusinessenablement.rebatesViewer
Provides read-only access to rebates
Commerce Business Enablement Rebates Viewer
['commercebusinessenablement.operations.get', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.refunds.get', 'commercebusinessenablement.refunds.list']
Copy Permissions BETA
roles/commercebusinessenablement.resellerDiscountAdmin
Provides admin access to reseller discount offers
Commerce Business Enablement Reseller Discount Admin
['commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerDiscountConfig.get', 'commercebusinessenablement.resellerDiscountOffers.cancel', 'commercebusinessenablement.resellerDiscountOffers.create', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.cancel', 'commercebusinessenablement.resellerPrivateOfferPlans.create', 'commercebusinessenablement.resellerPrivateOfferPlans.delete', 'commercebusinessenablement.resellerPrivateOfferPlans.get', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerPrivateOfferPlans.publish', 'commercebusinessenablement.resellerPrivateOfferPlans.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercebusinessenablement.resellerDiscountViewer
Provides read-only access to reseller discount offers
Commerce Business Enablement Reseller Discount Viewer
['commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerDiscountConfig.get', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.get', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commerceoffercatalog.offersViewer
Allows viewing offers
Commerce Offer Catalog Offers Viewer
['commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get']
Copy Permissions BETA
roles/commerceorggovernance.admin
Full access to Organization Governance APIs
Commerce Organization Governance Admin
['commerceorggovernance.collectionRequestApprovals.list', 'commerceorggovernance.collectionRequestApprovals.review', 'commerceorggovernance.collections.create', 'commerceorggovernance.collections.delete', 'commerceorggovernance.collections.get', 'commerceorggovernance.collections.list', 'commerceorggovernance.collections.update', 'commerceorggovernance.consumerSharingPolicies.get', 'commerceorggovernance.consumerSharingPolicies.update', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'commerceorggovernance.populateCollectionJobs.create', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.populateCollectionJobs.run', 'commerceorggovernance.populateCollectionJobs.update', 'commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'commerceorggovernance.services.request', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commerceorggovernance.viewer
Full access to Organization Governance read-only APIs.
Commerce Organization Governance Viewer
['commerceorggovernance.collections.get', 'commerceorggovernance.collections.list', 'commerceorggovernance.consumerSharingPolicies.get', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercepricemanagement.eventsViewer
Allows viewing key events for an offer
Commerce Price Management Events Viewer
['commerceprice.events.get', 'commerceprice.events.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commercepricemanagement.privateOffersAdmin
Allows managing private offers
Commerce Price Management Private Offers Admin
['commerceagreementpublishing.agreements.create', 'commerceagreementpublishing.agreements.delete', 'commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.agreements.update', 'commerceagreementpublishing.documents.create', 'commerceagreementpublishing.documents.delete', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commerceagreementpublishing.documents.update', 'commerceprice.events.get', 'commerceprice.events.list', 'commerceprice.privateoffers.cancel', 'commerceprice.privateoffers.create', 'commerceprice.privateoffers.delete', 'commerceprice.privateoffers.get', 'commerceprice.privateoffers.list', 'commerceprice.privateoffers.publish', 'commerceprice.privateoffers.sendEmail', 'commerceprice.privateoffers.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/commercepricemanagement.viewer
Allows viewing offers, free trials, skus
Commerce Price Management Viewer
['commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commerceprice.privateoffers.get', 'commerceprice.privateoffers.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/commerceproducer.admin
Grants full access to all resources in Cloud Commerce Producer API.
Commerce Producer Admin
['commercebusinessenablement.partnerInfo.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/commerceproducer.viewer
Grants read access to all resources in Cloud Commerce Producer API.
Commerce Producer Viewer
['commercebusinessenablement.partnerInfo.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/compliancescanning.serviceAgent
Gives Compliance Scanning the access it needs to analyze containers and VMs for compliance and create occurrences using the Container Analysis API
Compliance Scanning Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'compute.images.get', 'compute.images.list', 'compute.images.useReadOnly', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.list', 'compute.zones.get', 'compute.zones.list', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/composer.admin
Full control of Composer resources.
Composer Administrator
['composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.create', 'composer.environments.delete', 'composer.environments.executeAirflowCommand', 'composer.environments.get', 'composer.environments.list', 'composer.environments.update', 'composer.imageversions.list', 'composer.operations.delete', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.create', 'composer.userworkloadsconfigmaps.delete', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadsconfigmaps.update', 'composer.userworkloadssecrets.create', 'composer.userworkloadssecrets.delete', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'composer.userworkloadssecrets.update', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/composer.sharedVpcAgent
Role that should be assigned to Composer Agent service account in Shared VPC host project
Composer Shared VPC Agent
['compute.networkAttachments.create', 'compute.networkAttachments.delete', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.updatePeering', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.regions.get', 'compute.regions.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zones.get', 'compute.zones.list', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.targetWithPeeringZone']
Copy Permissions GA
roles/composer.user
Read and use access to Composer resources.
Composer User
['composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.get', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/composer.worker
Worker access to Composer. Intended for service accounts.
Composer Worker
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'composer.environments.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'datalineage.events.create', 'datalineage.processes.create', 'datalineage.processes.get', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.get', 'datalineage.runs.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.views.access', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/compute.admin
Full control of all Compute Engine resources.
Compute Admin
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.futureReservations.cancel', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.futureReservations.setIamPolicy', 'compute.futureReservations.update', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.delete', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.globalPublicDelegatedPrefixes.create', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEdgeSecurityServices.create', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.delete', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEdgeSecurityServices.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.addNodes', 'compute.nodeGroups.create', 'compute.nodeGroups.delete', 'compute.nodeGroups.deleteNodes', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeGroups.performMaintenance', 'compute.nodeGroups.setIamPolicy', 'compute.nodeGroups.setNodeTemplate', 'compute.nodeGroups.simulateMaintenanceEvent', 'compute.nodeGroups.update', 'compute.nodeTemplates.create', 'compute.nodeTemplates.delete', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTemplates.setIamPolicy', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.disableXpnHost', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.organizations.listAssociations', 'compute.organizations.setFirewallPolicy', 'compute.organizations.setSecurityPolicy', 'compute.oslogin.updateExternalUser', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCloudArmorTier', 'compute.projects.setCommonInstanceMetadata', 'compute.projects.setDefaultNetworkTier', 'compute.projects.setDefaultServiceAccount', 'compute.projects.setManagedProtectionTier', 'compute.projects.setUsageExportBucket', 'compute.publicAdvertisedPrefixes.create', 'compute.publicAdvertisedPrefixes.delete', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicAdvertisedPrefixes.update', 'compute.publicAdvertisedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.create', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.delete', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionOperations.setIamPolicy', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.create', 'compute.reservations.delete', 'compute.reservations.get', 'compute.reservations.list', 'compute.reservations.resize', 'compute.reservations.update', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshotSettings.get', 'compute.snapshotSettings.update', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.delete', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zoneOperations.setIamPolicy', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.serviceAgent
Gives Compute Engine Service Account access to assert service account authority. Includes access to service accounts.
Compute Engine Service Agent
['cloudnotifications.activities.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.disks.create', 'compute.disks.createTagBinding', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.updateDisplayDevice', 'compute.machineImages.useReadOnly', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.resourcePolicies.use', 'compute.snapshots.useReadOnly', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/compute.futureReservationAdmin
Compute Future Reservation Admin
['compute.acceleratorTypes.list', 'compute.futureReservations.cancel', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.futureReservations.update', 'compute.instanceTemplates.list', 'compute.machineTypes.list', 'compute.regions.list', 'compute.reservations.create', 'compute.zones.list']
Copy Permissions BETA
roles/compute.futureReservationUser
Compute Future Reservation User
['compute.acceleratorTypes.list', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.futureReservations.update', 'compute.instanceTemplates.list', 'compute.machineTypes.list', 'compute.regions.list', 'compute.reservations.create', 'compute.zones.list']
Copy Permissions BETA
roles/compute.futureReservationViewer
Compute Future Reservation Viewer
['compute.acceleratorTypes.list', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.instanceTemplates.list', 'compute.machineTypes.list', 'compute.regions.list', 'compute.zones.list']
Copy Permissions BETA
roles/compute.imageUser
Read and use image resources.
Compute Image User
['compute.images.get', 'compute.images.getFromFamily', 'compute.images.list', 'compute.images.useReadOnly', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.instanceAdmin
Full control of Compute Engine instance resources.
Compute Instance Admin (beta)
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.list', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.list', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.licenses.get', 'compute.licenses.list', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.list', 'compute.resourcePolicies.useReadOnly', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.instanceAdmin.v1
Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.
Compute Instance Admin (v1)
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.loadBalancerAdmin
Full control of Compute Engine resources related to load balancer.
Compute Load Balancer Admin
['certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.use', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.projects.get', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.use', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.loadBalancerServiceUser
Permissions to use services from a load balancer in other projects.
Compute Load Balancer Services User
['compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.use', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.use', 'compute.projects.get', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.networkAdmin
Full control of Compute Engine networking resources.
Compute Network Admin
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.updateSecurity', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/compute.networkUser
Access to use Compute Engine networking resources.
Compute Network User
['compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.useInternal', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.instanceSettings.get', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.use', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networks.access', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.use', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zones.get', 'compute.zones.list', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.use', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.use', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicenetworking.services.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.networkViewer
Read-only access to Compute Engine networking resources.
Compute Network Viewer
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zones.get', 'compute.zones.list', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicenetworking.services.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/compute.orgFirewallPolicyAdmin
Full control of Compute Engine Organization Firewall Policies.
Compute Organization Firewall Policy Admin
['compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.projects.get', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionOperations.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.orgFirewallPolicyUser
View or use Compute Engine Firewall Policies to associate with the organization or folders.
Compute Organization Firewall Policy User
['compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.projects.get', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.orgSecurityResourceAdmin
Full control of Compute Engine Firewall Policy associations to the organization or folders.
Compute Organization Resource Admin
['compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.organizations.listAssociations', 'compute.organizations.setFirewallPolicy', 'compute.organizations.setSecurityPolicy', 'compute.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.orgSecurityPolicyAdmin
Full control of Compute Engine Organization Security Policies.
Compute Organization Security Policy Admin
['compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.projects.get', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.orgSecurityPolicyUser
View or use Compute Engine Security Policies to associate with the organization or folders.
Compute Organization Security Policy User
['compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.projects.get', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.osAdminLogin
Access to log in to a Compute Engine instance as an administrator user.
Compute OS Admin Login
['compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.projects.get', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.osLogin
Access to log in to a Compute Engine instance as a standard (non-administrator) user.
Compute OS Login
['compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.instances.osLogin', 'compute.projects.get', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.osLoginExternalUser
Access for an external user to set OS Login information associated with this organization. This role does not grant access to instances. External users must be granted one of the required OS Login IAM roles (https://cloud.google.com/compute/docs/instances/managing-instance-access#configure_users) in order to allow access to instances using SSH.
Compute OS Login External User
['compute.oslogin.updateExternalUser']
Copy Permissions GA
roles/compute.packetMirroringAdmin
Specify resources to be mirrored.
Compute packet mirroring admin
['compute.instances.updateSecurity', 'compute.networks.mirror', 'compute.projects.get', 'compute.subnetworks.mirror', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.packetMirroringUser
Use Compute Engine packet mirrorings.
Compute packet mirroring user
['compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.publicIpAdmin
Full control of public IP address management for Compute Engine.
Compute Public IP Admin
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalPublicDelegatedPrefixes.create', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.publicAdvertisedPrefixes.create', 'compute.publicAdvertisedPrefixes.delete', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicAdvertisedPrefixes.update', 'compute.publicAdvertisedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.create', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.computeAdmin
Admin of compute recommendations.
Compute Recommender Admin
['recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeAddressIdleResourceRecommendations.update', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceInsights.update', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.update', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceInsights.update', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.update', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsageInsights.update', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.update', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.update', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.update', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.update', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.update', 'recommender.computeInstanceIdleResourceRecommenderConfig.get', 'recommender.computeInstanceIdleResourceRecommenderConfig.update', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.update', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsageInsights.update', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.update', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.computeViewer
Viewer of compute recommendations.
Compute Recommender Viewer
['recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/compute.securityAdmin
Full control of Compute Engine security resources.
Compute Security Admin
['compute.backendBuckets.list', 'compute.backendServices.list', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.instanceSettings.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.list', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.updatePolicy', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.regionBackendServices.list', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetInstances.list', 'compute.targetPools.list', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.xpnAdmin
Can administer shared VPC network (XPN).
Compute Shared VPC Admin
['compute.globalOperations.get', 'compute.globalOperations.list', 'compute.organizations.disableXpnHost', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.projects.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.setIamPolicy', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/compute.soleTenantViewer
Permissions to view sole tenancy node groups
Compute Sole Tenant Viewer
['compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list']
Copy Permissions GA
roles/compute.storageAdmin
Full control of Compute Engine storage resources.
Compute Storage Admin
['compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceSettings.get', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/compute.viewer
Read-only access to get and list information about all Compute Engine resources, including instances, disks, and firewalls. Allows getting and listing information about disks, images, and snapshots, but does not allow reading the data stored on them.
Compute Viewer
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/confidentialcomputing.workloadUser
Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.
Confidential Space Workload User
['confidentialcomputing.challenges.create', 'confidentialcomputing.challenges.verify', 'confidentialcomputing.locations.get', 'confidentialcomputing.locations.list', 'logging.logEntries.create']
Copy Permissions GA
roles/krmapihosting.admin
Full access to all Config Controller resources.
Config Controller Admin
['krmapihosting.krmApiHosts.create', 'krmapihosting.krmApiHosts.delete', 'krmapihosting.krmApiHosts.get', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.krmApiHosts.setIamPolicy', 'krmapihosting.krmApiHosts.update', 'krmapihosting.locations.get', 'krmapihosting.locations.list', 'krmapihosting.operations.cancel', 'krmapihosting.operations.delete', 'krmapihosting.operations.get', 'krmapihosting.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/krmapihosting.viewer
Read-only access to all Config Controller resources.
Config Controller Viewer
['krmapihosting.krmApiHosts.get', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.locations.get', 'krmapihosting.locations.list', 'krmapihosting.operations.get', 'krmapihosting.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/configdelivery.resourceBundlePublisher
Grants read and write permissions to Config Delivery ResourceBundles and Releases.
Config Delivery Resource Bundle Publisher
['configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/configdelivery.serviceAgent
Gives the Config Delivery service account permission to manage resources
Config Delivery Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.repositories.get', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.memberships.get', 'iam.serviceAccounts.actAs']
Copy Permissions GA
roles/configdelivery.configDeliveryAdmin
Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.
ConfigDelivery Admin
['configdelivery.fleetPackages.create', 'configdelivery.fleetPackages.delete', 'configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.fleetPackages.update', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.cancel', 'configdelivery.operations.delete', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.delete', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.delete', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'configdelivery.rollouts.abort', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'configdelivery.rollouts.resume', 'configdelivery.rollouts.suspend', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/configdelivery.configDeliveryViewer
Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.
ConfigDelivery Viewer
['configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/gkehub.gatewayAdmin
Full access to Connect Gateway.
Connect Gateway Admin
['gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.gateway.stream', 'gkehub.memberships.get', 'serviceusage.services.get']
Copy Permissions GA
roles/gkehub.gatewayEditor
Edit access to Connect Gateway.
Connect Gateway Editor
['gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.memberships.get', 'serviceusage.services.get']
Copy Permissions GA
roles/gkehub.gatewayReader
Read-only access to Connect Gateway.
Connect Gateway Reader
['gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.memberships.get', 'serviceusage.services.get']
Copy Permissions GA
roles/dataconnectors.connectorAdmin
Full access to Data Connectors.
Connector Admin
['dataconnectors.connectors.create', 'dataconnectors.connectors.delete', 'dataconnectors.connectors.get', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.connectors.setIamPolicy', 'dataconnectors.connectors.update', 'dataconnectors.connectors.use', 'dataconnectors.locations.get', 'dataconnectors.locations.list', 'dataconnectors.operations.cancel', 'dataconnectors.operations.delete', 'dataconnectors.operations.get', 'dataconnectors.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/connectors.admin
Full access to all resources of Connectors Service.
Connector Admin
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.create', 'connectors.connections.delete', 'connectors.connections.executeSqlQuery', 'connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.getIamPolicy', 'connectors.connections.getRuntimeActionSchema', 'connectors.connections.getRuntimeEntitySchema', 'connectors.connections.list', 'connectors.connections.setIamPolicy', 'connectors.connections.update', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.create', 'connectors.customConnectorVersions.delete', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectorVersions.setIamPolicy', 'connectors.customConnectorVersions.update', 'connectors.customConnectors.create', 'connectors.customConnectors.delete', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.customConnectors.setIamPolicy', 'connectors.customConnectors.update', 'connectors.endpointAttachments.create', 'connectors.endpointAttachments.delete', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.endpointAttachments.setIamPolicy', 'connectors.endpointAttachments.update', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.create', 'connectors.eventSubscriptions.delete', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventSubscriptions.update', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.create', 'connectors.managedZones.delete', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.managedZones.setIamPolicy', 'connectors.managedZones.update', 'connectors.operations.cancel', 'connectors.operations.delete', 'connectors.operations.get', 'connectors.operations.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.regionalSettings.get', 'connectors.regionalSettings.update', 'connectors.runtimeconfig.get', 'connectors.schemaMetadata.refresh', 'connectors.settings.get', 'connectors.settings.update', 'connectors.versions.get', 'connectors.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.secrets.getIamPolicy']
Copy Permissions GA
roles/connectors.listener
Full Access to listen events by connections.
Connector Event Listener
['connectors.connections.listenEvent']
Copy Permissions GA
roles/connectors.invoker
Full Access to invoke all operations on Connections.
Connector Invoker
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list']
Copy Permissions GA
roles/dataconnectors.connectorUser
Access to use Data Connectors.
Connector User
['dataconnectors.connectors.get', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.connectors.use']
Copy Permissions BETA
roles/connectors.endpointAttachmentAdmin
Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Admin access to Connectors Endpoint Attachment resources.
Connectors Endpoint Attachment Admin
['connectors.endpointAttachments.create', 'connectors.endpointAttachments.delete', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.endpointAttachments.setIamPolicy', 'connectors.endpointAttachments.update', 'connectors.locations.get', 'connectors.locations.list']
Copy Permissions GA
roles/connectors.endpointAttachmentViewer
Endpoint Attachment is a regional resource which creates PSC connection endpoint for the given PSC Service Attachment. This role grants Read-only access to Connectors Endpoint Attachment resources
Connectors Endpoint Attachment Viewer
['connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.locations.get', 'connectors.locations.list']
Copy Permissions GA
roles/connectors.eventSubscriptionAdmin
Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Admin access to Connectors Subscription resources
Connectors Event Subscriptions Admin
['connectors.eventSubscriptions.create', 'connectors.eventSubscriptions.delete', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventSubscriptions.update']
Copy Permissions GA
roles/connectors.eventSubscriptionViewer
Event Subscription is a regional resource which creates subscriptions on events for a given connection within the given target project. This role grants Read-only access to Event Subscription resources.
Connectors Event Subscriptions Viewer
['connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list']
Copy Permissions GA
roles/connectors.managedZoneAdmin
Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Admin access to Connectors Managed Zone resources
Connectors Managed Zone Admin
['connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.create', 'connectors.managedZones.delete', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.managedZones.setIamPolicy', 'connectors.managedZones.update']
Copy Permissions GA
roles/connectors.managedZoneViewer
Managed Zone is a global resource which creates Cloud DNS Peering Zone with the given target project. This role grants Read-only access to Connectors Managed Zone resources.
Connectors Managed Zone Viewer
['connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list']
Copy Permissions GA
roles/connectors.serviceAgent
Grants Connectors Platform service account to manage customer resources
Connectors Platform Service Agent
['connectors.actions.list', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.list', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.list', 'connectors.customConnectors.get', 'connectors.customConnectors.list', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.list', 'connectors.entities.get', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.get', 'connectors.managedZones.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.runtimeconfig.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/connectors.viewer
Read-only access to Connectors all resources.
Connectors Viewer
['connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.getIamPolicy', 'connectors.connections.getRuntimeActionSchema', 'connectors.connections.getRuntimeEntitySchema', 'connectors.connections.list', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.operations.get', 'connectors.operations.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.regionalSettings.get', 'connectors.runtimeconfig.get', 'connectors.settings.get', 'connectors.versions.get', 'connectors.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/consumerprocurement.procurementAdmin
Allows managing purchases, consents at both billing account and project level.
Consumer Procurement Administrator
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.redeemPromotion', 'billing.credits.list', 'billing.resourceAssociations.create', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.allowProjectGrant', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.freeTrials.create', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/consumerprocurement.entitlementManager
Allows managing entitlements and enabling, disabling, and inspecting service states for a consumer project
Consumer Procurement Entitlement Manager
['commerceoffercatalog.offers.get', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.freeTrials.create', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/consumerprocurement.entitlementViewer
Allows inspecting entitlements and service states for a consumer project
Consumer Procurement Entitlement Viewer
['commerceoffercatalog.offers.get', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/consumerprocurement.eventsViewer
Allows viewing key events for an offer
Consumer Procurement Events Viewer
['consumerprocurement.events.get', 'consumerprocurement.events.list']
Copy Permissions GA
roles/consumerprocurement.licensePoolEditor
Allows managing license pools and license assignments.
Consumer Procurement License Pool Editor
['consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update']
Copy Permissions GA
roles/consumerprocurement.licensePoolViewer
Allows viewing license pools and license assignments.
Consumer Procurement License Pool Viewer
['consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get']
Copy Permissions GA
roles/consumerprocurement.orderAdmin
Allows managing purchases
Consumer Procurement Order Administrator
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.redeemPromotion', 'billing.credits.list', 'billing.resourceAssociations.create', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place']
Copy Permissions GA
roles/consumerprocurement.orderViewer
Allows inspecting purchases
Consumer Procurement Order Viewer
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.credits.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list']
Copy Permissions GA
roles/consumerprocurement.procurementViewer
Allows inspecting purchases, consents and entitlements and service states for a consumer project.
Consumer Procurement Viewer
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.credits.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/contactcenterinsights.editor
Grants read and write access to all Contact Center AI Insights resources.
Contact Center AI Insights editor
['contactcenterinsights.analyses.create', 'contactcenterinsights.analyses.delete', 'contactcenterinsights.analyses.get', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.create', 'contactcenterinsights.analysisRules.delete', 'contactcenterinsights.analysisRules.get', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.analysisRules.update', 'contactcenterinsights.conversations.create', 'contactcenterinsights.conversations.delete', 'contactcenterinsights.conversations.export', 'contactcenterinsights.conversations.get', 'contactcenterinsights.conversations.list', 'contactcenterinsights.conversations.update', 'contactcenterinsights.conversations.upload', 'contactcenterinsights.faqEntries.delete', 'contactcenterinsights.faqEntries.get', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqEntries.update', 'contactcenterinsights.faqModels.create', 'contactcenterinsights.faqModels.delete', 'contactcenterinsights.faqModels.get', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.faqModels.update', 'contactcenterinsights.feedbackLabels.create', 'contactcenterinsights.feedbackLabels.delete', 'contactcenterinsights.feedbackLabels.download', 'contactcenterinsights.feedbackLabels.get', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.feedbackLabels.update', 'contactcenterinsights.feedbackLabels.upload', 'contactcenterinsights.issueModels.create', 'contactcenterinsights.issueModels.delete', 'contactcenterinsights.issueModels.deploy', 'contactcenterinsights.issueModels.export', 'contactcenterinsights.issueModels.get', 'contactcenterinsights.issueModels.import', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issueModels.undeploy', 'contactcenterinsights.issueModels.update', 'contactcenterinsights.issues.create', 'contactcenterinsights.issues.delete', 'contactcenterinsights.issues.get', 'contactcenterinsights.issues.list', 'contactcenterinsights.issues.update', 'contactcenterinsights.operations.cancel', 'contactcenterinsights.operations.get', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.create', 'contactcenterinsights.phraseMatchers.delete', 'contactcenterinsights.phraseMatchers.get', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.phraseMatchers.update', 'contactcenterinsights.qaQuestions.create', 'contactcenterinsights.qaQuestions.delete', 'contactcenterinsights.qaQuestions.get', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaQuestions.update', 'contactcenterinsights.qaScorecardRevisions.create', 'contactcenterinsights.qaScorecardRevisions.delete', 'contactcenterinsights.qaScorecardRevisions.deploy', 'contactcenterinsights.qaScorecardRevisions.get', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecardRevisions.tune', 'contactcenterinsights.qaScorecardRevisions.undeploy', 'contactcenterinsights.qaScorecards.create', 'contactcenterinsights.qaScorecards.delete', 'contactcenterinsights.qaScorecards.get', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.qaScorecards.update', 'contactcenterinsights.settings.get', 'contactcenterinsights.settings.update', 'contactcenterinsights.views.create', 'contactcenterinsights.views.delete', 'contactcenterinsights.views.get', 'contactcenterinsights.views.list', 'contactcenterinsights.views.update']
Copy Permissions GA
roles/contactcenterinsights.serviceAgent
Allows Contact Center AI to read and write APIs including BigQuery, Dialogflow, and Storage.
Contact Center AI Insights Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.create', 'datalabeling.datasets.delete', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.import', 'datalabeling.operations.get', 'datalabeling.operations.list', 'dialogflow.conversationDatasets.create', 'dialogflow.conversationDatasets.delete', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.import', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.create', 'dialogflow.conversationModels.delete', 'dialogflow.conversationModels.deploy', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationModels.undeploy', 'dialogflow.conversationProfiles.get', 'dialogflow.documents.create', 'dialogflow.documents.delete', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.operations.get', 'dialogflow.participants.suggest', 'dialogflow.sessions.detectIntent', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'pubsub.topics.get', 'pubsub.topics.publish', 'serviceusage.services.use', 'speech.customClasses.get', 'speech.operations.get', 'speech.phraseSets.get', 'speech.recognizers.create', 'speech.recognizers.get', 'speech.recognizers.recognize', 'speech.recognizers.update', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/contactcenterinsights.viewer
Grants read access to all Contact Center AI Insights resources.
Contact Center AI Insights viewer
['contactcenterinsights.analyses.get', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.get', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.conversations.get', 'contactcenterinsights.conversations.list', 'contactcenterinsights.faqEntries.get', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqModels.get', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.feedbackLabels.get', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.issueModels.get', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issues.get', 'contactcenterinsights.issues.list', 'contactcenterinsights.operations.get', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.get', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.qaQuestions.get', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaScorecardRevisions.get', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecards.get', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.settings.get', 'contactcenterinsights.views.get', 'contactcenterinsights.views.list']
Copy Permissions GA
roles/contactcenteraiplatform.admin
Full access to Contact Center AI Platform resources.
Contact Center AI Platform Admin
['contactcenteraiplatform.contactCenters.create', 'contactcenteraiplatform.contactCenters.delete', 'contactcenteraiplatform.contactCenters.get', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.contactCenters.program', 'contactcenteraiplatform.contactCenters.queryQuota', 'contactcenteraiplatform.contactCenters.update', 'contactcenteraiplatform.locations.get', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.cancel', 'contactcenteraiplatform.operations.delete', 'contactcenteraiplatform.operations.get', 'contactcenteraiplatform.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contactcenteraiplatform.viewer
Readonly access to Contact Center AI Platform resources.
Contact Center AI Platform Viewer
['contactcenteraiplatform.contactCenters.get', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.locations.get', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.get', 'contactcenteraiplatform.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.admin
Access to all Container Analysis resources.
Container Analysis Admin
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.notes.setIamPolicy', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.setIamPolicy', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.notes.attacher
Can attach Container Analysis Occurrences to Notes.
Container Analysis Notes Attacher
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.get']
Copy Permissions GA
roles/containeranalysis.notes.editor
Can edit Container Analysis Notes.
Container Analysis Notes Editor
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.notes.viewer
Can view Container Analysis Notes.
Container Analysis Notes Viewer
['containeranalysis.notes.get', 'containeranalysis.notes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.occurrences.editor
Can edit Container Analysis Occurrences.
Container Analysis Occurrences Editor
['containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.notes.occurrences.viewer
Can view all Container Analysis Occurrences attached to a Note.
Container Analysis Occurrences for Notes Viewer
['containeranalysis.notes.get', 'containeranalysis.notes.listOccurrences']
Copy Permissions GA
roles/containeranalysis.occurrences.viewer
Can view Container Analysis Occurrences.
Container Analysis Occurrences Viewer
['containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containeranalysis.ServiceAgent
Gives Container Analysis API the access it needs to function
Container Analysis Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'containeranalysis.notes.list', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/containerregistry.ServiceAgent
Access for Container Registry
Container Registry Service Agent
['pubsub.topics.publish', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/containerscanning.ServiceAgent
Gives Container Scanner the access it needs to analyzecontainers for vulnerabilities and create occurrences using the Container Analysis API
Container Scanner Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'containeranalysis.notes.list', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/containerthreatdetection.serviceAgent
Gives Container Threat Detection service account access to enable/disable Container Threat Detection and manage the Container Threat Detection Agent on Google Kubernetes Engine clusters.
Container Threat Detection Service Agent
['container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.auditSinks.get', 'container.auditSinks.list', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.bindings.get', 'container.bindings.list', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.get', 'container.configMaps.list', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodes.get', 'container.csiNodes.list', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpoints.get', 'container.endpoints.list', 'container.events.get', 'container.events.list', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.leases.get', 'container.leases.list', 'container.limitRanges.get', 'container.limitRanges.list', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.petSets.get', 'container.petSets.list', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podPresets.get', 'container.podPresets.list', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.get', 'container.podTemplates.list', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.list', 'container.pods.portForward', 'container.pods.update', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.list', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.tokenReviews.create', 'container.updateInfos.get', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.get', 'container.volumeSnapshots.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.admin
Grants full access to all the resources in Content Warehouse
Content Warehouse Admin
['contentwarehouse.corpora.create', 'contentwarehouse.corpora.delete', 'contentwarehouse.corpora.get', 'contentwarehouse.corpora.list', 'contentwarehouse.corpora.update', 'contentwarehouse.dataExportJobs.create', 'contentwarehouse.dataExportJobs.update', 'contentwarehouse.documentSchemas.create', 'contentwarehouse.documentSchemas.delete', 'contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documentSchemas.update', 'contentwarehouse.documents.create', 'contentwarehouse.documents.delete', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.documents.setIamPolicy', 'contentwarehouse.documents.update', 'contentwarehouse.locations.getStatus', 'contentwarehouse.locations.initialize', 'contentwarehouse.operations.get', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.rawDocuments.upload', 'contentwarehouse.ruleSets.create', 'contentwarehouse.ruleSets.delete', 'contentwarehouse.ruleSets.get', 'contentwarehouse.ruleSets.list', 'contentwarehouse.ruleSets.update', 'contentwarehouse.synonymSets.create', 'contentwarehouse.synonymSets.delete', 'contentwarehouse.synonymSets.get', 'contentwarehouse.synonymSets.list', 'contentwarehouse.synonymSets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.documentAdmin
Grants full access to the document resource in Content Warehouse
Content Warehouse Document Admin
['contentwarehouse.documentSchemas.get', 'contentwarehouse.documents.create', 'contentwarehouse.documents.delete', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.setIamPolicy', 'contentwarehouse.documents.update', 'contentwarehouse.links.create', 'contentwarehouse.links.delete', 'contentwarehouse.links.get', 'contentwarehouse.links.update', 'contentwarehouse.locations.getStatus', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.rawDocuments.upload', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.documentCreator
Grants access to create document in Content Warehouse
Content Warehouse document creator
['contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documents.create', 'contentwarehouse.locations.getStatus', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.documentEditor
Grants access to update document resource in Content Warehouse
Content Warehouse Document Editor
['contentwarehouse.documentSchemas.get', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.update', 'contentwarehouse.links.create', 'contentwarehouse.links.delete', 'contentwarehouse.links.get', 'contentwarehouse.links.update', 'contentwarehouse.locations.getStatus', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.rawDocuments.upload', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.documentSchemaViewer
Grants access to view the document schemas in Content Warehouse
Content Warehouse document schema viewer
['contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.locations.getStatus', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/contentwarehouse.serviceAgent
Gives the Content Warehouse service account to manage customer resources
Content Warehouse Service Agent
['cloudfunctions.functions.invoke', 'documentai.datasets.createDocuments', 'documentai.processors.get', 'documentai.processors.processBatch', 'pubsub.topics.publish', 'pubsublite.topics.publish', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/contentwarehouse.documentViewer
Grants access to view all the resources in Content Warehouse
Content Warehouse Viewer
['contentwarehouse.documentSchemas.get', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.links.get', 'contentwarehouse.locations.getStatus', 'contentwarehouse.rawDocuments.download', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.serviceAccountCreator
Access to create service accounts.
Create Service Accounts
['iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/connectors.customConnectorViewer
Custom Connector is a global resource which creates custom connector within the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources.
Custom Connector Viewer
['connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.locations.get', 'connectors.locations.list']
Copy Permissions GA
roles/connectors.customConnectorAdmin
Custom Connector is a global resource which creates custom connector within the given target project. This role grants Admin access to Custom Connector resources
Custom Connectors Admin
['connectors.customConnectorVersions.create', 'connectors.customConnectorVersions.delete', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectorVersions.setIamPolicy', 'connectors.customConnectorVersions.update', 'connectors.customConnectors.create', 'connectors.customConnectors.delete', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.customConnectors.setIamPolicy', 'connectors.customConnectors.update', 'connectors.locations.get', 'connectors.locations.list']
Copy Permissions GA
roles/dialogflow.aamAdmin
An admin has access to all resources and can perform all administrative actions in an AAM project.
CX Premium Admin
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.aamConversationalArchitect
A Conversational Architect can label conversational data, approve taxonomy changes and design virtual agents for a customer's use cases.
CX Premium Conversational Architect
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.aamDialogDesigner
A Dialog Designer can label conversational data and propose taxonomy changes for virtual agent modeling.
CX Premium Dialog Designer
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.aamLeadDialogDesigner
A Dialog Designer Lead can label conversational data and approve taxonomy changes for virtual agent modeling.
CX Premium Lead Dialog Designer
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.aamViewer
A user can view the taxonomy and data reports in an AAM project.
CX Premium Viewer
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.admin
Full access to all DataCatalog resources
Data Catalog Admin
['bigquery.connections.get', 'bigquery.connections.updateTag', 'bigquery.datasets.get', 'bigquery.datasets.updateTag', 'bigquery.models.getMetadata', 'bigquery.models.updateTag', 'bigquery.routines.get', 'bigquery.routines.updateTag', 'bigquery.tables.get', 'bigquery.tables.updateTag', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'datacatalog.operations.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'datacatalog.taxonomies.update', 'dataplex.projects.search', 'pubsub.topics.get', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.tagEditor
Gives permission to modify tags on a GCP assets (BigQuery, Pub/Sub etc).
Data Catalog Tag Editor
['bigquery.connections.updateTag', 'bigquery.datasets.updateTag', 'bigquery.models.updateTag', 'bigquery.routines.updateTag', 'bigquery.tables.updateTag', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.updateTag', 'pubsub.topics.updateTag']
Copy Permissions GA
roles/datacatalog.tagTemplateCreator
Access to create new tag templates
Data Catalog TagTemplate Creator
['datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.get', 'dataplex.projects.search']
Copy Permissions GA
roles/datacatalog.tagTemplateOwner
Full acess to tag templates
Data Catalog TagTemplate Owner
['datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.tagTemplateUser
Access to use templates to tag resources
Data Catalog TagTemplate User
['datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.tagTemplateViewer
Read access to templates and tags created using the templates
Data Catalog TagTemplate Viewer
['datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.viewer
Grants metadata read permissions to cataloged GCP assets (BigQuery, Pub/Sub etc)
Data Catalog Viewer
['bigquery.connections.get', 'bigquery.datasets.get', 'bigquery.models.getMetadata', 'bigquery.routines.get', 'bigquery.tables.get', 'datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.list', 'datacatalog.migrationConfig.get', 'datacatalog.operations.list', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'dataplex.projects.search', 'pubsub.topics.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataconnectors.serviceAgent
Gives Data Connectors service agent permission to access the virtual private cloud
Data Connectors Service Agent
['compute.globalOperations.get', 'compute.networks.access', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions GA
roles/datalabeling.admin
Full access to all Data Labeling resources
Data Labeling Service Admin
['datalabeling.annotateddatasets.delete', 'datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.label', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.create', 'datalabeling.annotationspecsets.delete', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.create', 'datalabeling.datasets.delete', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.import', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.create', 'datalabeling.instructions.delete', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.cancel', 'datalabeling.operations.get', 'datalabeling.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datalabeling.serviceAgent
Gives Data Labeling service account read/write access to Cloud Storage, read/write BigQuery, update CMLE model versions, editor access to Annotation service and AutoML service.
Data Labeling Service Agent
['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.list', 'automl.models.predict', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/datalabeling.editor
Editor of all Data Labeling resources
Data Labeling Service Editor
['datalabeling.annotateddatasets.delete', 'datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.label', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.create', 'datalabeling.annotationspecsets.delete', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.create', 'datalabeling.datasets.delete', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.import', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.create', 'datalabeling.instructions.delete', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.cancel', 'datalabeling.operations.get', 'datalabeling.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datalabeling.viewer
Viewer of all Data Labeling resources
Data Labeling Service Viewer
['datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.get', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.get', 'datalabeling.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datalineage.admin
Grants full access to all resources in Data Lineage API
Data Lineage Administrator
['datalineage.events.create', 'datalineage.events.delete', 'datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.operations.get', 'datalineage.processes.create', 'datalineage.processes.delete', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.delete', 'datalineage.runs.get', 'datalineage.runs.list', 'datalineage.runs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datalineage.editor
Grants edit access to all resources in Data Lineage API
Data Lineage Editor
['datalineage.events.create', 'datalineage.events.delete', 'datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.operations.get', 'datalineage.processes.create', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.get', 'datalineage.runs.list', 'datalineage.runs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datalineage.producer
Grants access to creating all resources in Data Lineage API
Data Lineage Events Producer
['datalineage.events.create', 'datalineage.processes.create', 'datalineage.processes.get', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.get', 'datalineage.runs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datalineage.viewer
Grants read access to all resources in Data Lineage API
Data Lineage Viewer
['datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.runs.get', 'datalineage.runs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datapipelines.admin
Administrator of Data pipelines resources
Data pipelines Admin
['datapipelines.jobs.list', 'datapipelines.pipelines.create', 'datapipelines.pipelines.delete', 'datapipelines.pipelines.get', 'datapipelines.pipelines.list', 'datapipelines.pipelines.run', 'datapipelines.pipelines.stop', 'datapipelines.pipelines.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datapipelines.invoker
Invoker of Data pipelines jobs
Data pipelines Invoker
['datapipelines.pipelines.run', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datapipelines.viewer
Viewer of Data pipelines resources
Data pipelines Viewer
['datapipelines.jobs.list', 'datapipelines.pipelines.get', 'datapipelines.pipelines.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataprocessing.dataSourceManager
Data processing controls data source manager who can get, list, and update the underlying data.
Data Processing Controls Data Source Manager
['dataprocessing.datasources.list', 'dataprocessing.datasources.update']
Copy Permissions GA
roles/dataprocessing.admin
Data processing controls admin who can fully manage data processing controls settings and view all datasource data.
Data Processing Controls Resource Admin
['billing.accounts.get', 'billing.accounts.list', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.datasources.update', 'dataprocessing.featurecontrols.list', 'dataprocessing.featurecontrols.update', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'dataprocessing.groupcontrols.update']
Copy Permissions GA
roles/datastudio.admin
Data Studio Admin
Data Studio Admin
['datastudio.datasources.delete', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.setIamPolicy', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.delete', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.setIamPolicy', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.delete', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.moveOut', 'datastudio.workspaces.restoreTrash', 'datastudio.workspaces.search', 'datastudio.workspaces.setIamPolicy', 'datastudio.workspaces.trash', 'datastudio.workspaces.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datastudio.editor
Editor of a Data Studio resource
Data Studio Asset Editor
['datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.search', 'datastudio.datasources.update', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.search', 'datastudio.reports.update', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions BETA
roles/datastudio.viewer
Viewer of a Data Studio resource
Data Studio Asset Viewer
['datastudio.datasources.get', 'datastudio.datasources.search', 'datastudio.reports.get', 'datastudio.reports.search', 'resourcemanager.projects.get']
Copy Permissions BETA
roles/datastudio.serviceAgent
Grants Data Studio Service Account access to manage resources.
Data Studio Service Agent
['bigquery.jobs.create']
Copy Permissions GA
roles/datastudio.contentManager
Content Manager of a Data Studio resource
Data Studio Workspace Content Manager
['datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.search', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions BETA
roles/datastudio.contributor
Contributor of a Data Studio resource
Data Studio Workspace Contributor
['datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.update', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.search', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions BETA
roles/datastudio.manager
Manager of a Data Studio resource
Data Studio Workspace Manager
['datastudio.datasources.delete', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.setIamPolicy', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.delete', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.setIamPolicy', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.delete', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.moveOut', 'datastudio.workspaces.restoreTrash', 'datastudio.workspaces.search', 'datastudio.workspaces.setIamPolicy', 'datastudio.workspaces.trash', 'datastudio.workspaces.update', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions BETA
roles/datastudio.workspaceViewer
Viewer of a Data Studio Workspace
Data Studio Workspace Viewer
['datastudio.datasources.get', 'datastudio.datasources.search', 'datastudio.reports.get', 'datastudio.reports.search', 'datastudio.workspaces.get', 'datastudio.workspaces.search', 'resourcemanager.projects.get']
Copy Permissions BETA
roles/databasecenter.viewer
Viewer role for Database Center resource data
Database center viewer
['cloudaicompanion.entitlements.get', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/databaseinsights.monitoringViewer
Viewer role for Database Insights monitoring data
Database Insights monitoring viewer
['databaseinsights.activeQueries.fetch', 'databaseinsights.activitySummary.fetch', 'databaseinsights.aggregatedStats.query', 'databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.timeSeries.query', 'databaseinsights.workloadRecommendations.fetch', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/databaseinsights.operationsAdmin
Admin role for performing Database Insights operations
Database Insights performing operations
['databaseinsights.activeQuery.terminate']
Copy Permissions BETA
roles/databaseinsights.recommendationViewer
Viewer role for Database Insights recommendation data
Database Insights recommendation viewer
['databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.recommendations.query', 'databaseinsights.resourceRecommendations.query', 'databaseinsights.workloadRecommendations.fetch', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/databaseinsights.viewer
Viewer role for Database Insights data
Database Insights viewer
['databaseinsights.activeQueries.fetch', 'databaseinsights.activitySummary.fetch', 'databaseinsights.aggregatedStats.query', 'databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.recommendations.query', 'databaseinsights.resourceRecommendations.query', 'databaseinsights.timeSeries.query', 'databaseinsights.workloadRecommendations.fetch', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datamigration.admin
Full access to all resources of Database Migration.
Database Migration Admin
['cloudaicompanion.entitlements.get', 'datamigration.connectionprofiles.create', 'datamigration.connectionprofiles.delete', 'datamigration.connectionprofiles.get', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.connectionprofiles.setIamPolicy', 'datamigration.connectionprofiles.update', 'datamigration.conversionworkspaces.apply', 'datamigration.conversionworkspaces.commit', 'datamigration.conversionworkspaces.convert', 'datamigration.conversionworkspaces.create', 'datamigration.conversionworkspaces.delete', 'datamigration.conversionworkspaces.get', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.conversionworkspaces.rollback', 'datamigration.conversionworkspaces.seed', 'datamigration.conversionworkspaces.setIamPolicy', 'datamigration.conversionworkspaces.update', 'datamigration.locations.fetchStaticIps', 'datamigration.locations.get', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.mappingrules.import', 'datamigration.mappingrules.setIamPolicy', 'datamigration.migrationjobs.create', 'datamigration.migrationjobs.delete', 'datamigration.migrationjobs.demoteDestination', 'datamigration.migrationjobs.generateSshScript', 'datamigration.migrationjobs.generateTcpProxyScript', 'datamigration.migrationjobs.get', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.migrationjobs.promote', 'datamigration.migrationjobs.restart', 'datamigration.migrationjobs.resume', 'datamigration.migrationjobs.setIamPolicy', 'datamigration.migrationjobs.start', 'datamigration.migrationjobs.stop', 'datamigration.migrationjobs.update', 'datamigration.migrationjobs.verify', 'datamigration.objects.get', 'datamigration.objects.list', 'datamigration.operations.cancel', 'datamigration.operations.delete', 'datamigration.operations.get', 'datamigration.operations.list', 'datamigration.privateconnections.create', 'datamigration.privateconnections.delete', 'datamigration.privateconnections.get', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datamigration.privateconnections.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datamigration.serviceAgent
Gives Cloud Database Migration service account access to Cloud SQL resources.
Database Migration Service Agent
['alloydb.clusters.create', 'alloydb.clusters.delete', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.list', 'alloydb.clusters.update', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.get', 'alloydb.instances.list', 'alloydb.instances.update', 'alloydb.operations.get', 'alloydb.operations.list', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.get', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.migrate', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.restart', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.routers.list', 'compute.routes.get', 'compute.routes.list', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.update', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'networkmanagement.connectivitytests.list', 'serviceusage.services.use', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/datacatalog.dataSteward
Can update overview and data steward fields
DataCatalog Data Steward
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateOverview', 'datacatalog.entryGroups.get', 'datacatalog.migrationConfig.get', 'datacatalog.relationships.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datacatalog.entryOwner
Full access to entries
DataCatalog Entry Owner
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.entryViewer
Read access to entries
DataCatalog Entry Viewer
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entryGroups.get', 'datacatalog.migrationConfig.get', 'datacatalog.relationships.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.entryGroupCreator
Can create new entryGroups
DataCatalog EntryGroup Creator
['datacatalog.entryGroups.create', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.entryGroupOwner
Full access to entryGroups
DataCatalog EntryGroup Owner
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.glossaryOwner
Full access to glossaries
DataCatalog Glossary Owner
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'dataplex.projects.search']
Copy Permissions BETA
roles/datacatalog.glossaryUser
Can view glossaries and associate terms to entries
DataCatalog Glossary User
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'dataplex.projects.search']
Copy Permissions BETA
roles/datacatalog.migrationConfigAdmin
Full access to Migration Config
DataCatalog Migration Config Admin
['datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/datacatalog.searchAdmin
Can search all metadata for a project/org in DataCatalog
DataCatalog Search Admin
['datacatalog.catalogs.searchAll', 'dataplex.projects.search', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataflow.admin
Minimal role for creating and managing dataflow jobs.
Dataflow Admin
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'compute.machineTypes.get', 'compute.projects.get', 'compute.regions.list', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/dataflow.developer
Full operational access to Dataflow jobs.
Dataflow Developer
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'compute.projects.get', 'compute.regions.list', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.dataflowDiagnosticsAdmin
Admin of Diagnostics recommendations.
Dataflow Diagnostics Admin
['recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.dataflowDiagnosticsViewer
Viewer of Diagnostics recommendations.
Dataflow Diagnostics Viewer
['recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataflow.viewer
Read only access to Dataflow jobs.
Dataflow Viewer
['dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataflow.worker
Worker access to Dataflow. Intended for service accounts.
Dataflow Worker
['autoscaling.sites.readRecommendations', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'compute.instanceGroupManagers.update', 'compute.instances.delete', 'compute.instances.setDiskAutoDelete', 'dataflow.jobs.get', 'dataflow.shuffle.read', 'dataflow.shuffle.write', 'dataflow.streamingWorkItems.ImportState', 'dataflow.streamingWorkItems.commitWork', 'dataflow.streamingWorkItems.getData', 'dataflow.streamingWorkItems.getWork', 'dataflow.streamingWorkItems.getWorkerMetadata', 'dataflow.workItems.lease', 'dataflow.workItems.sendMessage', 'dataflow.workItems.update', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.timeSeries.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get']
Copy Permissions GA
roles/dataform.admin
Full access to all Dataform resources.
Dataform Admin
['dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataform.editor
Edit access to Workspaces and Read-only access to Repositories.
Dataform Editor
['dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.writeFile', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataform.serviceAgent
Gives permission for the Dataform API to access a secret from Secret Manager
Dataform Service Agent
['dataform.compilationResults.create', 'dataform.workflowInvocations.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataform.viewer
Read-only access to all Dataform resources.
Dataform Viewer
['dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.list', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.searchFiles', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datapipelines.serviceAgent
Gives Datapipelines service permissions to create Dataflow & Cloud Scheduler jobs in the user project.
Datapipelines Service Agent
['appengine.applications.get', 'bigquery.tables.get', 'bigtable.tables.get', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'compute.machineTypes.get', 'compute.projects.get', 'compute.regions.list', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'orgpolicy.policy.get', 'pubsub.schemas.get', 'pubsub.topics.get', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/dataplex.admin
Full access to Dataplex resources, except Dataplex Catalog.
Dataplex Administrator
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.setIamPolicy', 'dataplex.assets.update', 'dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.entryGroups.export', 'dataplex.entryGroups.import', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.setIamPolicy', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.setIamPolicy', 'dataplex.lakes.update', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.setIamPolicy', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.setIamPolicy', 'dataplex.zones.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.aspectTypeOwner
Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.
Dataplex Aspect Type Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.aspectTypeUser
Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.
Dataplex Aspect Type User
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.bindingAdmin
Full access on DataAttribute Bindig resources.
Dataplex Binding Administrator
['dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update']
Copy Permissions GA
roles/dataplex.catalogAdmin
Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.
Dataplex Catalog Admin
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.catalogEditor
Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources
Dataplex Catalog Editor
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.catalogViewer
Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.
Dataplex Catalog Viewer
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.dataOwner
Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Owner
['dataplex.assets.ownData', 'dataplex.assets.readData', 'dataplex.assets.writeData']
Copy Permissions GA
roles/dataplex.dataReader
Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Reader
['dataplex.assets.readData']
Copy Permissions GA
roles/dataplex.dataWriter
Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Writer
['dataplex.assets.writeData']
Copy Permissions GA
roles/dataplex.dataScanAdmin
Full access to DataScan resources.
Dataplex DataScan Administrator
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions GA
roles/dataplex.dataScanCreator
Access to create new DataScan resources.
Dataplex DataScan Creator
['dataplex.datascans.create', 'dataplex.datascans.get', 'dataplex.datascans.list', 'dataplex.operations.get']
Copy Permissions GA
roles/dataplex.dataScanDataViewer
Read access to DataScan resources and additional contents.
Dataplex DataScan DataViewer
['dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions GA
roles/dataplex.dataScanEditor
Write access to DataScan resources.
Dataplex DataScan Editor
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions GA
roles/dataplex.dataScanViewer
Read access to DataScan resources.
Dataplex DataScan Viewer
['dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions GA
roles/dataplex.developer
Allows running data analytics workloads in a lake.
Dataplex Developer
['dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update']
Copy Permissions GA
roles/dataplex.discoveryBigLakePublishingServiceAgent
Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.
Dataplex Discovery BigLake Publishing Service Agent
['bigquery.connections.delegate', 'bigquery.connections.use']
Copy Permissions ALPHA
roles/dataplex.discoveryPublishingServiceAgent
Gives the Dataplex Discovery Service Agent dataset create and get permissions.
Dataplex Discovery Publishing Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get']
Copy Permissions ALPHA
roles/dataplex.discoveryServiceAgent
Gives the Dataplex Discovery Service Agent bucket read permissions.
Dataplex Discovery Service Agent
['storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions ALPHA
roles/dataplex.editor
Write access to Dataplex resources.
Dataplex Editor
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.update', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.update', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.update']
Copy Permissions GA
roles/dataplex.entryGroupExporter
Grants access to export this entry group for Metadata Job processing.
Dataplex Entry Group Exporter
['dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataplex.entryGroupImporter
Grants access to import this entry group for Metadata Job processing.
Dataplex Entry Group Importer
['dataplex.entryGroups.get', 'dataplex.entryGroups.import', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataplex.entryGroupOwner
Owns Entry Groups and Entries inside of them.
Dataplex Entry Group Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.entryOwner
Owns Metadata Entries.
Dataplex Entry Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.get', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.entryTypeOwner
Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.
Dataplex Entry Type Owner
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.entryTypeUser
Grants access to use Entry Types to create/modify Entries of those types.
Dataplex Entry Type User
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.metadataJobOwner
Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.
Dataplex Metadata Job Owner
['dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataplex.metadataJobViewer
Read access to Metadata Job resources.
Dataplex Metadata Job Viewer
['dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataplex.metadataReader
Read only access to metadata.
Dataplex Metadata Reader
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.metadataWriter
Write and Read access to metadata.
Dataplex Metadata Writer
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataplex.securityAdmin
Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.
Dataplex Security Administrator
['dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess']
Copy Permissions GA
roles/dataplex.storageDataOwner
Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Owner
['bigquery.datasets.get', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/dataplex.storageDataReader
Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Reader
['bigquery.datasets.get', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/dataplex.storageDataWriter
Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Writer
['bigquery.tables.updateData', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.update']
Copy Permissions GA
roles/dataplex.taxonomyAdmin
Full access to DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Administrator
['dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update']
Copy Permissions GA
roles/dataplex.taxonomyViewer
Read access on DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Viewer
['dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list']
Copy Permissions GA
roles/dataplex.viewer
Read access to Dataplex resources.
Dataplex Viewer
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.lakeActions.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.zoneActions.list', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list']
Copy Permissions GA
roles/dataprep.serviceAgent
Dataprep service identity. Includes access to service accounts.
Dataprep Service Agent
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.list', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'orgpolicy.policy.get', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/dataprep.projects.user
Use of Dataprep.
Dataprep User
['dataprep.projects.use', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/dataproc.admin
Full control of Dataproc resources.
Dataproc Administrator
['compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.projects.get', 'compute.regions.get', 'compute.regions.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.setIamPolicy', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.clusters.setIamPolicy', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.jobs.setIamPolicy', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.operations.setIamPolicy', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.terminate', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.setIamPolicy', 'dataproc.workflowTemplates.update', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.update', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataproc.editor
Full control of Dataproc resources. Allows viewing all networks.
Dataproc Editor
['compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.projects.get', 'compute.regions.get', 'compute.regions.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.list', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.terminate', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.update', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.update', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataproc.hubAgent
Allows management of Dataproc resources. Intended for service accounts running Dataproc Hub instances.
Dataproc Hub Agent
['compute.instances.get', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.zoneOperations.get', 'compute.zones.list', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.clusters.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/metastore.admin
Full access to all Dataproc Metastore resources.
Dataproc Metastore Admin
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.setIamPolicy', 'metastore.backups.use', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.federations.setIamPolicy', 'metastore.federations.update', 'metastore.federations.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'metastore.services.setIamPolicy', 'metastore.services.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/metastore.metadataOwner
Full access to the metadata of databases and tables under those databases.
Dataproc Metastore Data Owner
['metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.setIamPolicy', 'metastore.databases.update', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.setIamPolicy', 'metastore.tables.update']
Copy Permissions GA
roles/metastore.editor
Read and write access to all Dataproc Metastore resources.
Dataproc Metastore Editor
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.list', 'metastore.backups.use', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.list', 'metastore.federations.update', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'metastore.services.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/metastore.migrationAdmin
Access to Dataproc Metastore Managed Migration resources and workflow.
Dataproc Metastore Managed Migration Admin
['cloudsql.instances.connect', 'cloudsql.instances.get', 'cloudsql.instances.login', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.disks.create', 'compute.disks.delete', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.use', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.delete', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.get', 'compute.instances.setMetadata', 'compute.machineTypes.list', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.serviceAttachments.create', 'compute.serviceAttachments.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.zones.list', 'datastream.connectionProfiles.create', 'datastream.connectionProfiles.delete', 'datastream.objects.get', 'datastream.objects.list', 'datastream.objects.startBackfillJob', 'datastream.objects.stopBackfillJob', 'datastream.operations.get', 'datastream.privateConnections.create', 'datastream.privateConnections.delete', 'datastream.streams.create', 'datastream.streams.delete', 'datastream.streams.get', 'datastream.streams.update']
Copy Permissions GA
roles/metastore.metadataEditor
Access to read and modify the metadata of databases and tables under those databases.
Dataproc Metastore Metadata Editor
['metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.update', 'metastore.services.get', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.update']
Copy Permissions GA
roles/metastore.metadataMutateAdmin
Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.
Dataproc Metastore Metadata Mutate Admin
['metastore.services.mutateMetadata']
Copy Permissions GA
roles/metastore.metadataOperator
Read-only access to Dataproc Metastore resources with additional metadata operations permission.
Dataproc Metastore Metadata Operator
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.list', 'metastore.backups.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/metastore.metadataQueryAdmin
Access to query metadata from a Dataproc Metastore service's underlying metadata store.
Dataproc Metastore Metadata Query Admin
['metastore.services.queryMetadata']
Copy Permissions GA
roles/metastore.metadataUser
Access to the Dataproc Metastore gRPC endpoint
Dataproc Metastore Metadata User
['metastore.databases.get', 'metastore.databases.list', 'metastore.services.get', 'metastore.services.use']
Copy Permissions GA
roles/metastore.metadataViewer
Access to read the metadata of databases and tables under those databases
Dataproc Metastore Metadata Viewer
['metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.services.get', 'metastore.services.use', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list']
Copy Permissions GA
roles/metastore.serviceAgent
Gives the Dataproc Metastore service account access to managed resources.
Dataproc Metastore Service Agent
['compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.updatePeering', 'compute.networks.use', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'dns.changes.create', 'dns.changes.get', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'metastore.databases.get', 'metastore.databases.setIamPolicy', 'metastore.databases.update', 'metastore.federations.use', 'metastore.services.get', 'metastore.tables.get', 'metastore.tables.setIamPolicy', 'metastore.tables.update', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/metastore.user
Read-only access to all Dataproc Metastore resources.
Dataproc Metastore Viewer
['metastore.backups.get', 'metastore.backups.list', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.imports.get', 'metastore.imports.list', 'metastore.locations.get', 'metastore.locations.list', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataprocrm.admin
Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.
Dataproc Resource Manager Admin
['dataprocrm.locations.get', 'dataprocrm.locations.list', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.nodes.update', 'dataprocrm.operations.cancel', 'dataprocrm.operations.delete', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataprocrm.nodeServiceAgent
Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions.
Dataproc Resource Manager Node Service Agent
['dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.mintOAuthToken', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/dataprocrm.viewer
Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.
Dataproc Resource Manager Viewer
['dataprocrm.locations.get', 'dataprocrm.locations.list', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodes.get', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dataproc.serviceAgent
Gives Dataproc Service Account access to service accounts, compute resources, storage resources, and kubernetes resources. Includes access to service accounts.
Dataproc Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.list', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.list', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.licenses.get', 'compute.licenses.list', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeTypes.get', 'compute.projects.get', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.list', 'compute.resourcePolicies.useReadOnly', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.get', 'container.clusters.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.namespaces.list', 'container.namespaces.update', 'container.operations.get', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.escalate', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.clusters.setIamPolicy', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.jobs.setIamPolicy', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.sessionTemplates.get', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.sparkApplicationWrite', 'dataproc.sessions.terminate', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.nodes.update', 'dataprocrm.operations.cancel', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'metastore.services.get', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.bind', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/dataproc.viewer
Read-only access to Dataproc resources.
Dataproc Viewer
['compute.machineTypes.get', 'compute.regions.get', 'compute.regions.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.batches.analyze', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.nodeGroups.get', 'dataproc.operations.get', 'dataproc.operations.list', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dataproc.worker
Worker access to Dataproc. Intended for service accounts.
Dataproc Worker
['cloudprofiler.profiles.create', 'cloudprofiler.profiles.update', 'dataproc.agents.create', 'dataproc.agents.delete', 'dataproc.agents.get', 'dataproc.agents.list', 'dataproc.agents.update', 'dataproc.batches.sparkApplicationWrite', 'dataproc.sessions.sparkApplicationWrite', 'dataproc.tasks.lease', 'dataproc.tasks.listInvalidatedLeases', 'dataproc.tasks.reportStatus', 'dataprocrm.nodes.mintOAuthToken', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'storage.buckets.get', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/datastream.admin
Full access to all Datastream resources.
Datastream Admin
['datastream.connectionProfiles.create', 'datastream.connectionProfiles.createTagBinding', 'datastream.connectionProfiles.delete', 'datastream.connectionProfiles.deleteTagBinding', 'datastream.connectionProfiles.destinationTypes', 'datastream.connectionProfiles.discover', 'datastream.connectionProfiles.get', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listStaticServiceIps', 'datastream.connectionProfiles.listTagBindings', 'datastream.connectionProfiles.setIamPolicy', 'datastream.connectionProfiles.sourceTypes', 'datastream.connectionProfiles.update', 'datastream.locations.fetchStaticIps', 'datastream.locations.get', 'datastream.locations.list', 'datastream.objects.get', 'datastream.objects.list', 'datastream.objects.startBackfillJob', 'datastream.objects.stopBackfillJob', 'datastream.operations.cancel', 'datastream.operations.delete', 'datastream.operations.get', 'datastream.operations.list', 'datastream.privateConnections.create', 'datastream.privateConnections.createTagBinding', 'datastream.privateConnections.delete', 'datastream.privateConnections.deleteTagBinding', 'datastream.privateConnections.get', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.privateConnections.setIamPolicy', 'datastream.routes.create', 'datastream.routes.delete', 'datastream.routes.get', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.routes.setIamPolicy', 'datastream.streams.computeState', 'datastream.streams.create', 'datastream.streams.createTagBinding', 'datastream.streams.delete', 'datastream.streams.deleteTagBinding', 'datastream.streams.fetchErrors', 'datastream.streams.get', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'datastream.streams.pause', 'datastream.streams.resume', 'datastream.streams.setIamPolicy', 'datastream.streams.start', 'datastream.streams.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datastream.serviceAgent
Grants Cloud Datastream permissions to write data in the user project.
Datastream Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.update', 'bigquery.tables.updateData', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.use', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'pubsub.topics.publish', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/datastream.viewer
Read-only access to all Datastream resources.
Datastream Viewer
['datastream.connectionProfiles.destinationTypes', 'datastream.connectionProfiles.discover', 'datastream.connectionProfiles.get', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listStaticServiceIps', 'datastream.connectionProfiles.listTagBindings', 'datastream.connectionProfiles.sourceTypes', 'datastream.locations.fetchStaticIps', 'datastream.locations.get', 'datastream.locations.list', 'datastream.objects.get', 'datastream.objects.list', 'datastream.operations.get', 'datastream.operations.list', 'datastream.privateConnections.get', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.routes.get', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.streams.fetchErrors', 'datastream.streams.get', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.serviceAccountDeleter
Access to delete service accounts.
Delete Service Accounts
['iam.serviceAccounts.delete', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dellemccloudonefs.admin
This role is managed by Dell EMC, not Google.
Dell EMC Cloud OneFS Admin
['cloudonefs.isiloncloud.com/clusters.create', 'cloudonefs.isiloncloud.com/clusters.delete', 'cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/clusters.update', 'cloudonefs.isiloncloud.com/clusters.updateAdvancedSettings', 'cloudonefs.isiloncloud.com/fileshares.create', 'cloudonefs.isiloncloud.com/fileshares.delete', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudonefs.isiloncloud.com/fileshares.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dellemccloudonefs.user
This role is managed by Dell EMC, not Google.
Dell EMC Cloud OneFS User
['cloudonefs.isiloncloud.com/clusters.create', 'cloudonefs.isiloncloud.com/clusters.delete', 'cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/clusters.update', 'cloudonefs.isiloncloud.com/fileshares.create', 'cloudonefs.isiloncloud.com/fileshares.delete', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudonefs.isiloncloud.com/fileshares.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dellemccloudonefs.viewer
This role is managed by Dell EMC, not Google.
Dell EMC Cloud OneFS Viewer
['cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iam.denyAdmin
Deny admin role, with permissions to read and modify deny policies
Deny Admin
['iam.denypolicies.create', 'iam.denypolicies.delete', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.denypolicies.update']
Copy Permissions GA
roles/iam.denyReviewer
Deny Reviewer role, with permissions to read deny policies
Deny Reviewer
['iam.denypolicies.get', 'iam.denypolicies.list']
Copy Permissions GA
roles/deploymentmanager.editor
Read and Write access to all Deployment Manager resources.
Deployment Manager Editor
['deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/deploymentmanager.typeEditor
Read and Write access to all Type Registry resources.
Deployment Manager Type Editor
['deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.operations.get', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get']
Copy Permissions GA
roles/deploymentmanager.typeViewer
Read-only access to all Type Registry resources.
Deployment Manager Type Viewer
['deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get']
Copy Permissions GA
roles/deploymentmanager.viewer
Read-only access to all Deployment Manager resources.
Deployment Manager Viewer
['deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/designcenter.serviceAgent
Gives the DesignCenter API Service Account access to necessary GCP resources.
DesignCenter Service Agent
['storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions ALPHA
roles/developerconnect.admin
Full access to Developer Connect resources.
Developer Connect Admin
['developerconnect.connections.constructGitHubAppManifest', 'developerconnect.connections.create', 'developerconnect.connections.delete', 'developerconnect.connections.fetchGitHubInstallations', 'developerconnect.connections.fetchLinkableGitRepositories', 'developerconnect.connections.generateGitHubStateToken', 'developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.connections.processGitHubAppCreationCallback', 'developerconnect.connections.processGitHubOAuthCallback', 'developerconnect.connections.update', 'developerconnect.gitRepositoryLinks.create', 'developerconnect.gitRepositoryLinks.delete', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.cancel', 'developerconnect.operations.delete', 'developerconnect.operations.get', 'developerconnect.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/developerconnect.readTokenAccessor
Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
Developer Connect Read Token Accessor
['developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.get']
Copy Permissions BETA
roles/developerconnect.tokenAccessor
Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.
Developer Connect Token Accessor
['developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.fetchReadWriteToken', 'developerconnect.gitRepositoryLinks.get']
Copy Permissions BETA
roles/developerconnect.user
Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository
Developer Connect User
['developerconnect.connections.fetchGitHubInstallations', 'developerconnect.connections.fetchLinkableGitRepositories', 'developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.get', 'developerconnect.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/developerconnect.viewer
Readonly access to Developer Connect resources.
Developer Connect Viewer
['developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.get', 'developerconnect.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/dialogflow.agentAssistClient
Can create and handle live conversations using Agent Assist features.
Dialogflow Agent Assist Client
['dialogflow.answerrecords.delete', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.answerrecords.update', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.generators.get', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.sessions.detectIntent']
Copy Permissions GA
roles/dialogflow.admin
Can query for intent; read & write session properties; read & write agent properties.
Dialogflow API Admin
['dialogflow.agents.create', 'dialogflow.agents.delete', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.import', 'dialogflow.agents.list', 'dialogflow.agents.restore', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.agents.train', 'dialogflow.agents.update', 'dialogflow.agents.validate', 'dialogflow.answerrecords.delete', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.answerrecords.update', 'dialogflow.callMatchers.create', 'dialogflow.callMatchers.delete', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversationDatasets.create', 'dialogflow.conversationDatasets.delete', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.import', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.create', 'dialogflow.conversationModels.delete', 'dialogflow.conversationModels.deploy', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationModels.undeploy', 'dialogflow.conversationProfiles.create', 'dialogflow.conversationProfiles.delete', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversationProfiles.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.create', 'dialogflow.documents.delete', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.encryptionspec.update', 'dialogflow.entityTypes.create', 'dialogflow.entityTypes.createEntity', 'dialogflow.entityTypes.delete', 'dialogflow.entityTypes.deleteEntity', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.entityTypes.update', 'dialogflow.entityTypes.updateEntity', 'dialogflow.environments.create', 'dialogflow.environments.delete', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.environments.runContinuousTest', 'dialogflow.environments.update', 'dialogflow.examples.create', 'dialogflow.examples.delete', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.examples.update', 'dialogflow.experiments.create', 'dialogflow.experiments.delete', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.experiments.update', 'dialogflow.flows.create', 'dialogflow.flows.delete', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.flows.train', 'dialogflow.flows.update', 'dialogflow.flows.validate', 'dialogflow.fulfillments.get', 'dialogflow.fulfillments.update', 'dialogflow.generators.create', 'dialogflow.generators.delete', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.generators.update', 'dialogflow.integrations.create', 'dialogflow.integrations.delete', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.integrations.update', 'dialogflow.intents.create', 'dialogflow.intents.delete', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.intents.update', 'dialogflow.knowledgeBases.create', 'dialogflow.knowledgeBases.delete', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.knowledgeBases.update', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.create', 'dialogflow.pages.delete', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.pages.update', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.phoneNumberOrders.cancel', 'dialogflow.phoneNumberOrders.create', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumberOrders.update', 'dialogflow.phoneNumbers.delete', 'dialogflow.phoneNumbers.list', 'dialogflow.phoneNumbers.undelete', 'dialogflow.phoneNumbers.update', 'dialogflow.playbooks.create', 'dialogflow.playbooks.delete', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.playbooks.update', 'dialogflow.securitySettings.create', 'dialogflow.securitySettings.delete', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.securitySettings.update', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent', 'dialogflow.smartMessagingEntries.create', 'dialogflow.smartMessagingEntries.delete', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.create', 'dialogflow.testcases.delete', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.import', 'dialogflow.testcases.list', 'dialogflow.testcases.run', 'dialogflow.testcases.update', 'dialogflow.tools.create', 'dialogflow.tools.delete', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.tools.update', 'dialogflow.transitionRouteGroups.create', 'dialogflow.transitionRouteGroups.delete', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.transitionRouteGroups.update', 'dialogflow.versions.create', 'dialogflow.versions.delete', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.versions.load', 'dialogflow.versions.update', 'dialogflow.webhooks.create', 'dialogflow.webhooks.delete', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'dialogflow.webhooks.update', 'resourcemanager.projects.get']
Copy Permissions GA
roles/dialogflow.client
Can call all methods on sessions and conversations resources as well as their descendants.
Dialogflow API Client
['dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.environments.runContinuousTest', 'dialogflow.messages.list', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent']
Copy Permissions GA
roles/dialogflow.reader
Can read agent and session properties; cannot query for intent.
Dialogflow API Reader
['dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/dialogflow.consoleAgentEditor
Can edit agent in Dialogflow Console
Dialogflow Console Agent Editor
['actions.agentVersions.create', 'dialogflow.agents.create', 'dialogflow.agents.delete', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.import', 'dialogflow.agents.list', 'dialogflow.agents.restore', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.agents.train', 'dialogflow.agents.update', 'dialogflow.agents.validate', 'dialogflow.answerrecords.delete', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.answerrecords.update', 'dialogflow.callMatchers.create', 'dialogflow.callMatchers.delete', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversationDatasets.create', 'dialogflow.conversationDatasets.delete', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.import', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.create', 'dialogflow.conversationModels.delete', 'dialogflow.conversationModels.deploy', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationModels.undeploy', 'dialogflow.conversationProfiles.create', 'dialogflow.conversationProfiles.delete', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversationProfiles.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.create', 'dialogflow.documents.delete', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.encryptionspec.update', 'dialogflow.entityTypes.create', 'dialogflow.entityTypes.createEntity', 'dialogflow.entityTypes.delete', 'dialogflow.entityTypes.deleteEntity', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.entityTypes.update', 'dialogflow.entityTypes.updateEntity', 'dialogflow.environments.create', 'dialogflow.environments.delete', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.environments.runContinuousTest', 'dialogflow.environments.update', 'dialogflow.examples.create', 'dialogflow.examples.delete', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.examples.update', 'dialogflow.experiments.create', 'dialogflow.experiments.delete', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.experiments.update', 'dialogflow.flows.create', 'dialogflow.flows.delete', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.flows.train', 'dialogflow.flows.update', 'dialogflow.flows.validate', 'dialogflow.fulfillments.get', 'dialogflow.fulfillments.update', 'dialogflow.generators.create', 'dialogflow.generators.delete', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.generators.update', 'dialogflow.integrations.create', 'dialogflow.integrations.delete', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.integrations.update', 'dialogflow.intents.create', 'dialogflow.intents.delete', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.intents.update', 'dialogflow.knowledgeBases.create', 'dialogflow.knowledgeBases.delete', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.knowledgeBases.update', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.create', 'dialogflow.pages.delete', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.pages.update', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.phoneNumberOrders.cancel', 'dialogflow.phoneNumberOrders.create', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumberOrders.update', 'dialogflow.phoneNumbers.delete', 'dialogflow.phoneNumbers.list', 'dialogflow.phoneNumbers.undelete', 'dialogflow.phoneNumbers.update', 'dialogflow.playbooks.create', 'dialogflow.playbooks.delete', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.playbooks.update', 'dialogflow.securitySettings.create', 'dialogflow.securitySettings.delete', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.securitySettings.update', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent', 'dialogflow.smartMessagingEntries.create', 'dialogflow.smartMessagingEntries.delete', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.create', 'dialogflow.testcases.delete', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.import', 'dialogflow.testcases.list', 'dialogflow.testcases.run', 'dialogflow.testcases.update', 'dialogflow.tools.create', 'dialogflow.tools.delete', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.tools.update', 'dialogflow.transitionRouteGroups.create', 'dialogflow.transitionRouteGroups.delete', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.transitionRouteGroups.update', 'dialogflow.versions.create', 'dialogflow.versions.delete', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.versions.load', 'dialogflow.versions.update', 'dialogflow.webhooks.create', 'dialogflow.webhooks.delete', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'dialogflow.webhooks.update', 'resourcemanager.projects.get']
Copy Permissions GA
roles/dialogflow.consoleSimulatorUser
Can perform query of dialogflow suggestions in the simulator in web console.
Dialogflow Console Simulator User
['dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.sessions.detectIntent', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.consoleSmartMessagingAllowlistEditor
Can edit allowlist for smart messaging associated with conversation model in the agent assist console
Dialogflow Console Smart Messaging Allowlist Editor
['dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.operations.get', 'dialogflow.smartMessagingEntries.create', 'dialogflow.smartMessagingEntries.delete', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dialogflow.conversationManager
Can manage all the resources related to Dialogflow Conversations.
Dialogflow Conversation Manager
['dialogflow.conversationProfiles.create', 'dialogflow.conversationProfiles.delete', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversationProfiles.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update']
Copy Permissions GA
roles/dialogflow.entityTypeAdmin
Can read & write entity types.
Dialogflow Entity Type Admin
['dialogflow.entityTypes.create', 'dialogflow.entityTypes.createEntity', 'dialogflow.entityTypes.delete', 'dialogflow.entityTypes.deleteEntity', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.entityTypes.update', 'dialogflow.entityTypes.updateEntity']
Copy Permissions GA
roles/dialogflow.environmentEditor
Can read & update environment and its sub-resources.
Dialogflow Environment editor
['dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.environments.runContinuousTest', 'dialogflow.environments.update', 'dialogflow.experiments.create', 'dialogflow.experiments.delete', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.experiments.update']
Copy Permissions GA
roles/dialogflow.flowEditor
Can read & update flow and its sub-resources.
Dialogflow Flow editor
['dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.flows.train', 'dialogflow.flows.update', 'dialogflow.flows.validate', 'dialogflow.pages.create', 'dialogflow.pages.delete', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.pages.update', 'dialogflow.transitionRouteGroups.create', 'dialogflow.transitionRouteGroups.delete', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.transitionRouteGroups.update', 'dialogflow.versions.create', 'dialogflow.versions.delete', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.versions.load', 'dialogflow.versions.update']
Copy Permissions GA
roles/dialogflow.integrationManager
Can add, remove, enable and disable Dialogflow integrations.
Dialogflow Integration Manager
['dialogflow.integrations.create', 'dialogflow.integrations.delete', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.integrations.update']
Copy Permissions GA
roles/dialogflow.intentAdmin
Can read & write intents.
Dialogflow Intent Admin
['dialogflow.intents.create', 'dialogflow.intents.delete', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.intents.update']
Copy Permissions GA
roles/dialogflow.serviceAgent
Gives Dialogflow Service Account access to resources on behalf of user project for Integrations (Facebook Messenger, Slack, Telephony, etc.), BigQuery, Discovery Engine, Integration Connectors, and Vertex.
Dialogflow Service Agent
['aiplatform.endpoints.get', 'aiplatform.endpoints.predict', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.models.get', 'bigquery.jobs.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.updateData', 'cloudfunctions.functions.invoke', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'connectors.operations.get', 'connectors.versions.get', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.list', 'dialogflow.environments.runContinuousTest', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'discoveryengine.collections.list', 'discoveryengine.dataStores.create', 'discoveryengine.dataStores.list', 'discoveryengine.engines.create', 'discoveryengine.engines.delete', 'discoveryengine.engines.get', 'discoveryengine.engines.update', 'discoveryengine.servingConfigs.search', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'logging.logEntries.create', 'logging.logEntries.route', 'pubsub.snapshots.seek', 'pubsub.subscriptions.consume', 'pubsub.topics.attachSubscription', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.jobs.run', 'run.routes.invoke', 'serviceusage.services.use', 'speakerid.phrases.create', 'speakerid.phrases.delete', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.speakers.create', 'speakerid.speakers.delete', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify', 'speech.adaptations.execute', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.recognizers.get', 'speech.recognizers.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/dialogflow.testCaseAdmin
Can read & write test cases.
Dialogflow Test Case Admin
['dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.create', 'dialogflow.testcases.delete', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.import', 'dialogflow.testcases.list', 'dialogflow.testcases.run', 'dialogflow.testcases.update']
Copy Permissions GA
roles/dialogflow.webhookAdmin
Can read & write webhooks.
Dialogflow Webhook Admin
['dialogflow.webhooks.create', 'dialogflow.webhooks.delete', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'dialogflow.webhooks.update']
Copy Permissions GA
roles/discoveryengine.admin
Grants full access to all discoveryengine resources.
Discovery Engine Admin
['discoveryengine.aclConfigs.get', 'discoveryengine.aclConfigs.update', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.cmekConfigs.update', 'discoveryengine.collections.delete', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.completionConfigs.update', 'discoveryengine.controls.create', 'discoveryengine.controls.delete', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.controls.update', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.create', 'discoveryengine.conversations.delete', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.conversations.update', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.create', 'discoveryengine.dataStores.delete', 'discoveryengine.dataStores.enrollSolutions', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.dataStores.trainCustomModel', 'discoveryengine.dataStores.update', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documentProcessingConfigs.update', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.create', 'discoveryengine.documents.delete', 'discoveryengine.documents.get', 'discoveryengine.documents.import', 'discoveryengine.documents.list', 'discoveryengine.documents.purge', 'discoveryengine.documents.update', 'discoveryengine.engines.create', 'discoveryengine.engines.delete', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.engines.pause', 'discoveryengine.engines.resume', 'discoveryengine.engines.tune', 'discoveryengine.engines.update', 'discoveryengine.evaluations.create', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.locations.estimateDataSize', 'discoveryengine.models.create', 'discoveryengine.models.delete', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.models.pause', 'discoveryengine.models.resume', 'discoveryengine.models.tune', 'discoveryengine.models.update', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.projects.provision', 'discoveryengine.projects.reportConsentChange', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.create', 'discoveryengine.sampleQueries.delete', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.import', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQueries.update', 'discoveryengine.sampleQuerySets.create', 'discoveryengine.sampleQuerySets.delete', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.sampleQuerySets.update', 'discoveryengine.schemas.create', 'discoveryengine.schemas.delete', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.update', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.create', 'discoveryengine.servingConfigs.delete', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.servingConfigs.update', 'discoveryengine.sessions.create', 'discoveryengine.sessions.delete', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.sessions.update', 'discoveryengine.siteSearchEngines.batchVerifyTargetSites', 'discoveryengine.siteSearchEngines.disableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.enableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.fetchDomainVerificationStatus', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.siteSearchEngines.recrawlUris', 'discoveryengine.suggestionDenyListEntries.import', 'discoveryengine.suggestionDenyListEntries.purge', 'discoveryengine.targetSites.batchCreate', 'discoveryengine.targetSites.create', 'discoveryengine.targetSites.delete', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.targetSites.update', 'discoveryengine.userEvents.create', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.userEvents.import', 'discoveryengine.userEvents.purge', 'discoveryengine.widgetConfigs.get', 'discoveryengine.widgetConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/discoveryengine.editor
Grants read and write access to all discovery engine resources.
Discovery Engine Editor
['discoveryengine.aclConfigs.get', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.create', 'discoveryengine.conversations.delete', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.conversations.update', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.create', 'discoveryengine.documents.delete', 'discoveryengine.documents.get', 'discoveryengine.documents.import', 'discoveryengine.documents.list', 'discoveryengine.documents.update', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.engines.pause', 'discoveryengine.engines.resume', 'discoveryengine.engines.tune', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.models.create', 'discoveryengine.models.delete', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.models.pause', 'discoveryengine.models.resume', 'discoveryengine.models.tune', 'discoveryengine.models.update', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.create', 'discoveryengine.sampleQueries.delete', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.import', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQueries.update', 'discoveryengine.sampleQuerySets.create', 'discoveryengine.sampleQuerySets.delete', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.sampleQuerySets.update', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.sessions.create', 'discoveryengine.sessions.delete', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.sessions.update', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.userEvents.create', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.userEvents.import', 'discoveryengine.widgetConfigs.get', 'discoveryengine.widgetConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/discoveryengine.serviceAgent
Discovery Engine service uploads documents and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects using Cloud Logging, and writes and reads metrics for customer using Cloud Monitoring.
Discovery Engine Service Agent
['alloydb.clusters.export', 'alloydb.databases.list', 'alloydb.instances.get', 'alloydb.operations.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'cloudsql.databases.get', 'cloudsql.instances.export', 'cloudsql.instances.get', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.operations.get', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.create', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.search', 'discoveryengine.userEvents.create', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.partitionQuery', 'spanner.databases.select', 'spanner.databases.useDataBoost', 'spanner.sessions.create', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/discoveryengine.user
Grants user-level access to Discovery Engine resources.
Discovery Engine User
['discoveryengine.answers.get', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.search', 'discoveryengine.sessions.get']
Copy Permissions BETA
roles/discoveryengine.viewer
Grants read access to all discovery engine resources.
Discovery Engine Viewer
['discoveryengine.aclConfigs.get', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.get', 'discoveryengine.documents.list', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.widgetConfigs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dlp.admin
Administer DLP including jobs and templates.
DLP Administrator
['dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update', 'dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update', 'dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update', 'dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/dlp.analyzeRiskTemplatesEditor
Edit DLP analyze risk templates.
DLP Analyze Risk Templates Editor
['dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update']
Copy Permissions GA
roles/dlp.analyzeRiskTemplatesReader
Read DLP analyze risk templates.
DLP Analyze Risk Templates Reader
['dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list']
Copy Permissions GA
roles/dlp.serviceAgent
Gives Cloud DLP service agent permissions for BigQuery, Cloud Storage, Datastore, Pub/Sub and Cloud KMS.
DLP API Service Agent
['appengine.applications.get', 'bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.exportResource', 'cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'datacatalog.categories.fineGrainedGet', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt', 'firebase.projects.get', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/dlp.columnDataProfilesReader
Read DLP column profiles.
DLP Column Data Profiles Reader
['dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list']
Copy Permissions GA
roles/dlp.connectionsAdmin
Manage DLP Connections.
DLP Connections Admin
['dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dlp.connectionsReader
View DLP Connections.
DLP Connections Viewer
['dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search']
Copy Permissions GA
roles/dlp.estimatesAdmin
Manage DLP Cost Estimates.
DLP Cost Estimation
['dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list']
Copy Permissions GA
roles/dlp.dataProfilesAdmin
Manage DLP profiles.
DLP Data Profiles Admin
['dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list']
Copy Permissions GA
roles/dlp.dataProfilesReader
Read DLP profiles.
DLP Data Profiles Reader
['dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list']
Copy Permissions GA
roles/dlp.deidentifyTemplatesEditor
Edit DLP de-identify templates.
DLP De-identify Templates Editor
['dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update']
Copy Permissions GA
roles/dlp.deidentifyTemplatesReader
Read DLP de-identify templates.
DLP De-identify Templates Reader
['dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list']
Copy Permissions GA
roles/dlp.fileStoreProfilesAdmin
Manage DLP file store profiles.
DLP File Store Data Profiles Admin
['dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list']
Copy Permissions GA
roles/dlp.fileStoreProfilesReader
Read DLP file store profiles.
DLP File Store Data Profiles Reader
['dlp.charts.get', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list']
Copy Permissions GA
roles/dlp.inspectFindingsReader
Read DLP stored findings.
DLP Inspect Findings Reader
['dlp.inspectFindings.list']
Copy Permissions GA
roles/dlp.inspectTemplatesEditor
Edit DLP inspect templates.
DLP Inspect Templates Editor
['dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update']
Copy Permissions GA
roles/dlp.inspectTemplatesReader
Read DLP inspect templates.
DLP Inspect Templates Reader
['dlp.inspectTemplates.get', 'dlp.inspectTemplates.list']
Copy Permissions GA
roles/dlp.jobTriggersEditor
Edit job triggers configurations.
DLP Job Triggers Editor
['dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update']
Copy Permissions GA
roles/dlp.jobTriggersReader
Read job triggers.
DLP Job Triggers Reader
['dlp.jobTriggers.get', 'dlp.jobTriggers.list']
Copy Permissions GA
roles/dlp.jobsEditor
Edit and create jobs
DLP Jobs Editor
['dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt']
Copy Permissions GA
roles/dlp.jobsReader
Read jobs
DLP Jobs Reader
['dlp.jobs.get', 'dlp.jobs.list']
Copy Permissions GA
roles/dlp.orgdriver
Permissions needed by the DLP service account to generate data profiles within an organization or folder.
DLP Organization Data Profiles Driver
['aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.consents.get', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.get', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.list', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.extensions.get', 'aiplatform.extensions.list', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.get', 'aiplatform.featurestores.list', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'alloydb.backups.createTagBinding', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.connections.updateTag', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.instances.createTagBinding', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudsql.instances.connect', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.get', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'compute.addresses.createTagBinding', 'compute.addresses.deleteTagBinding', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.createTagBinding', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.createTagBinding', 'compute.disks.deleteTagBinding', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.createTagBinding', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.createTagBinding', 'compute.images.deleteTagBinding', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instances.createTagBinding', 'compute.instances.deleteTagBinding', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnects.createTagBinding', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.createTagBinding', 'compute.networks.deleteTagBinding', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.routers.createTagBinding', 'compute.routers.deleteTagBinding', 'compute.routers.listEffectiveTags', 'compute.routers.listTagBindings', 'compute.routes.createTagBinding', 'compute.routes.deleteTagBinding', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.createTagBinding', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.createTagBinding', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'container.clusters.createTagBinding', 'container.clusters.deleteTagBinding', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'datacatalog.categories.fineGrainedGet', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.updateTag', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'datafusion.instances.createTagBinding', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'dataplex.projects.search', 'datastore.databases.createTagBinding', 'datastore.databases.deleteTagBinding', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastream.connectionProfiles.createTagBinding', 'datastream.connectionProfiles.deleteTagBinding', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listTagBindings', 'datastream.privateConnections.createTagBinding', 'datastream.privateConnections.deleteTagBinding', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.streams.createTagBinding', 'datastream.streams.deleteTagBinding', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update', 'dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update', 'dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update', 'dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'domains.registrations.createTagBinding', 'domains.registrations.deleteTagBinding', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'file.backups.createTagBinding', 'file.backups.deleteTagBinding', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.createTagBinding', 'file.instances.deleteTagBinding', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.snapshots.createTagBinding', 'file.snapshots.deleteTagBinding', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'iam.serviceAccounts.createTagBinding', 'iam.serviceAccounts.deleteTagBinding', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'logging.buckets.createTagBinding', 'logging.buckets.deleteTagBinding', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'pubsub.topics.updateTag', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'redis.instances.createTagBinding', 'redis.instances.deleteTagBinding', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.list', 'run.jobs.createTagBinding', 'run.jobs.deleteTagBinding', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.services.createTagBinding', 'run.services.deleteTagBinding', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'secretmanager.secrets.createTagBinding', 'secretmanager.secrets.deleteTagBinding', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'serviceusage.services.use', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.getIamPolicy', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/dlp.projectdriver
Permissions needed by the DLP service account to generate data profiles within a project.
DLP Project Data Profiles Driver
['aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.consents.get', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.get', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.list', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.extensions.get', 'aiplatform.extensions.list', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.get', 'aiplatform.featurestores.list', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'alloydb.backups.createTagBinding', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.connections.updateTag', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.instances.createTagBinding', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudsql.instances.connect', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.get', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'compute.addresses.createTagBinding', 'compute.addresses.deleteTagBinding', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.createTagBinding', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.createTagBinding', 'compute.disks.deleteTagBinding', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.createTagBinding', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.createTagBinding', 'compute.images.deleteTagBinding', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instances.createTagBinding', 'compute.instances.deleteTagBinding', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnects.createTagBinding', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.createTagBinding', 'compute.networks.deleteTagBinding', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.routers.createTagBinding', 'compute.routers.deleteTagBinding', 'compute.routers.listEffectiveTags', 'compute.routers.listTagBindings', 'compute.routes.createTagBinding', 'compute.routes.deleteTagBinding', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.createTagBinding', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.createTagBinding', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'container.clusters.createTagBinding', 'container.clusters.deleteTagBinding', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'datacatalog.categories.fineGrainedGet', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.updateTag', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'datafusion.instances.createTagBinding', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'dataplex.projects.search', 'datastore.databases.createTagBinding', 'datastore.databases.deleteTagBinding', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastream.connectionProfiles.createTagBinding', 'datastream.connectionProfiles.deleteTagBinding', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listTagBindings', 'datastream.privateConnections.createTagBinding', 'datastream.privateConnections.deleteTagBinding', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.streams.createTagBinding', 'datastream.streams.deleteTagBinding', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update', 'dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update', 'dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update', 'dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'domains.registrations.createTagBinding', 'domains.registrations.deleteTagBinding', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'file.backups.createTagBinding', 'file.backups.deleteTagBinding', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.createTagBinding', 'file.instances.deleteTagBinding', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.snapshots.createTagBinding', 'file.snapshots.deleteTagBinding', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'iam.serviceAccounts.createTagBinding', 'iam.serviceAccounts.deleteTagBinding', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'logging.buckets.createTagBinding', 'logging.buckets.deleteTagBinding', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'pubsub.topics.updateTag', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'redis.instances.createTagBinding', 'redis.instances.deleteTagBinding', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.list', 'run.jobs.createTagBinding', 'run.jobs.deleteTagBinding', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.services.createTagBinding', 'run.services.deleteTagBinding', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'secretmanager.secrets.createTagBinding', 'secretmanager.secrets.deleteTagBinding', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'serviceusage.services.use', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.getIamPolicy', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/dlp.projectDataProfilesReader
Read DLP project profiles.
DLP Project Data Profiles Reader
['dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list']
Copy Permissions GA
roles/dlp.reader
Read DLP entities, such as jobs and templates.
DLP Reader
['dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.jobTriggers.get', 'dlp.jobTriggers.list', 'dlp.jobs.get', 'dlp.jobs.list', 'dlp.locations.get', 'dlp.locations.list', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list']
Copy Permissions GA
roles/dlp.storedInfoTypesEditor
Edit DLP stored info types.
DLP Stored InfoTypes Editor
['dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update']
Copy Permissions GA
roles/dlp.storedInfoTypesReader
Read DLP stored info types.
DLP Stored InfoTypes Reader
['dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list']
Copy Permissions GA
roles/dlp.subscriptionsAdmin
Manage DLP subscriptions.
DLP Subscription Admin
['dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dlp.subscriptionsReader
View DLP subscriptions.
DLP Subscription Viewer
['dlp.subscriptions.get', 'dlp.subscriptions.list']
Copy Permissions GA
roles/dlp.tableDataProfilesAdmin
Manage DLP table profiles.
DLP Table Data Profiles Admin
['dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list']
Copy Permissions GA
roles/dlp.tableDataProfilesReader
Read DLP table profiles.
DLP Table Data Profiles Reader
['dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list']
Copy Permissions GA
roles/dlp.user
Inspect, Redact, and De-identify Content
DLP User
['dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'serviceusage.services.use']
Copy Permissions GA
roles/dns.admin
Full read-write access to DNS resources.
DNS Administrator
['compute.networks.get', 'compute.networks.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/dns.peer
Access to target networks with DNS peering zones
DNS Peer
['dns.networks.targetWithPeeringZone']
Copy Permissions GA
roles/dns.reader
Read-only access to DNS resources.
DNS Reader
['compute.networks.get', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.policies.get', 'dns.policies.list', 'dns.projects.get', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/documentai.admin
Grants full access to all resources in Document AI
Document AI Administrator
['documentai.dataLabelingJobs.cancel', 'documentai.dataLabelingJobs.create', 'documentai.dataLabelingJobs.delete', 'documentai.dataLabelingJobs.list', 'documentai.dataLabelingJobs.update', 'documentai.datasetSchemas.get', 'documentai.datasetSchemas.update', 'documentai.datasets.createDocuments', 'documentai.datasets.deleteDocuments', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.datasets.update', 'documentai.datasets.updateDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.create', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.humanReviewConfigs.update', 'documentai.labelerPools.create', 'documentai.labelerPools.delete', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.labelerPools.update', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.create', 'documentai.processorVersions.delete', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processorVersions.update', 'documentai.processors.create', 'documentai.processors.delete', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'documentai.processors.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/documentai.apiUser
Grants access to process documents in Document AI
Document AI API User
['documentai.humanReviewConfigs.review', 'documentai.operations.getLegacy', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processors.processBatch', 'documentai.processors.processOnline']
Copy Permissions BETA
roles/documentai.editor
Grants access to use all resources in Document AI
Document AI Editor
['documentai.dataLabelingJobs.cancel', 'documentai.dataLabelingJobs.create', 'documentai.dataLabelingJobs.delete', 'documentai.dataLabelingJobs.list', 'documentai.dataLabelingJobs.update', 'documentai.datasetSchemas.get', 'documentai.datasetSchemas.update', 'documentai.datasets.createDocuments', 'documentai.datasets.deleteDocuments', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.datasets.update', 'documentai.datasets.updateDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.create', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.humanReviewConfigs.update', 'documentai.labelerPools.create', 'documentai.labelerPools.delete', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.labelerPools.update', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.create', 'documentai.processorVersions.delete', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processorVersions.update', 'documentai.processors.create', 'documentai.processors.delete', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'documentai.processors.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/documentai.viewer
Grants access to view all resources and process documents in Document AI
Document AI Viewer
['documentai.dataLabelingJobs.list', 'documentai.datasetSchemas.get', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/documentaicore.serviceAgent
Gives DocumentAI Core Service Account access to consumer resources.
DocumentAI Core Service Agent
['automl.models.predict', 'documentai.humanReviewConfigs.review', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/dspm.serviceAgent
Gives DSPM Service Account access to consumer resources.
DSPM Service Agent
['bigquery.datasets.createTagBinding', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.tables.createTagBinding', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.update', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.tagKeys.create', 'resourcemanager.tagKeys.delete', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.update', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.create', 'resourcemanager.tagValues.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securityposture.operations.get', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postures.create', 'securityposture.postures.get', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings']
Copy Permissions GA
roles/earthengine.appsPublisher
Publisher of Earth Engine Apps
Earth Engine Apps Publisher
['iam.serviceAccounts.create', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.enable', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.setIamPolicy', 'resourcemanager.projects.get', 'serviceusage.services.get']
Copy Permissions BETA
roles/earthengine.admin
Full access to all Earth Engine resource features
Earth Engine Resource Admin
['earthengine.assets.create', 'earthengine.assets.delete', 'earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.assets.setIamPolicy', 'earthengine.assets.update', 'earthengine.computations.create', 'earthengine.config.get', 'earthengine.config.update', 'earthengine.exports.create', 'earthengine.featureviews.create', 'earthengine.filmstripthumbnails.create', 'earthengine.filmstripthumbnails.get', 'earthengine.imports.create', 'earthengine.maps.create', 'earthengine.maps.get', 'earthengine.operations.delete', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.operations.update', 'earthengine.tables.create', 'earthengine.tables.get', 'earthengine.thumbnails.create', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.create', 'earthengine.videothumbnails.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/earthengine.viewer
Viewer of all Earth Engine resources
Earth Engine Resource Viewer
['earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.computations.create', 'earthengine.config.get', 'earthengine.filmstripthumbnails.get', 'earthengine.maps.get', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.tables.get', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/earthengine.writer
Writer of all Earth Engine resources
Earth Engine Resource Writer
['earthengine.assets.create', 'earthengine.assets.delete', 'earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.assets.update', 'earthengine.computations.create', 'earthengine.config.get', 'earthengine.config.update', 'earthengine.exports.create', 'earthengine.featureviews.create', 'earthengine.filmstripthumbnails.create', 'earthengine.filmstripthumbnails.get', 'earthengine.imports.create', 'earthengine.maps.create', 'earthengine.maps.get', 'earthengine.operations.delete', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.operations.update', 'earthengine.tables.create', 'earthengine.tables.get', 'earthengine.thumbnails.create', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.create', 'earthengine.videothumbnails.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/edgecontainer.admin
Full access to Edge Container all resources.
Edge Container Admin
['edgecontainer.clusters.create', 'edgecontainer.clusters.delete', 'edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.generateOfflineCredential', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.clusters.setIamPolicy', 'edgecontainer.clusters.update', 'edgecontainer.clusters.upgrade', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.create', 'edgecontainer.machines.delete', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.setIamPolicy', 'edgecontainer.machines.update', 'edgecontainer.machines.use', 'edgecontainer.nodePools.create', 'edgecontainer.nodePools.delete', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.nodePools.setIamPolicy', 'edgecontainer.nodePools.update', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.vpnConnections.create', 'edgecontainer.vpnConnections.delete', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.vpnConnections.setIamPolicy', 'edgecontainer.vpnConnections.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/edgecontainer.offlineCredentialUser
Access to get Edge Container cluster offline credentials
Edge Container Cluster offline Credential User
['edgecontainer.clusters.generateOfflineCredential', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/edgecontainer.clusterServiceAgent
Grants the Edge Container Cluster Service Account access to manage resources.
Edge Container Cluster Service Agent
['cloudnotifications.activities.list', 'gkehub.endpoints.connect', 'gkehub.features.create', 'gkehub.features.get', 'gkehub.features.list', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/edgecontainer.machineUser
Access to use Edge Container Machine resources.
Edge Container Machine User
['edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/edgecontainer.serviceAgent
Grants the Edge Container Service Account access to manage resources.
Edge Container Service Agent
['compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.use', 'compute.globalOperations.get', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regionOperations.get', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.list', 'compute.routers.update', 'compute.routers.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.operations.cancel', 'gkehub.operations.get', 'serviceusage.services.list']
Copy Permissions GA
roles/edgecontainer.viewer
Read-only access to Edge Container all resources.
Edge Container Viewer
['edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/edgenetwork.admin
Full access to Edge Network all resources.
Edge Network Admin
['edgenetwork.interconnectAttachments.create', 'edgenetwork.interconnectAttachments.delete', 'edgenetwork.interconnectAttachments.get', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnectAttachments.setIamPolicy', 'edgenetwork.interconnectAttachments.update', 'edgenetwork.interconnects.get', 'edgenetwork.interconnects.getDiagnostics', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.interconnects.setIamPolicy', 'edgenetwork.locations.get', 'edgenetwork.locations.list', 'edgenetwork.networks.create', 'edgenetwork.networks.delete', 'edgenetwork.networks.get', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.getStatus', 'edgenetwork.networks.list', 'edgenetwork.networks.setIamPolicy', 'edgenetwork.networks.update', 'edgenetwork.operations.cancel', 'edgenetwork.operations.delete', 'edgenetwork.operations.get', 'edgenetwork.operations.list', 'edgenetwork.routers.create', 'edgenetwork.routers.delete', 'edgenetwork.routers.get', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.getRouterStatus', 'edgenetwork.routers.list', 'edgenetwork.routers.patch', 'edgenetwork.routers.setIamPolicy', 'edgenetwork.routers.update', 'edgenetwork.routes.create', 'edgenetwork.routes.delete', 'edgenetwork.routes.get', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.create', 'edgenetwork.subnetworks.delete', 'edgenetwork.subnetworks.get', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.getStatus', 'edgenetwork.subnetworks.list', 'edgenetwork.subnetworks.setIamPolicy', 'edgenetwork.subnetworks.update', 'edgenetwork.zones.get', 'edgenetwork.zones.initialize', 'edgenetwork.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/edgenetwork.viewer
Read-only access to Edge Network all resources.
Edge Network Viewer
['edgenetwork.interconnectAttachments.get', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnects.get', 'edgenetwork.interconnects.getDiagnostics', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.locations.get', 'edgenetwork.locations.list', 'edgenetwork.networks.get', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.getStatus', 'edgenetwork.networks.list', 'edgenetwork.operations.get', 'edgenetwork.operations.list', 'edgenetwork.routers.get', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.getRouterStatus', 'edgenetwork.routers.list', 'edgenetwork.routes.get', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.get', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.getStatus', 'edgenetwork.subnetworks.list', 'edgenetwork.zones.get', 'edgenetwork.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/editor
View, create, update, and delete most Google Cloud resources. See the list of included permissions.
Editor
['accessapproval.requests.get', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.gcpUserAccessBindings.create', 'accesscontextmanager.gcpUserAccessBindings.delete', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.gcpUserAccessBindings.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'actions.agent.claimContentProvider', 'actions.agent.get', 'actions.agent.update', 'actions.agentVersions.create', 'actions.agentVersions.delete', 'actions.agentVersions.deploy', 'actions.agentVersions.get', 'actions.agentVersions.list', 'advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'advisorynotifications.settings.update', 'aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cacheConfigs.update', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.consents.update', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.migratableResources.migrate', 'aiplatform.migratableResources.search', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.create', 'aiplatform.persistentResources.delete', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'alloydb.backups.create', 'alloydb.backups.delete', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.backups.update', 'alloydb.clusters.create', 'alloydb.clusters.delete', 'alloydb.clusters.export', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.import', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.clusters.promote', 'alloydb.clusters.switchover', 'alloydb.clusters.update', 'alloydb.clusters.upgrade', 'alloydb.databases.list', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.executeSql', 'alloydb.instances.failover', 'alloydb.instances.get', 'alloydb.instances.injectFault', 'alloydb.instances.list', 'alloydb.instances.restart', 'alloydb.instances.update', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.cancel', 'alloydb.operations.delete', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.create', 'alloydb.users.delete', 'alloydb.users.get', 'alloydb.users.list', 'alloydb.users.login', 'alloydb.users.update', 'analyticshub.dataExchanges.create', 'analyticshub.dataExchanges.delete', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.update', 'analyticshub.listings.create', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.update', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'androidmanagement.enterprises.manage', 'apigateway.apiconfigs.create', 'apigateway.apiconfigs.delete', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.update', 'apigateway.apis.create', 'apigateway.apis.delete', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.update', 'apigateway.gateways.create', 'apigateway.gateways.delete', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.update', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.cancel', 'apigateway.operations.delete', 'apigateway.operations.get', 'apigateway.operations.list', 'apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.caches.delete', 'apigee.caches.list', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datalocation.get', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.endpointattachments.create', 'apigee.endpointattachments.delete', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.create', 'apigee.envgroupattachments.delete', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.create', 'apigee.envgroups.delete', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.envgroups.update', 'apigee.environments.create', 'apigee.environments.delete', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.manageRuntime', 'apigee.environments.update', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.create', 'apigee.instanceattachments.delete', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.create', 'apigee.instances.delete', 'apigee.instances.get', 'apigee.instances.list', 'apigee.instances.reportStatus', 'apigee.instances.update', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.nataddresses.activate', 'apigee.nataddresses.create', 'apigee.nataddresses.delete', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.create', 'apigee.organizations.delete', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.organizations.update', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'apigee.projects.migrate', 'apigee.projects.previewMigration', 'apigee.projects.update', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.runtimeconfigs.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.setupcontexts.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'apigeeconnect.connections.list', 'apigeeconnect.endpoints.connect', 'apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.instances.get', 'apigeeregistry.instances.update', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.cancel', 'apigeeregistry.operations.delete', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'apikeys.keys.create', 'apikeys.keys.delete', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apikeys.keys.undelete', 'apikeys.keys.update', 'apim.apiObservations.batchEditTags', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.create', 'apim.observationJobs.delete', 'apim.observationJobs.disable', 'apim.observationJobs.enable', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.create', 'apim.observationSources.delete', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.cancel', 'apim.operations.delete', 'apim.operations.get', 'apim.operations.list', 'appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.getKey', 'appengine.memcache.list', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.create', 'apphub.serviceProjectAttachments.delete', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'applianceactivation.rttCommands.approve', 'applianceactivation.rttCommands.create', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'applianceactivation.rttCommands.sendResult', 'artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.enrollResource', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.delete', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.catalogs.update', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.create', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.placements.create', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.delete', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'batch.states.report', 'batch.tasks.get', 'batch.tasks.list', 'beyondcorp.appConnections.create', 'beyondcorp.appConnections.delete', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.update', 'beyondcorp.appConnectors.create', 'beyondcorp.appConnectors.delete', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.reportStatus', 'beyondcorp.appConnectors.update', 'beyondcorp.appGateways.create', 'beyondcorp.appGateways.delete', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.update', 'beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.create', 'beyondcorp.partnerTenants.delete', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.partnerTenants.update', 'beyondcorp.proxyConfigs.create', 'beyondcorp.proxyConfigs.delete', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.proxyConfigs.update', 'beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'biglake.catalogs.create', 'biglake.catalogs.delete', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.create', 'biglake.databases.delete', 'biglake.databases.get', 'biglake.databases.list', 'biglake.databases.update', 'biglake.locks.check', 'biglake.locks.create', 'biglake.locks.delete', 'biglake.locks.list', 'biglake.tables.create', 'biglake.tables.delete', 'biglake.tables.get', 'biglake.tables.list', 'biglake.tables.lock', 'biglake.tables.update', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listExecutionMetadata', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.deleteIndex', 'bigquery.tables.getIamPolicy', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.locations.get', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.create', 'bigquerymigration.subtasks.get', 'bigquerymigration.subtasks.list', 'bigquerymigration.translation.translate', 'bigquerymigration.workflows.create', 'bigquerymigration.workflows.delete', 'bigquerymigration.workflows.get', 'bigquerymigration.workflows.list', 'bigquerymigration.workflows.update', 'bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.delete', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.undelete', 'bigtable.tables.update', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceCosts.get', 'billing.resourcebudgets.read', 'billing.resourcebudgets.write', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.update', 'blockchainnodeengine.blockchainNodes.create', 'blockchainnodeengine.blockchainNodes.delete', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.blockchainNodes.update', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.cancel', 'blockchainnodeengine.operations.delete', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.create', 'blockchainvalidatormanager.blockchainValidatorConfigs.delete', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.update', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.cancel', 'blockchainvalidatormanager.operations.delete', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'carestudio.patients.get', 'carestudio.patients.list', 'certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.delete', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.cancel', 'certificatemanager.operations.delete', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.delete', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'chat.bots.get', 'chat.bots.update', 'chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update', 'clientauthconfig.brands.create', 'clientauthconfig.brands.delete', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.brands.update', 'clientauthconfig.clients.create', 'clientauthconfig.clients.createSecret', 'clientauthconfig.clients.delete', 'clientauthconfig.clients.get', 'clientauthconfig.clients.getWithSecret', 'clientauthconfig.clients.list', 'clientauthconfig.clients.listWithSecrets', 'clientauthconfig.clients.undelete', 'clientauthconfig.clients.update', 'cloud.locations.get', 'cloud.locations.list', 'cloudaicompanion.codeRepositoryIndexes.create', 'cloudaicompanion.codeRepositoryIndexes.delete', 'cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.codeRepositoryIndexes.update', 'cloudaicompanion.companions.generateChat', 'cloudaicompanion.companions.generateCode', 'cloudaicompanion.entitlements.get', 'cloudaicompanion.instances.completeCode', 'cloudaicompanion.instances.completeTask', 'cloudaicompanion.instances.generateCode', 'cloudaicompanion.instances.generateText', 'cloudaicompanion.operations.cancel', 'cloudaicompanion.operations.delete', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.create', 'cloudaicompanion.repositoryGroups.delete', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.update', 'cloudaicompanion.repositoryGroups.use', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'cloudbuild.builds.approve', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.update', 'cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'cloudbuild.workerpools.use', 'cloudconfig.configs.get', 'cloudconfig.configs.update', 'cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list', 'clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create', 'clouddebugger.debuggees.list', 'clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.delete', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.update', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update', 'cloudjobdiscovery.companies.create', 'cloudjobdiscovery.companies.delete', 'cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.companies.update', 'cloudjobdiscovery.events.create', 'cloudjobdiscovery.jobs.create', 'cloudjobdiscovery.jobs.delete', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.jobs.update', 'cloudjobdiscovery.profiles.create', 'cloudjobdiscovery.profiles.delete', 'cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.profiles.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'cloudjobdiscovery.tools.access', 'cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'cloudkms.protectedResources.search', 'cloudmessaging.messages.create', 'cloudnotifications.activities.list', 'cloudonefs.isiloncloud.com/clusters.create', 'cloudonefs.isiloncloud.com/clusters.delete', 'cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/clusters.update', 'cloudonefs.isiloncloud.com/clusters.updateAdvancedSettings', 'cloudonefs.isiloncloud.com/fileshares.create', 'cloudonefs.isiloncloud.com/fileshares.delete', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudonefs.isiloncloud.com/fileshares.update', 'cloudoptimization.operations.create', 'cloudoptimization.operations.get', 'cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'cloudprofiler.profiles.create', 'cloudprofiler.profiles.list', 'cloudprofiler.profiles.update', 'cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'cloudsupport.accounts.get', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.accounts.update', 'cloudsupport.accounts.updateUserRoles', 'cloudsupport.operations.get', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'cloudtasks.cmekConfig.get', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.update', 'cloudtasks.tasks.create', 'cloudtasks.tasks.delete', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'cloudtasks.tasks.run', 'cloudtestservice.devicesession.cancel', 'cloudtestservice.devicesession.create', 'cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'cloudtestservice.devicesession.update', 'cloudtestservice.devicesession.use', 'cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.create', 'cloudtestservice.matrices.get', 'cloudtestservice.matrices.update', 'cloudtoolresults.executions.create', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.executions.update', 'cloudtoolresults.histories.create', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.create', 'cloudtoolresults.settings.get', 'cloudtoolresults.settings.update', 'cloudtoolresults.steps.create', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtoolresults.steps.update', 'cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'cloudtrace.traces.patch', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'cloudvolumesgcp-api.netapp.com/activeDirectories.create', 'cloudvolumesgcp-api.netapp.com/activeDirectories.delete', 'cloudvolumesgcp-api.netapp.com/activeDirectories.get', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/activeDirectories.update', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.get', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.create', 'cloudvolumesgcp-api.netapp.com/snapshots.delete', 'cloudvolumesgcp-api.netapp.com/snapshots.get', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/snapshots.update', 'cloudvolumesgcp-api.netapp.com/volumereplication.authorize', 'cloudvolumesgcp-api.netapp.com/volumereplication.break', 'cloudvolumesgcp-api.netapp.com/volumereplication.create', 'cloudvolumesgcp-api.netapp.com/volumereplication.delete', 'cloudvolumesgcp-api.netapp.com/volumereplication.get', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.release', 'cloudvolumesgcp-api.netapp.com/volumereplication.resync', 'cloudvolumesgcp-api.netapp.com/volumereplication.update', 'cloudvolumesgcp-api.netapp.com/volumes.create', 'cloudvolumesgcp-api.netapp.com/volumes.delete', 'cloudvolumesgcp-api.netapp.com/volumes.get', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'cloudvolumesgcp-api.netapp.com/volumes.update', 'commerceagreementpublishing.agreements.create', 'commerceagreementpublishing.agreements.delete', 'commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.agreements.update', 'commerceagreementpublishing.documents.create', 'commerceagreementpublishing.documents.delete', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commerceagreementpublishing.documents.update', 'commercebusinessenablement.leadgenConfig.get', 'commercebusinessenablement.leadgenConfig.update', 'commercebusinessenablement.operations.cancel', 'commercebusinessenablement.operations.delete', 'commercebusinessenablement.operations.get', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.paymentConfig.get', 'commercebusinessenablement.paymentConfig.update', 'commercebusinessenablement.refunds.cancel', 'commercebusinessenablement.refunds.create', 'commercebusinessenablement.refunds.delete', 'commercebusinessenablement.refunds.get', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.refunds.start', 'commercebusinessenablement.refunds.update', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerConfig.update', 'commercebusinessenablement.resellerDiscountConfig.get', 'commercebusinessenablement.resellerDiscountOffers.cancel', 'commercebusinessenablement.resellerDiscountOffers.create', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.cancel', 'commercebusinessenablement.resellerPrivateOfferPlans.create', 'commercebusinessenablement.resellerPrivateOfferPlans.delete', 'commercebusinessenablement.resellerPrivateOfferPlans.get', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerPrivateOfferPlans.publish', 'commercebusinessenablement.resellerPrivateOfferPlans.update', 'commercebusinessenablement.resellerRestrictions.list', 'commercebusinessenablement.resellerRestrictions.update', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'commerceorggovernance.collectionRequestApprovals.list', 'commerceorggovernance.collectionRequestApprovals.review', 'commerceorggovernance.collections.create', 'commerceorggovernance.collections.delete', 'commerceorggovernance.collections.get', 'commerceorggovernance.collections.list', 'commerceorggovernance.collections.update', 'commerceorggovernance.consumerSharingPolicies.get', 'commerceorggovernance.consumerSharingPolicies.update', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'commerceorggovernance.populateCollectionJobs.create', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.populateCollectionJobs.run', 'commerceorggovernance.populateCollectionJobs.update', 'commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'commerceorggovernance.services.request', 'commerceprice.privateoffers.cancel', 'commerceprice.privateoffers.create', 'commerceprice.privateoffers.delete', 'commerceprice.privateoffers.get', 'commerceprice.privateoffers.list', 'commerceprice.privateoffers.publish', 'commerceprice.privateoffers.sendEmail', 'commerceprice.privateoffers.update', 'composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.create', 'composer.environments.delete', 'composer.environments.executeAirflowCommand', 'composer.environments.get', 'composer.environments.list', 'composer.environments.update', 'composer.imageversions.list', 'composer.operations.delete', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.create', 'composer.userworkloadsconfigmaps.delete', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadsconfigmaps.update', 'composer.userworkloadssecrets.create', 'composer.userworkloadssecrets.delete', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'composer.userworkloadssecrets.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.futureReservations.cancel', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.futureReservations.update', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.delete', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.create', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.delete', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.delete', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.update', 'compute.networkEdgeSecurityServices.create', 'compute.networkEdgeSecurityServices.delete', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEdgeSecurityServices.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.addNodes', 'compute.nodeGroups.create', 'compute.nodeGroups.delete', 'compute.nodeGroups.deleteNodes', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeGroups.performMaintenance', 'compute.nodeGroups.setNodeTemplate', 'compute.nodeGroups.simulateMaintenanceEvent', 'compute.nodeGroups.update', 'compute.nodeTemplates.create', 'compute.nodeTemplates.delete', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.organizations.setFirewallPolicy', 'compute.organizations.setSecurityPolicy', 'compute.packetMirrorings.create', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCloudArmorTier', 'compute.projects.setCommonInstanceMetadata', 'compute.projects.setDefaultNetworkTier', 'compute.projects.setDefaultServiceAccount', 'compute.projects.setManagedProtectionTier', 'compute.projects.setUsageExportBucket', 'compute.publicAdvertisedPrefixes.create', 'compute.publicAdvertisedPrefixes.delete', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicAdvertisedPrefixes.update', 'compute.publicAdvertisedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.create', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.delete', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.create', 'compute.reservations.delete', 'compute.reservations.get', 'compute.reservations.list', 'compute.reservations.resize', 'compute.reservations.update', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.delete', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshotSettings.get', 'compute.snapshotSettings.update', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.delete', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.delete', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.delete', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.delete', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.delete', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'confidentialcomputing.challenges.create', 'confidentialcomputing.challenges.verify', 'confidentialcomputing.locations.get', 'confidentialcomputing.locations.list', 'config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.deployments.update', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'configdelivery.fleetPackages.create', 'configdelivery.fleetPackages.delete', 'configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.fleetPackages.update', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.cancel', 'configdelivery.operations.delete', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.delete', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.delete', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'configdelivery.rollouts.abort', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'configdelivery.rollouts.resume', 'configdelivery.rollouts.suspend', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.create', 'connectors.connections.delete', 'connectors.connections.executeSqlQuery', 'connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.getIamPolicy', 'connectors.connections.getRuntimeActionSchema', 'connectors.connections.getRuntimeEntitySchema', 'connectors.connections.list', 'connectors.connections.listenEvent', 'connectors.connections.update', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.create', 'connectors.customConnectorVersions.delete', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectorVersions.update', 'connectors.customConnectors.create', 'connectors.customConnectors.delete', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.customConnectors.update', 'connectors.endpointAttachments.create', 'connectors.endpointAttachments.delete', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.endpointAttachments.update', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.create', 'connectors.eventSubscriptions.delete', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventSubscriptions.update', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.create', 'connectors.managedZones.delete', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.managedZones.update', 'connectors.operations.cancel', 'connectors.operations.delete', 'connectors.operations.get', 'connectors.operations.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.regionalSettings.get', 'connectors.regionalSettings.update', 'connectors.runtimeconfig.get', 'connectors.schemaMetadata.refresh', 'connectors.settings.get', 'connectors.settings.update', 'connectors.versions.get', 'connectors.versions.list', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.freeTrials.create', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'contactcenteraiplatform.contactCenters.create', 'contactcenteraiplatform.contactCenters.delete', 'contactcenteraiplatform.contactCenters.get', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.contactCenters.program', 'contactcenteraiplatform.contactCenters.queryQuota', 'contactcenteraiplatform.contactCenters.update', 'contactcenteraiplatform.locations.get', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.cancel', 'contactcenteraiplatform.operations.delete', 'contactcenteraiplatform.operations.get', 'contactcenteraiplatform.operations.list', 'contactcenterinsights.analyses.create', 'contactcenterinsights.analyses.delete', 'contactcenterinsights.analyses.get', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.create', 'contactcenterinsights.analysisRules.delete', 'contactcenterinsights.analysisRules.get', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.analysisRules.update', 'contactcenterinsights.conversations.create', 'contactcenterinsights.conversations.delete', 'contactcenterinsights.conversations.export', 'contactcenterinsights.conversations.get', 'contactcenterinsights.conversations.list', 'contactcenterinsights.conversations.update', 'contactcenterinsights.conversations.upload', 'contactcenterinsights.faqEntries.delete', 'contactcenterinsights.faqEntries.get', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqEntries.update', 'contactcenterinsights.faqModels.create', 'contactcenterinsights.faqModels.delete', 'contactcenterinsights.faqModels.get', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.faqModels.update', 'contactcenterinsights.feedbackLabels.create', 'contactcenterinsights.feedbackLabels.delete', 'contactcenterinsights.feedbackLabels.download', 'contactcenterinsights.feedbackLabels.get', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.feedbackLabels.update', 'contactcenterinsights.feedbackLabels.upload', 'contactcenterinsights.issueModels.create', 'contactcenterinsights.issueModels.delete', 'contactcenterinsights.issueModels.deploy', 'contactcenterinsights.issueModels.export', 'contactcenterinsights.issueModels.get', 'contactcenterinsights.issueModels.import', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issueModels.undeploy', 'contactcenterinsights.issueModels.update', 'contactcenterinsights.issues.create', 'contactcenterinsights.issues.delete', 'contactcenterinsights.issues.get', 'contactcenterinsights.issues.list', 'contactcenterinsights.issues.update', 'contactcenterinsights.operations.cancel', 'contactcenterinsights.operations.get', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.create', 'contactcenterinsights.phraseMatchers.delete', 'contactcenterinsights.phraseMatchers.get', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.phraseMatchers.update', 'contactcenterinsights.qaQuestions.create', 'contactcenterinsights.qaQuestions.delete', 'contactcenterinsights.qaQuestions.get', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaQuestions.update', 'contactcenterinsights.qaScorecardRevisions.create', 'contactcenterinsights.qaScorecardRevisions.delete', 'contactcenterinsights.qaScorecardRevisions.deploy', 'contactcenterinsights.qaScorecardRevisions.get', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecardRevisions.tune', 'contactcenterinsights.qaScorecardRevisions.undeploy', 'contactcenterinsights.qaScorecards.create', 'contactcenterinsights.qaScorecards.delete', 'contactcenterinsights.qaScorecards.get', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.qaScorecards.update', 'contactcenterinsights.settings.get', 'contactcenterinsights.settings.update', 'contactcenterinsights.views.create', 'contactcenterinsights.views.delete', 'contactcenterinsights.views.get', 'contactcenterinsights.views.list', 'contactcenterinsights.views.update', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.notes.listOccurrences', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.get', 'containersecurity.locations.list', 'contentwarehouse.corpora.create', 'contentwarehouse.corpora.delete', 'contentwarehouse.corpora.get', 'contentwarehouse.corpora.list', 'contentwarehouse.corpora.update', 'contentwarehouse.dataExportJobs.create', 'contentwarehouse.dataExportJobs.update', 'contentwarehouse.documentSchemas.create', 'contentwarehouse.documentSchemas.delete', 'contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documentSchemas.update', 'contentwarehouse.documents.create', 'contentwarehouse.documents.delete', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.documents.update', 'contentwarehouse.links.create', 'contentwarehouse.links.delete', 'contentwarehouse.links.get', 'contentwarehouse.links.update', 'contentwarehouse.locations.getStatus', 'contentwarehouse.locations.initialize', 'contentwarehouse.operations.get', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.rawDocuments.upload', 'contentwarehouse.ruleSets.create', 'contentwarehouse.ruleSets.delete', 'contentwarehouse.ruleSets.get', 'contentwarehouse.ruleSets.list', 'contentwarehouse.ruleSets.update', 'contentwarehouse.synonymSets.create', 'contentwarehouse.synonymSets.delete', 'contentwarehouse.synonymSets.get', 'contentwarehouse.synonymSets.list', 'contentwarehouse.synonymSets.update', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'databaseinsights.activeQueries.fetch', 'databaseinsights.activeQuery.terminate', 'databaseinsights.activitySummary.fetch', 'databaseinsights.aggregatedEvents.query', 'databaseinsights.aggregatedStats.query', 'databaseinsights.clusterEvents.query', 'databaseinsights.instanceEvents.query', 'databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.recommendations.query', 'databaseinsights.resourceRecommendations.query', 'databaseinsights.timeSeries.query', 'databaseinsights.workloadRecommendations.fetch', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'datacatalog.operations.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'dataconnectors.connectors.create', 'dataconnectors.connectors.delete', 'dataconnectors.connectors.get', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.connectors.update', 'dataconnectors.connectors.use', 'dataconnectors.locations.get', 'dataconnectors.locations.list', 'dataconnectors.operations.cancel', 'dataconnectors.operations.delete', 'dataconnectors.operations.get', 'dataconnectors.operations.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.shuffle.read', 'dataflow.shuffle.write', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataflow.streamingWorkItems.ImportState', 'dataflow.streamingWorkItems.commitWork', 'dataflow.streamingWorkItems.getData', 'dataflow.streamingWorkItems.getWork', 'dataflow.streamingWorkItems.getWorkerMetadata', 'dataflow.workItems.lease', 'dataflow.workItems.sendMessage', 'dataflow.workItems.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.writeFile', 'datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.create', 'datafusion.instances.delete', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.instances.restart', 'datafusion.instances.runtime', 'datafusion.instances.update', 'datafusion.instances.upgrade', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.cancel', 'datafusion.operations.delete', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.create', 'datafusion.pipelineConnections.delete', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.update', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'datalabeling.annotateddatasets.delete', 'datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.label', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.create', 'datalabeling.annotationspecsets.delete', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.create', 'datalabeling.datasets.delete', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.import', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.create', 'datalabeling.instructions.delete', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.cancel', 'datalabeling.operations.get', 'datalabeling.operations.list', 'datalineage.events.create', 'datalineage.events.delete', 'datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.operations.get', 'datalineage.processes.create', 'datalineage.processes.delete', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.delete', 'datalineage.runs.get', 'datalineage.runs.list', 'datalineage.runs.update', 'datamigration.connectionprofiles.create', 'datamigration.connectionprofiles.delete', 'datamigration.connectionprofiles.get', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.connectionprofiles.update', 'datamigration.conversionworkspaces.apply', 'datamigration.conversionworkspaces.commit', 'datamigration.conversionworkspaces.convert', 'datamigration.conversionworkspaces.create', 'datamigration.conversionworkspaces.delete', 'datamigration.conversionworkspaces.get', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.conversionworkspaces.rollback', 'datamigration.conversionworkspaces.seed', 'datamigration.conversionworkspaces.update', 'datamigration.locations.fetchStaticIps', 'datamigration.locations.get', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.mappingrules.import', 'datamigration.migrationjobs.create', 'datamigration.migrationjobs.delete', 'datamigration.migrationjobs.demoteDestination', 'datamigration.migrationjobs.generateSshScript', 'datamigration.migrationjobs.generateTcpProxyScript', 'datamigration.migrationjobs.get', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.migrationjobs.promote', 'datamigration.migrationjobs.restart', 'datamigration.migrationjobs.resume', 'datamigration.migrationjobs.start', 'datamigration.migrationjobs.stop', 'datamigration.migrationjobs.update', 'datamigration.migrationjobs.verify', 'datamigration.objects.get', 'datamigration.objects.list', 'datamigration.operations.cancel', 'datamigration.operations.delete', 'datamigration.operations.get', 'datamigration.operations.list', 'datamigration.privateconnections.create', 'datamigration.privateconnections.delete', 'datamigration.privateconnections.get', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datapipelines.jobs.list', 'datapipelines.pipelines.create', 'datapipelines.pipelines.delete', 'datapipelines.pipelines.get', 'datapipelines.pipelines.list', 'datapipelines.pipelines.run', 'datapipelines.pipelines.stop', 'datapipelines.pipelines.update', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.readData', 'dataplex.assets.update', 'dataplex.assets.writeData', 'dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.update', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.update', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.projects.search', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.update', 'dataprep.projects.use', 'dataproc.agents.create', 'dataproc.agents.delete', 'dataproc.agents.get', 'dataproc.agents.list', 'dataproc.agents.update', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.batches.sparkApplicationWrite', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.sparkApplicationWrite', 'dataproc.sessions.terminate', 'dataproc.tasks.lease', 'dataproc.tasks.listInvalidatedLeases', 'dataproc.tasks.reportStatus', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.update', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.datasources.update', 'dataprocessing.featurecontrols.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'dataprocrm.locations.get', 'dataprocrm.locations.list', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.nodes.update', 'dataprocrm.operations.cancel', 'dataprocrm.operations.delete', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'datastream.connectionProfiles.create', 'datastream.connectionProfiles.delete', 'datastream.connectionProfiles.destinationTypes', 'datastream.connectionProfiles.discover', 'datastream.connectionProfiles.get', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listStaticServiceIps', 'datastream.connectionProfiles.listTagBindings', 'datastream.connectionProfiles.sourceTypes', 'datastream.connectionProfiles.update', 'datastream.locations.fetchStaticIps', 'datastream.locations.get', 'datastream.locations.list', 'datastream.objects.get', 'datastream.objects.list', 'datastream.objects.startBackfillJob', 'datastream.objects.stopBackfillJob', 'datastream.operations.cancel', 'datastream.operations.delete', 'datastream.operations.get', 'datastream.operations.list', 'datastream.privateConnections.create', 'datastream.privateConnections.delete', 'datastream.privateConnections.get', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.routes.create', 'datastream.routes.delete', 'datastream.routes.get', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.streams.computeState', 'datastream.streams.create', 'datastream.streams.delete', 'datastream.streams.fetchErrors', 'datastream.streams.get', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'datastream.streams.pause', 'datastream.streams.resume', 'datastream.streams.start', 'datastream.streams.update', 'datastudio.datasources.delete', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.delete', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.delete', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.moveOut', 'datastudio.workspaces.restoreTrash', 'datastudio.workspaces.search', 'datastudio.workspaces.trash', 'datastudio.workspaces.update', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'developerconnect.connections.constructGitHubAppManifest', 'developerconnect.connections.create', 'developerconnect.connections.delete', 'developerconnect.connections.fetchGitHubInstallations', 'developerconnect.connections.fetchLinkableGitRepositories', 'developerconnect.connections.generateGitHubStateToken', 'developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.connections.processGitHubAppCreationCallback', 'developerconnect.connections.processGitHubOAuthCallback', 'developerconnect.connections.update', 'developerconnect.gitRepositoryLinks.create', 'developerconnect.gitRepositoryLinks.delete', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.cancel', 'developerconnect.operations.delete', 'developerconnect.operations.get', 'developerconnect.operations.list', 'dialogflow.agents.create', 'dialogflow.agents.delete', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.import', 'dialogflow.agents.list', 'dialogflow.agents.restore', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.agents.train', 'dialogflow.agents.update', 'dialogflow.agents.validate', 'dialogflow.answerrecords.delete', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.answerrecords.update', 'dialogflow.callMatchers.create', 'dialogflow.callMatchers.delete', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversationDatasets.create', 'dialogflow.conversationDatasets.delete', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.import', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.create', 'dialogflow.conversationModels.delete', 'dialogflow.conversationModels.deploy', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationModels.undeploy', 'dialogflow.conversationProfiles.create', 'dialogflow.conversationProfiles.delete', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversationProfiles.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.create', 'dialogflow.documents.delete', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.encryptionspec.update', 'dialogflow.entityTypes.create', 'dialogflow.entityTypes.createEntity', 'dialogflow.entityTypes.delete', 'dialogflow.entityTypes.deleteEntity', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.entityTypes.update', 'dialogflow.entityTypes.updateEntity', 'dialogflow.environments.create', 'dialogflow.environments.delete', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.environments.runContinuousTest', 'dialogflow.environments.update', 'dialogflow.examples.create', 'dialogflow.examples.delete', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.examples.update', 'dialogflow.experiments.create', 'dialogflow.experiments.delete', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.experiments.update', 'dialogflow.flows.create', 'dialogflow.flows.delete', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.flows.train', 'dialogflow.flows.update', 'dialogflow.flows.validate', 'dialogflow.fulfillments.get', 'dialogflow.fulfillments.update', 'dialogflow.generators.create', 'dialogflow.generators.delete', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.generators.update', 'dialogflow.integrations.create', 'dialogflow.integrations.delete', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.integrations.update', 'dialogflow.intents.create', 'dialogflow.intents.delete', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.intents.update', 'dialogflow.knowledgeBases.create', 'dialogflow.knowledgeBases.delete', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.knowledgeBases.update', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.create', 'dialogflow.pages.delete', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.pages.update', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.phoneNumberOrders.cancel', 'dialogflow.phoneNumberOrders.create', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumberOrders.update', 'dialogflow.phoneNumbers.delete', 'dialogflow.phoneNumbers.list', 'dialogflow.phoneNumbers.undelete', 'dialogflow.phoneNumbers.update', 'dialogflow.playbooks.create', 'dialogflow.playbooks.delete', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.playbooks.update', 'dialogflow.securitySettings.create', 'dialogflow.securitySettings.delete', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.securitySettings.update', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent', 'dialogflow.smartMessagingEntries.create', 'dialogflow.smartMessagingEntries.delete', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.create', 'dialogflow.testcases.delete', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.import', 'dialogflow.testcases.list', 'dialogflow.testcases.run', 'dialogflow.testcases.update', 'dialogflow.tools.create', 'dialogflow.tools.delete', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.tools.update', 'dialogflow.transitionRouteGroups.create', 'dialogflow.transitionRouteGroups.delete', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.transitionRouteGroups.update', 'dialogflow.versions.create', 'dialogflow.versions.delete', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.versions.load', 'dialogflow.versions.update', 'dialogflow.webhooks.create', 'dialogflow.webhooks.delete', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'dialogflow.webhooks.update', 'discoveryengine.aclConfigs.get', 'discoveryengine.aclConfigs.update', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.cmekConfigs.update', 'discoveryengine.collections.delete', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.completionConfigs.update', 'discoveryengine.controls.create', 'discoveryengine.controls.delete', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.controls.update', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.create', 'discoveryengine.conversations.delete', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.conversations.update', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.create', 'discoveryengine.dataStores.delete', 'discoveryengine.dataStores.enrollSolutions', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.dataStores.trainCustomModel', 'discoveryengine.dataStores.update', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documentProcessingConfigs.update', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.create', 'discoveryengine.documents.delete', 'discoveryengine.documents.get', 'discoveryengine.documents.import', 'discoveryengine.documents.list', 'discoveryengine.documents.purge', 'discoveryengine.documents.update', 'discoveryengine.engines.create', 'discoveryengine.engines.delete', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.engines.pause', 'discoveryengine.engines.resume', 'discoveryengine.engines.tune', 'discoveryengine.engines.update', 'discoveryengine.evaluations.create', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.locations.estimateDataSize', 'discoveryengine.models.create', 'discoveryengine.models.delete', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.models.pause', 'discoveryengine.models.resume', 'discoveryengine.models.tune', 'discoveryengine.models.update', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.projects.provision', 'discoveryengine.projects.reportConsentChange', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.create', 'discoveryengine.sampleQueries.delete', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.import', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQueries.update', 'discoveryengine.sampleQuerySets.create', 'discoveryengine.sampleQuerySets.delete', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.sampleQuerySets.update', 'discoveryengine.schemas.create', 'discoveryengine.schemas.delete', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.update', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.create', 'discoveryengine.servingConfigs.delete', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.servingConfigs.update', 'discoveryengine.sessions.create', 'discoveryengine.sessions.delete', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.sessions.update', 'discoveryengine.siteSearchEngines.batchVerifyTargetSites', 'discoveryengine.siteSearchEngines.disableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.enableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.fetchDomainVerificationStatus', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.siteSearchEngines.recrawlUris', 'discoveryengine.suggestionDenyListEntries.import', 'discoveryengine.suggestionDenyListEntries.purge', 'discoveryengine.targetSites.batchCreate', 'discoveryengine.targetSites.create', 'discoveryengine.targetSites.delete', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.targetSites.update', 'discoveryengine.userEvents.create', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.userEvents.import', 'discoveryengine.userEvents.purge', 'discoveryengine.widgetConfigs.get', 'discoveryengine.widgetConfigs.update', 'dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update', 'dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update', 'dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update', 'dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'documentai.dataLabelingJobs.cancel', 'documentai.dataLabelingJobs.create', 'documentai.dataLabelingJobs.delete', 'documentai.dataLabelingJobs.list', 'documentai.dataLabelingJobs.update', 'documentai.datasetSchemas.get', 'documentai.datasetSchemas.update', 'documentai.datasets.createDocuments', 'documentai.datasets.deleteDocuments', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.datasets.update', 'documentai.datasets.updateDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.create', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.humanReviewConfigs.update', 'documentai.labelerPools.create', 'documentai.labelerPools.delete', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.labelerPools.update', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.create', 'documentai.processorVersions.delete', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processorVersions.update', 'documentai.processors.create', 'documentai.processors.delete', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'documentai.processors.update', 'domains.locations.get', 'domains.locations.list', 'domains.operations.cancel', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.configureContact', 'domains.registrations.configureDns', 'domains.registrations.configureManagement', 'domains.registrations.create', 'domains.registrations.delete', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'domains.registrations.update', 'earthengine.assets.create', 'earthengine.assets.delete', 'earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.assets.update', 'earthengine.computations.create', 'earthengine.config.get', 'earthengine.config.update', 'earthengine.exports.create', 'earthengine.featureviews.create', 'earthengine.filmstripthumbnails.create', 'earthengine.filmstripthumbnails.get', 'earthengine.imports.create', 'earthengine.maps.create', 'earthengine.maps.get', 'earthengine.operations.delete', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.operations.update', 'earthengine.tables.create', 'earthengine.tables.get', 'earthengine.thumbnails.create', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.create', 'earthengine.videothumbnails.get', 'edgecontainer.clusters.create', 'edgecontainer.clusters.delete', 'edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.clusters.update', 'edgecontainer.clusters.upgrade', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.create', 'edgecontainer.machines.delete', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.update', 'edgecontainer.machines.use', 'edgecontainer.nodePools.create', 'edgecontainer.nodePools.delete', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.nodePools.update', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.vpnConnections.create', 'edgecontainer.vpnConnections.delete', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.vpnConnections.update', 'edgenetwork.interconnectAttachments.create', 'edgenetwork.interconnectAttachments.delete', 'edgenetwork.interconnectAttachments.get', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnectAttachments.update', 'edgenetwork.interconnects.get', 'edgenetwork.interconnects.getDiagnostics', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.locations.get', 'edgenetwork.locations.list', 'edgenetwork.networks.create', 'edgenetwork.networks.delete', 'edgenetwork.networks.get', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.getStatus', 'edgenetwork.networks.list', 'edgenetwork.networks.update', 'edgenetwork.operations.cancel', 'edgenetwork.operations.delete', 'edgenetwork.operations.get', 'edgenetwork.operations.list', 'edgenetwork.routers.create', 'edgenetwork.routers.delete', 'edgenetwork.routers.get', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.getRouterStatus', 'edgenetwork.routers.list', 'edgenetwork.routers.patch', 'edgenetwork.routers.update', 'edgenetwork.routes.create', 'edgenetwork.routes.delete', 'edgenetwork.routes.get', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.create', 'edgenetwork.subnetworks.delete', 'edgenetwork.subnetworks.get', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.getStatus', 'edgenetwork.subnetworks.list', 'edgenetwork.subnetworks.update', 'edgenetwork.zones.get', 'edgenetwork.zones.initialize', 'edgenetwork.zones.list', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.cancel', 'enterpriseknowledgegraph.entityReconciliationJobs.create', 'enterpriseknowledgegraph.entityReconciliationJobs.delete', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'enterprisepurchasing.gcveCuds.create', 'enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.cancel', 'enterprisepurchasing.operations.delete', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.create', 'errorreporting.errorEvents.delete', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groupMetadata.update', 'errorreporting.groups.list', 'essentialcontacts.contacts.create', 'essentialcontacts.contacts.delete', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'essentialcontacts.contacts.send', 'essentialcontacts.contacts.update', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'fcmdata.deliverydata.list', 'file.backups.create', 'file.backups.delete', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.delete', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.delete', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update', 'financialservices.locations.get', 'financialservices.locations.list', 'financialservices.operations.cancel', 'financialservices.operations.delete', 'financialservices.operations.get', 'financialservices.operations.list', 'financialservices.v1backtests.create', 'financialservices.v1backtests.delete', 'financialservices.v1backtests.exportMetadata', 'financialservices.v1backtests.get', 'financialservices.v1backtests.list', 'financialservices.v1backtests.update', 'financialservices.v1datasets.create', 'financialservices.v1datasets.delete', 'financialservices.v1datasets.get', 'financialservices.v1datasets.list', 'financialservices.v1datasets.update', 'financialservices.v1engineconfigs.create', 'financialservices.v1engineconfigs.delete', 'financialservices.v1engineconfigs.exportMetadata', 'financialservices.v1engineconfigs.get', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineconfigs.update', 'financialservices.v1engineversions.get', 'financialservices.v1engineversions.list', 'financialservices.v1instances.create', 'financialservices.v1instances.delete', 'financialservices.v1instances.exportRegisteredParties', 'financialservices.v1instances.get', 'financialservices.v1instances.importRegisteredParties', 'financialservices.v1instances.list', 'financialservices.v1instances.update', 'financialservices.v1models.create', 'financialservices.v1models.delete', 'financialservices.v1models.exportMetadata', 'financialservices.v1models.get', 'financialservices.v1models.list', 'financialservices.v1models.update', 'financialservices.v1predictions.create', 'financialservices.v1predictions.delete', 'financialservices.v1predictions.exportMetadata', 'financialservices.v1predictions.get', 'financialservices.v1predictions.list', 'financialservices.v1predictions.update', 'firebase.billingPlans.get', 'firebase.clients.create', 'firebase.clients.delete', 'firebase.clients.get', 'firebase.clients.list', 'firebase.clients.undelete', 'firebase.clients.update', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebase.projects.update', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.create', 'firebaseabt.experiments.delete', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.experiments.update', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update', 'firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'firebasecrash.issues.update', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.config.update', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.issues.update', 'firebasecrashlytics.sessions.get', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.create', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.domains.update', 'firebasedynamiclinks.links.create', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.links.update', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.list', 'firebaseextensionspublisher.extensions.create', 'firebaseextensionspublisher.extensions.delete', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'firebaseinappmessaging.campaigns.create', 'firebaseinappmessaging.campaigns.delete', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebaseinappmessaging.campaigns.update', 'firebasemessagingcampaigns.campaigns.create', 'firebasemessagingcampaigns.campaigns.delete', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasemessagingcampaigns.campaigns.start', 'firebasemessagingcampaigns.campaigns.stop', 'firebasemessagingcampaigns.campaigns.update', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'firebaseperformance.config.update', 'firebaseperformance.data.get', 'firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'firebasestorage.buckets.addFirebase', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.buckets.removeFirebase', 'firebasestorage.defaultBucket.create', 'firebasestorage.defaultBucket.delete', 'firebasestorage.defaultBucket.get', 'fleetengine.deliveryvehicles.allowAllActions', 'fleetengine.deliveryvehicles.create', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.deliveryvehicles.update', 'fleetengine.deliveryvehicles.updateLocation', 'fleetengine.deliveryvehicles.updateVehicleStops', 'fleetengine.tasks.allowAllActions', 'fleetengine.tasks.create', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasks.update', 'fleetengine.tasktrackinginfo.allowAllActions', 'fleetengine.tasktrackinginfo.get', 'fleetengine.trips.allowAllActions', 'fleetengine.trips.create', 'fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.trips.update', 'fleetengine.trips.updateState', 'fleetengine.vehicles.allowAllActions', 'fleetengine.vehicles.create', 'fleetengine.vehicles.get', 'fleetengine.vehicles.list', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed', 'fleetengine.vehicles.update', 'fleetengine.vehicles.updateLocation', 'gcp.redisenterprise.com/databases.create', 'gcp.redisenterprise.com/databases.delete', 'gcp.redisenterprise.com/databases.get', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/databases.update', 'gcp.redisenterprise.com/subscriptions.create', 'gcp.redisenterprise.com/subscriptions.delete', 'gcp.redisenterprise.com/subscriptions.get', 'gcp.redisenterprise.com/subscriptions.list', 'gcp.redisenterprise.com/subscriptions.update', 'gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.create', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.create', 'gdchardwaremanagement.hardware.delete', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardware.update', 'gdchardwaremanagement.hardwareGroups.create', 'gdchardwaremanagement.hardwareGroups.delete', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.hardwareGroups.update', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.cancel', 'gdchardwaremanagement.operations.delete', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.create', 'gdchardwaremanagement.orders.delete', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.orders.submit', 'gdchardwaremanagement.orders.update', 'gdchardwaremanagement.sites.create', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.sites.update', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.create', 'gdchardwaremanagement.zones.delete', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'gdchardwaremanagement.zones.update', 'genomics.datasets.create', 'genomics.datasets.delete', 'genomics.datasets.get', 'genomics.datasets.list', 'genomics.datasets.update', 'genomics.operations.cancel', 'genomics.operations.create', 'genomics.operations.get', 'genomics.operations.list', 'gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.cancel', 'gkebackup.operations.delete', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.gateway.stream', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.create', 'gkeonprem.bareMetalAdminClusters.enroll', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.queryVersionConfig', 'gkeonprem.bareMetalAdminClusters.unenroll', 'gkeonprem.bareMetalAdminClusters.update', 'gkeonprem.bareMetalClusters.create', 'gkeonprem.bareMetalClusters.delete', 'gkeonprem.bareMetalClusters.enroll', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.queryVersionConfig', 'gkeonprem.bareMetalClusters.unenroll', 'gkeonprem.bareMetalClusters.update', 'gkeonprem.bareMetalNodePools.create', 'gkeonprem.bareMetalNodePools.delete', 'gkeonprem.bareMetalNodePools.enroll', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.bareMetalNodePools.unenroll', 'gkeonprem.bareMetalNodePools.update', 'gkeonprem.locations.get', 'gkeonprem.locations.list', 'gkeonprem.operations.cancel', 'gkeonprem.operations.delete', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.enroll', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareAdminClusters.unenroll', 'gkeonprem.vmwareAdminClusters.update', 'gkeonprem.vmwareClusters.create', 'gkeonprem.vmwareClusters.delete', 'gkeonprem.vmwareClusters.enroll', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.queryVersionConfig', 'gkeonprem.vmwareClusters.unenroll', 'gkeonprem.vmwareClusters.update', 'gkeonprem.vmwareNodePools.create', 'gkeonprem.vmwareNodePools.delete', 'gkeonprem.vmwareNodePools.enroll', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gkeonprem.vmwareNodePools.unenroll', 'gkeonprem.vmwareNodePools.update', 'gsuiteaddons.authorizations.get', 'gsuiteaddons.deployments.create', 'gsuiteaddons.deployments.delete', 'gsuiteaddons.deployments.execute', 'gsuiteaddons.deployments.get', 'gsuiteaddons.deployments.install', 'gsuiteaddons.deployments.installStatus', 'gsuiteaddons.deployments.list', 'gsuiteaddons.deployments.uninstall', 'gsuiteaddons.deployments.update', 'healthcare.annotationStores.create', 'healthcare.annotationStores.delete', 'healthcare.annotationStores.evaluate', 'healthcare.annotationStores.export', 'healthcare.annotationStores.get', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.import', 'healthcare.annotationStores.list', 'healthcare.annotationStores.update', 'healthcare.annotations.create', 'healthcare.annotations.delete', 'healthcare.annotations.get', 'healthcare.annotations.list', 'healthcare.annotations.update', 'healthcare.attributeDefinitions.create', 'healthcare.attributeDefinitions.delete', 'healthcare.attributeDefinitions.get', 'healthcare.attributeDefinitions.list', 'healthcare.attributeDefinitions.update', 'healthcare.consentArtifacts.create', 'healthcare.consentArtifacts.delete', 'healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.create', 'healthcare.consentStores.delete', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consentStores.update', 'healthcare.consents.activate', 'healthcare.consents.create', 'healthcare.consents.delete', 'healthcare.consents.get', 'healthcare.consents.list', 'healthcare.consents.reject', 'healthcare.consents.revoke', 'healthcare.consents.update', 'healthcare.datasets.create', 'healthcare.datasets.deidentify', 'healthcare.datasets.delete', 'healthcare.datasets.get', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.datasets.update', 'healthcare.dicomStores.create', 'healthcare.dicomStores.deidentify', 'healthcare.dicomStores.delete', 'healthcare.dicomStores.dicomWebDelete', 'healthcare.dicomStores.dicomWebRead', 'healthcare.dicomStores.dicomWebWrite', 'healthcare.dicomStores.export', 'healthcare.dicomStores.get', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.import', 'healthcare.dicomStores.list', 'healthcare.dicomStores.update', 'healthcare.fhirResources.create', 'healthcare.fhirResources.delete', 'healthcare.fhirResources.get', 'healthcare.fhirResources.patch', 'healthcare.fhirResources.purge', 'healthcare.fhirResources.translateConceptMap', 'healthcare.fhirResources.update', 'healthcare.fhirStores.applyConsents', 'healthcare.fhirStores.configureSearch', 'healthcare.fhirStores.create', 'healthcare.fhirStores.deidentify', 'healthcare.fhirStores.delete', 'healthcare.fhirStores.executeBundle', 'healthcare.fhirStores.explainDataAccess', 'healthcare.fhirStores.export', 'healthcare.fhirStores.get', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.import', 'healthcare.fhirStores.list', 'healthcare.fhirStores.rollback', 'healthcare.fhirStores.searchResources', 'healthcare.fhirStores.update', 'healthcare.hl7V2Messages.create', 'healthcare.hl7V2Messages.delete', 'healthcare.hl7V2Messages.get', 'healthcare.hl7V2Messages.ingest', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Messages.update', 'healthcare.hl7V2Stores.create', 'healthcare.hl7V2Stores.delete', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.import', 'healthcare.hl7V2Stores.list', 'healthcare.hl7V2Stores.rollback', 'healthcare.hl7V2Stores.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.nlpservice.analyzeEntities', 'healthcare.operations.cancel', 'healthcare.operations.get', 'healthcare.operations.list', 'healthcare.userDataMappings.archive', 'healthcare.userDataMappings.create', 'healthcare.userDataMappings.delete', 'healthcare.userDataMappings.get', 'healthcare.userDataMappings.list', 'healthcare.userDataMappings.update', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.googleapis.com/oauthClientCredentials.get', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClients.get', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.searchPolicyBindings', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.get', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviders.get', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.get', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.googleapis.com/workspacePools.searchPolicyBindings', 'iam.policybindings.get', 'iam.policybindings.list', 'iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.searchPolicyBindings', 'iam.roles.get', 'iam.roles.list', 'iam.serviceAccountKeys.create', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.disable', 'iam.serviceAccountKeys.enable', 'iam.serviceAccountKeys.get', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.enable', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'iam.serviceAccounts.update', 'iam.workloadIdentityPools.searchPolicyBindings', 'iap.projects.getSettings', 'iap.projects.updateSettings', 'iap.tunnelDestGroups.create', 'iap.tunnelDestGroups.delete', 'iap.tunnelDestGroups.get', 'iap.tunnelDestGroups.list', 'iap.tunnelDestGroups.update', 'iap.web.getSettings', 'iap.web.updateSettings', 'iap.webServiceVersions.getSettings', 'iap.webServiceVersions.updateSettings', 'iap.webServices.getSettings', 'iap.webServices.updateSettings', 'iap.webTypes.getSettings', 'iap.webTypes.updateSettings', 'identitytoolkit.tenants.create', 'identitytoolkit.tenants.delete', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.update', 'ids.endpoints.create', 'ids.endpoints.delete', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.update', 'ids.locations.get', 'ids.locations.list', 'ids.operations.cancel', 'ids.operations.delete', 'ids.operations.get', 'ids.operations.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.securityAuthConfigs.create', 'integrations.securityAuthConfigs.delete', 'integrations.securityAuthConfigs.get', 'integrations.securityAuthConfigs.list', 'integrations.securityAuthConfigs.update', 'integrations.securityExecutions.cancel', 'integrations.securityExecutions.get', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.create', 'integrations.securityIntegTempVers.get', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.create', 'integrations.securityIntegrationVers.delete', 'integrations.securityIntegrationVers.deploy', 'integrations.securityIntegrationVers.get', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrationVers.update', 'integrations.securityIntegrations.invoke', 'integrations.securityIntegrations.list', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'issuerswitch.accountManagerTransactions.list', 'issuerswitch.accountManagerTransactions.update', 'issuerswitch.complaintTransactions.list', 'issuerswitch.complaints.create', 'issuerswitch.complaints.resolve', 'issuerswitch.disputes.create', 'issuerswitch.disputes.resolve', 'issuerswitch.financialTransactions.list', 'issuerswitch.issuerParticipants.get', 'issuerswitch.issuerParticipants.update', 'issuerswitch.managedAccounts.get', 'issuerswitch.managedAccounts.update', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.cancel', 'issuerswitch.operations.delete', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'issuerswitch.operations.wait', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.create', 'issuerswitch.ruleMetadataValues.delete', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'krmapihosting.krmApiHosts.create', 'krmapihosting.krmApiHosts.delete', 'krmapihosting.krmApiHosts.get', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.krmApiHosts.update', 'krmapihosting.locations.get', 'krmapihosting.locations.list', 'krmapihosting.operations.cancel', 'krmapihosting.operations.delete', 'krmapihosting.operations.get', 'krmapihosting.operations.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run', 'livestream.assets.create', 'livestream.assets.delete', 'livestream.assets.get', 'livestream.assets.list', 'livestream.channels.create', 'livestream.channels.delete', 'livestream.channels.get', 'livestream.channels.list', 'livestream.channels.start', 'livestream.channels.stop', 'livestream.channels.update', 'livestream.clips.create', 'livestream.clips.delete', 'livestream.clips.get', 'livestream.clips.list', 'livestream.events.create', 'livestream.events.delete', 'livestream.events.get', 'livestream.events.list', 'livestream.inputs.create', 'livestream.inputs.delete', 'livestream.inputs.get', 'livestream.inputs.list', 'livestream.inputs.update', 'livestream.locations.get', 'livestream.locations.list', 'livestream.operations.cancel', 'livestream.operations.delete', 'livestream.operations.get', 'livestream.operations.list', 'livestream.pools.get', 'livestream.pools.update', 'logging.buckets.copyLogEntries', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.delete', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.get', 'logging.sinks.list', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.usage.get', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'logging.views.update', 'looker.backups.create', 'looker.backups.delete', 'looker.backups.get', 'looker.backups.list', 'looker.instances.create', 'looker.instances.delete', 'looker.instances.export', 'looker.instances.get', 'looker.instances.import', 'looker.instances.list', 'looker.instances.login', 'looker.instances.update', 'looker.locations.get', 'looker.locations.list', 'looker.operations.cancel', 'looker.operations.delete', 'looker.operations.get', 'looker.operations.list', 'managedflink.deployments.create', 'managedflink.deployments.delete', 'managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.deployments.update', 'managedflink.jobs.create', 'managedflink.jobs.delete', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.jobs.update', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.cancel', 'managedflink.operations.delete', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.create', 'managedflink.sessions.delete', 'managedflink.sessions.get', 'managedflink.sessions.list', 'managedflink.sessions.update', 'managedidentities.backups.create', 'managedidentities.backups.delete', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.update', 'managedidentities.domains.attachTrust', 'managedidentities.domains.checkMigrationPermission', 'managedidentities.domains.create', 'managedidentities.domains.delete', 'managedidentities.domains.detachTrust', 'managedidentities.domains.disableMigration', 'managedidentities.domains.domainJoinMachine', 'managedidentities.domains.enableMigration', 'managedidentities.domains.extendSchema', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.domains.reconfigureTrust', 'managedidentities.domains.resetpassword', 'managedidentities.domains.restore', 'managedidentities.domains.update', 'managedidentities.domains.updateLDAPSSettings', 'managedidentities.domains.validateTrust', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.cancel', 'managedidentities.operations.delete', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.create', 'managedidentities.peerings.delete', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.peerings.update', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'managedkafka.clusters.connect', 'managedkafka.clusters.create', 'managedkafka.clusters.delete', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.clusters.update', 'managedkafka.consumerGroups.delete', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.consumerGroups.update', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.cancel', 'managedkafka.operations.delete', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.create', 'managedkafka.topics.delete', 'managedkafka.topics.get', 'managedkafka.topics.list', 'managedkafka.topics.update', 'mandiant.genericAttackSurfaceManagements.create', 'mandiant.genericAttackSurfaceManagements.delete', 'mandiant.genericAttackSurfaceManagements.get', 'mandiant.genericAttackSurfaceManagements.update', 'mandiant.genericDigitalThreatMonitorings.create', 'mandiant.genericDigitalThreatMonitorings.get', 'mandiant.genericDigitalThreatMonitorings.update', 'mandiant.genericExpertiseOnDemands.create', 'mandiant.genericExpertiseOnDemands.delete', 'mandiant.genericExpertiseOnDemands.get', 'mandiant.genericExpertiseOnDemands.update', 'mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.get', 'mandiant.genericPlatforms.update', 'mandiant.genericThreatIntels.create', 'mandiant.genericThreatIntels.delete', 'mandiant.genericThreatIntels.get', 'mandiant.genericThreatIntels.update', 'mandiant.genericValidations.create', 'mandiant.genericValidations.delete', 'mandiant.genericValidations.get', 'mandiant.genericValidations.update', 'mapsadmin.clientMaps.create', 'mapsadmin.clientMaps.delete', 'mapsadmin.clientMaps.get', 'mapsadmin.clientMaps.list', 'mapsadmin.clientMaps.update', 'mapsadmin.clientStyleActivationRules.update', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyleSheetSnapshots.update', 'mapsadmin.clientStyles.create', 'mapsadmin.clientStyles.delete', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.clientStyles.update', 'mapsadmin.styleEditorConfigs.get', 'mapsadmin.styleSnapshots.list', 'mapsadmin.styleSnapshots.update', 'mapsplatformdatasets.datasets.create', 'mapsplatformdatasets.datasets.delete', 'mapsplatformdatasets.datasets.export', 'mapsplatformdatasets.datasets.get', 'mapsplatformdatasets.datasets.import', 'mapsplatformdatasets.datasets.list', 'mapsplatformdatasets.datasets.update', 'marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.cancel', 'marketplacesolutions.operations.delete', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.applyPowerAction', 'marketplacesolutions.powerInstances.create', 'marketplacesolutions.powerInstances.delete', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerInstances.reset', 'marketplacesolutions.powerInstances.update', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'memcache.instances.applyParameters', 'memcache.instances.applySoftwareUpdate', 'memcache.instances.create', 'memcache.instances.delete', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.rescheduleMaintenance', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.instances.upgrade', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'memorystore.instances.connect', 'memorystore.instances.create', 'memorystore.instances.delete', 'memorystore.instances.get', 'memorystore.instances.list', 'memorystore.instances.update', 'memorystore.locations.get', 'memorystore.locations.list', 'memorystore.operations.cancel', 'memorystore.operations.delete', 'memorystore.operations.get', 'memorystore.operations.list', 'meshconfig.projects.init', 'metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.use', 'metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.update', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.federations.update', 'metastore.federations.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'metastore.services.update', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.update', 'migrationcenter.assets.create', 'migrationcenter.assets.delete', 'migrationcenter.assets.get', 'migrationcenter.assets.list', 'migrationcenter.assets.reportFrames', 'migrationcenter.assets.update', 'migrationcenter.discoveryClients.create', 'migrationcenter.discoveryClients.delete', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.list', 'migrationcenter.discoveryClients.sendHeartbeat', 'migrationcenter.discoveryClients.update', 'migrationcenter.errorFrames.get', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.create', 'migrationcenter.groups.delete', 'migrationcenter.groups.get', 'migrationcenter.groups.list', 'migrationcenter.groups.update', 'migrationcenter.importDataFiles.create', 'migrationcenter.importDataFiles.delete', 'migrationcenter.importDataFiles.get', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.create', 'migrationcenter.importJobs.delete', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.importJobs.update', 'migrationcenter.locations.get', 'migrationcenter.locations.list', 'migrationcenter.operations.cancel', 'migrationcenter.operations.delete', 'migrationcenter.operations.get', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.create', 'migrationcenter.preferenceSets.delete', 'migrationcenter.preferenceSets.get', 'migrationcenter.preferenceSets.list', 'migrationcenter.preferenceSets.update', 'migrationcenter.relations.get', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.create', 'migrationcenter.reportConfigs.delete', 'migrationcenter.reportConfigs.get', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.create', 'migrationcenter.reports.delete', 'migrationcenter.reports.get', 'migrationcenter.reports.list', 'migrationcenter.settings.get', 'migrationcenter.settings.update', 'migrationcenter.sources.create', 'migrationcenter.sources.delete', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'migrationcenter.sources.update', 'ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.notificationChannels.sendVerificationCode', 'monitoring.notificationChannels.update', 'monitoring.notificationChannels.verify', 'monitoring.services.create', 'monitoring.services.delete', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.services.update', 'monitoring.slos.create', 'monitoring.slos.delete', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.slos.update', 'monitoring.snoozes.create', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.snoozes.update', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'monitoring.uptimeCheckConfigs.update', 'nestconsole.smarthomePreviews.update', 'nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeProjects.update', 'nestconsole.smarthomeVersions.create', 'nestconsole.smarthomeVersions.get', 'nestconsole.smarthomeVersions.submit', 'netapp.activeDirectories.create', 'netapp.activeDirectories.delete', 'netapp.activeDirectories.get', 'netapp.activeDirectories.list', 'netapp.activeDirectories.update', 'netapp.backupPolicies.create', 'netapp.backupPolicies.delete', 'netapp.backupPolicies.get', 'netapp.backupPolicies.list', 'netapp.backupPolicies.update', 'netapp.backupVaults.create', 'netapp.backupVaults.delete', 'netapp.backupVaults.get', 'netapp.backupVaults.list', 'netapp.backupVaults.update', 'netapp.backups.create', 'netapp.backups.delete', 'netapp.backups.get', 'netapp.backups.list', 'netapp.backups.update', 'netapp.kmsConfigs.create', 'netapp.kmsConfigs.delete', 'netapp.kmsConfigs.encrypt', 'netapp.kmsConfigs.get', 'netapp.kmsConfigs.list', 'netapp.kmsConfigs.update', 'netapp.kmsConfigs.verify', 'netapp.locations.get', 'netapp.locations.list', 'netapp.operations.cancel', 'netapp.operations.delete', 'netapp.operations.get', 'netapp.operations.list', 'netapp.replications.create', 'netapp.replications.delete', 'netapp.replications.establishPeering', 'netapp.replications.get', 'netapp.replications.list', 'netapp.replications.resume', 'netapp.replications.reverse', 'netapp.replications.stop', 'netapp.replications.sync', 'netapp.replications.update', 'netapp.snapshots.create', 'netapp.snapshots.delete', 'netapp.snapshots.get', 'netapp.snapshots.list', 'netapp.snapshots.update', 'netapp.storagePools.create', 'netapp.storagePools.delete', 'netapp.storagePools.get', 'netapp.storagePools.list', 'netapp.storagePools.switch', 'netapp.storagePools.update', 'netapp.volumes.create', 'netapp.volumes.delete', 'netapp.volumes.get', 'netapp.volumes.list', 'netapp.volumes.revert', 'netapp.volumes.update', 'networkconnectivity.groups.acceptSpoke', 'networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.groups.rejectSpoke', 'networkconnectivity.groups.use', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.create', 'networkconnectivity.hubs.delete', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.hubs.update', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.update', 'networkmanagement.connectivitytests.create', 'networkmanagement.connectivitytests.delete', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.connectivitytests.rerun', 'networkmanagement.connectivitytests.update', 'networkmanagement.locations.get', 'networkmanagement.locations.list', 'networkmanagement.operations.cancel', 'networkmanagement.operations.delete', 'networkmanagement.operations.get', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.create', 'networkmanagement.vpcflowlogsconfigs.delete', 'networkmanagement.vpcflowlogsconfigs.get', 'networkmanagement.vpcflowlogsconfigs.list', 'networkmanagement.vpcflowlogsconfigs.update', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.mirroringDeploymentGroups.create', 'networksecurity.mirroringDeploymentGroups.delete', 'networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeploymentGroups.update', 'networksecurity.mirroringDeploymentGroups.use', 'networksecurity.mirroringDeployments.create', 'networksecurity.mirroringDeployments.delete', 'networksecurity.mirroringDeployments.get', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringDeployments.update', 'networksecurity.mirroringEndpointGroupAssociations.create', 'networksecurity.mirroringEndpointGroupAssociations.delete', 'networksecurity.mirroringEndpointGroupAssociations.get', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroupAssociations.update', 'networksecurity.mirroringEndpointGroups.create', 'networksecurity.mirroringEndpointGroups.delete', 'networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.mirroringEndpointGroups.update', 'networksecurity.mirroringEndpointGroups.use', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'oauthconfig.clientpolicy.get', 'oauthconfig.testusers.get', 'oauthconfig.testusers.update', 'oauthconfig.verification.get', 'oauthconfig.verification.submit', 'oauthconfig.verification.update', 'observability.scopes.get', 'observability.scopes.update', 'ondemandscanning.operations.cancel', 'ondemandscanning.operations.delete', 'ondemandscanning.operations.get', 'ondemandscanning.operations.list', 'ondemandscanning.operations.wait', 'ondemandscanning.scans.analyzePackages', 'ondemandscanning.scans.listVulnerabilities', 'ondemandscanning.scans.scan', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'oracledatabase.autonomousDatabaseBackups.create', 'oracledatabase.autonomousDatabaseBackups.delete', 'oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.create', 'oracledatabase.autonomousDatabases.delete', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDatabases.restore', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.create', 'oracledatabase.cloudExadataInfrastructures.delete', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudExadataInfrastructures.update', 'oracledatabase.cloudExadataInfrastructures.use', 'oracledatabase.cloudVmClusters.create', 'oracledatabase.cloudVmClusters.delete', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.cloudVmClusters.update', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'orgpolicy.constraints.list', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'osconfig.guestPolicies.create', 'osconfig.guestPolicies.delete', 'osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.guestPolicies.update', 'osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.get', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'osconfig.osPolicyAssignments.create', 'osconfig.osPolicyAssignments.delete', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.osPolicyAssignments.update', 'osconfig.patchDeployments.create', 'osconfig.patchDeployments.delete', 'osconfig.patchDeployments.execute', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchDeployments.pause', 'osconfig.patchDeployments.resume', 'osconfig.patchDeployments.update', 'osconfig.patchJobs.exec', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list', 'paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'paymentsresellersubscription.subscriptions.cancel', 'paymentsresellersubscription.subscriptions.extend', 'paymentsresellersubscription.subscriptions.get', 'paymentsresellersubscription.subscriptions.provision', 'paymentsresellersubscription.subscriptions.undoCancel', 'policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query', 'policyremediatormanager.locations.get', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.cancel', 'policyremediatormanager.operations.delete', 'policyremediatormanager.operations.get', 'policyremediatormanager.operations.list', 'policyremediatormanager.remediatorServices.disable', 'policyremediatormanager.remediatorServices.enable', 'policyremediatormanager.remediatorServices.get', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.create', 'policysimulator.orgPolicyViolationsPreviews.get', 'policysimulator.orgPolicyViolationsPreviews.list', 'policysimulator.replayResults.list', 'policysimulator.replays.get', 'policysimulator.replays.list', 'privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.update', 'privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'proximitybeacon.attachments.create', 'proximitybeacon.attachments.delete', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.attach', 'proximitybeacon.beacons.create', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.update', 'proximitybeacon.namespaces.create', 'proximitybeacon.namespaces.delete', 'proximitybeacon.namespaces.get', 'proximitybeacon.namespaces.list', 'proximitybeacon.namespaces.update', 'publicca.externalAccountKeys.create', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.attachTopic', 'pubsublite.reservations.create', 'pubsublite.reservations.delete', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.reservations.update', 'pubsublite.subscriptions.create', 'pubsublite.subscriptions.delete', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.subscriptions.seek', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.subscriptions.update', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.create', 'pubsublite.topics.delete', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions', 'pubsublite.topics.publish', 'pubsublite.topics.subscribe', 'pubsublite.topics.update', 'readerrevenuesubscriptionlinking.readerEntitlements.get', 'readerrevenuesubscriptionlinking.readerEntitlements.update', 'readerrevenuesubscriptionlinking.readers.delete', 'readerrevenuesubscriptionlinking.readers.get', 'recaptchaenterprise.assessments.annotate', 'recaptchaenterprise.assessments.create', 'recaptchaenterprise.firewallpolicies.create', 'recaptchaenterprise.firewallpolicies.delete', 'recaptchaenterprise.firewallpolicies.get', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.firewallpolicies.update', 'recaptchaenterprise.keys.create', 'recaptchaenterprise.keys.delete', 'recaptchaenterprise.keys.get', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.keys.retrievelegacysecretkey', 'recaptchaenterprise.keys.update', 'recaptchaenterprise.metrics.get', 'recaptchaenterprise.projectmetadata.get', 'recaptchaenterprise.projectmetadata.update', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewInsights.update', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryMaterializedViewRecommendations.update', 'recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.update', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.bigqueryTableStatsInsights.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralInsights.update', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudCostGeneralRecommendations.update', 'recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralInsights.update', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralRecommendations.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralInsights.update', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudManageabilityGeneralRecommendations.update', 'recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralInsights.update', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralRecommendations.update', 'recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeInsights.update', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudRecentChangeRecommendations.update', 'recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudRecentChangeRecommenderConfig.update', 'recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralInsights.update', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudReliabilityGeneralRecommendations.update', 'recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralInsights.update', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralRecommendations.update', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeAddressIdleResourceRecommendations.update', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceInsights.update', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.update', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsightTypeConfigs.update', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.computeFirewallInsights.update', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceInsights.update', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.update', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsageInsights.update', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.update', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.update', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.update', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.update', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.update', 'recommender.computeInstanceIdleResourceRecommenderConfig.get', 'recommender.computeInstanceIdleResourceRecommenderConfig.update', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.update', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsageInsights.update', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.update', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.update', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingInsights.update', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.errorReportingRecommendations.update', 'recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityInsights.update', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.firestoreDatabaseReliabilityRecommendations.update', 'recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceInsights.update', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpGuidedExperienceRecommendations.update', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementInsights.update', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectManagementRecommendations.update', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsInsights.update', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.gmpProjectProductSuggestionsRecommendations.update', 'recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskInsights.update', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyChangeRiskRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyLateralMovementInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamPolicyRecommenderConfig.update', 'recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskInsights.update', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountChangeRiskRecommendations.update', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.iamServiceAccountInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerInsights.update', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.loggingProductSuggestionContainerRecommendations.update', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeInsights.update', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.monitoringProductSuggestionComputeRecommendations.update', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerCloudSqlInsights.update', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.update', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.update', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerIpAddressInsights.update', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.update', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.update', 'recommender.resourcemanagerProjectChangeRiskInsights.get', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.update', 'recommender.resourcemanagerProjectChangeRiskRecommendations.get', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.update', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationInsights.update', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.update', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update', 'recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitInsights.update', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.resourcemanagerServiceLimitRecommendations.update', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'redis.clusters.connect', 'redis.clusters.create', 'redis.clusters.delete', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.create', 'redis.instances.delete', 'redis.instances.export', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.getAuthString', 'redis.instances.import', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.instances.rescheduleMaintenance', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.instances.upgrade', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'remotebuildexecution.actions.create', 'remotebuildexecution.actions.delete', 'remotebuildexecution.actions.get', 'remotebuildexecution.actions.update', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.botsessions.create', 'remotebuildexecution.botsessions.update', 'remotebuildexecution.instances.create', 'remotebuildexecution.instances.get', 'remotebuildexecution.instances.list', 'remotebuildexecution.instances.update', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.get', 'remotebuildexecution.logstreams.update', 'remotebuildexecution.workerpools.create', 'remotebuildexecution.workerpools.get', 'remotebuildexecution.workerpools.list', 'remotebuildexecution.workerpools.update', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.searchPolicyBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.projects.update', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.create', 'resourcemanager.tagKeys.delete', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.update', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.create', 'resourcemanager.tagValues.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.update', 'resourcesettings.settings.get', 'resourcesettings.settings.list', 'retail.alertConfigs.get', 'retail.alertConfigs.update', 'retail.attributesConfigs.addCatalogAttribute', 'retail.attributesConfigs.batchRemoveCatalogAttributes', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.attributesConfigs.importCatalogAttributes', 'retail.attributesConfigs.removeCatalogAttribute', 'retail.attributesConfigs.replaceCatalogAttribute', 'retail.attributesConfigs.update', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.import', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.controls.create', 'retail.controls.delete', 'retail.controls.export', 'retail.controls.get', 'retail.controls.import', 'retail.controls.list', 'retail.controls.update', 'retail.experiments.create', 'retail.experiments.delete', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.experiments.update', 'retail.models.create', 'retail.models.delete', 'retail.models.get', 'retail.models.list', 'retail.models.pause', 'retail.models.resume', 'retail.models.tune', 'retail.models.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.purge', 'retail.products.setSponsorship', 'retail.products.update', 'retail.retailProjects.get', 'retail.servingConfigs.create', 'retail.servingConfigs.delete', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search', 'retail.servingConfigs.update', 'retail.userEvents.create', 'retail.userEvents.import', 'retail.userEvents.purge', 'retail.userEvents.rejoin', 'riscconfigurationservice.riscconfigs.createOrUpdate', 'riscconfigurationservice.riscconfigs.delete', 'riscconfigurationservice.riscconfigs.get', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.delete', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.create', 'riskmanager.reports.delete', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.reports.review', 'riskmanager.reports.share', 'riskmanager.serviceAccount.create', 'riskmanager.settings.get', 'riskmanager.settings.update', 'rma.annotations.create', 'rma.annotations.get', 'rma.collectors.create', 'rma.collectors.delete', 'rma.collectors.get', 'rma.collectors.list', 'rma.collectors.update', 'rma.locations.get', 'rma.locations.list', 'rma.operations.cancel', 'rma.operations.delete', 'rma.operations.get', 'rma.operations.list', 'routeoptimization.locations.use', 'routeoptimization.operations.create', 'routeoptimization.operations.get', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'runapps.applications.create', 'runapps.applications.delete', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.applications.update', 'runapps.deployments.create', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.update', 'secretmanager.locations.get', 'secretmanager.locations.list', 'secretmanager.secrets.create', 'secretmanager.secrets.delete', 'secretmanager.secrets.get', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'secretmanager.secrets.update', 'secretmanager.versions.add', 'secretmanager.versions.destroy', 'secretmanager.versions.disable', 'secretmanager.versions.enable', 'secretmanager.versions.get', 'secretmanager.versions.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.create', 'securedlandingzone.overwatches.delete', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list', 'securedlandingzone.overwatches.suspend', 'securedlandingzone.overwatches.update', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.assets.runDiscovery', 'securitycenter.assetsecuritymarks.update', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.billingtier.update', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.containerthreatdetectionsettings.update', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.eventthreatdetectionsettings.update', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.setWorkflowState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.integratedvulnerabilityscannersettings.update', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.update', 'securitycenter.resourcevalueconfigs.create', 'securitycenter.resourcevalueconfigs.delete', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.resourcevalueconfigs.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycenter.securityhealthanalyticscustommodules.create', 'securitycenter.securityhealthanalyticscustommodules.delete', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticscustommodules.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.sources.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.virtualmachinethreatdetectionsettings.update', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycenter.websecurityscannersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'securityposture.locations.get', 'securityposture.locations.list', 'securityposture.operations.delete', 'securityposture.operations.get', 'securityposture.operations.list', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureDeployments.update', 'securityposture.postureTemplates.get', 'securityposture.postureTemplates.list', 'securityposture.postures.create', 'securityposture.postures.delete', 'securityposture.postures.extract', 'securityposture.postures.get', 'securityposture.postures.list', 'securityposture.postures.update', 'securityposture.reports.create', 'securityposture.reports.get', 'securityposture.reports.list', 'servicebroker.bindingoperations.get', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.create', 'servicebroker.bindings.delete', 'servicebroker.bindings.get', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.catalogs.create', 'servicebroker.catalogs.delete', 'servicebroker.catalogs.get', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.instanceoperations.get', 'servicebroker.instanceoperations.list', 'servicebroker.instances.create', 'servicebroker.instances.delete', 'servicebroker.instances.get', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'servicebroker.instances.update', 'serviceconsumermanagement.consumers.get', 'serviceconsumermanagement.quota.get', 'serviceconsumermanagement.quota.update', 'serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource', 'servicedirectory.endpoints.create', 'servicedirectory.endpoints.delete', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.update', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.update', 'servicedirectory.networks.attach', 'servicedirectory.services.bind', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicedirectory.services.update', 'servicehealth.events.get', 'servicehealth.events.list', 'servicehealth.locations.get', 'servicehealth.locations.list', 'servicehealth.organizationEvents.get', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.get', 'servicehealth.organizationImpacts.list', 'servicehealth.statuses.get', 'servicemanagement.services.bind', 'servicemanagement.services.check', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.list', 'servicemanagement.services.quota', 'servicemanagement.services.report', 'servicemanagement.services.update', 'servicenetworking.operations.cancel', 'servicenetworking.operations.delete', 'servicenetworking.operations.get', 'servicenetworking.operations.list', 'servicenetworking.services.addDnsRecordSet', 'servicenetworking.services.addDnsZone', 'servicenetworking.services.addSubnetwork', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.getConsumerConfig', 'servicenetworking.services.listPeeredDnsDomains', 'servicenetworking.services.removeDnsRecordSet', 'servicenetworking.services.removeDnsZone', 'servicenetworking.services.updateConsumerConfig', 'servicenetworking.services.updateDnsRecordSet', 'servicenetworking.services.use', 'servicesecurityinsights.clusterSecurityInfo.get', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.policies.get', 'servicesecurityinsights.projectStates.get', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.securityViews.get', 'servicesecurityinsights.workloadPolicies.list', 'servicesecurityinsights.workloadSecurityInfo.get', 'serviceusage.apiKeys.regenerate', 'serviceusage.apiKeys.revert', 'serviceusage.quotas.get', 'serviceusage.quotas.update', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'source.repos.get', 'source.repos.getIamPolicy', 'source.repos.list', 'source.repos.update', 'spanner.backupOperations.cancel', 'spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.create', 'spanner.backupSchedules.delete', 'spanner.backupSchedules.get', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backupSchedules.update', 'spanner.backups.copy', 'spanner.backups.create', 'spanner.backups.delete', 'spanner.backups.get', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.backups.restoreDatabase', 'spanner.backups.update', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databaseRoles.use', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.create', 'spanner.databases.createBackup', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.getDdl', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.update', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.useDataBoost', 'spanner.databases.useRoleBasedAccess', 'spanner.databases.write', 'spanner.instanceConfigOperations.cancel', 'spanner.instanceConfigOperations.delete', 'spanner.instanceConfigOperations.get', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.create', 'spanner.instanceConfigs.delete', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instanceConfigs.update', 'spanner.instanceOperations.cancel', 'spanner.instanceOperations.delete', 'spanner.instanceOperations.get', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.cancel', 'spanner.instancePartitionOperations.delete', 'spanner.instancePartitionOperations.get', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.create', 'spanner.instancePartitions.delete', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instancePartitions.update', 'spanner.instances.create', 'spanner.instances.delete', 'spanner.instances.get', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.instances.update', 'spanner.instances.updateTag', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'speakerid.phrases.create', 'speakerid.phrases.delete', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.settings.get', 'speakerid.speakers.create', 'speakerid.speakers.delete', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify', 'speech.adaptations.execute', 'speech.config.get', 'speech.customClasses.create', 'speech.customClasses.delete', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.customClasses.undelete', 'speech.customClasses.update', 'speech.locations.get', 'speech.locations.list', 'speech.operations.cancel', 'speech.operations.delete', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.create', 'speech.phraseSets.delete', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.phraseSets.undelete', 'speech.phraseSets.update', 'speech.recognizers.create', 'speech.recognizers.delete', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize', 'speech.recognizers.undelete', 'speech.recognizers.update', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.hmacKeys.create', 'storage.hmacKeys.delete', 'storage.hmacKeys.get', 'storage.hmacKeys.list', 'storage.hmacKeys.update', 'storage.managementHubs.get', 'storageinsights.datasetConfigs.create', 'storageinsights.datasetConfigs.delete', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.linkDataset', 'storageinsights.datasetConfigs.list', 'storageinsights.datasetConfigs.unlinkDataset', 'storageinsights.datasetConfigs.update', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.cancel', 'storageinsights.operations.delete', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.create', 'storageinsights.reportConfigs.delete', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportConfigs.update', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list', 'storagetransfer.agentpools.create', 'storagetransfer.agentpools.delete', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.agentpools.report', 'storagetransfer.agentpools.update', 'storagetransfer.jobs.create', 'storagetransfer.jobs.delete', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.jobs.run', 'storagetransfer.jobs.update', 'storagetransfer.operations.assign', 'storagetransfer.operations.cancel', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.operations.pause', 'storagetransfer.operations.report', 'storagetransfer.operations.resume', 'storagetransfer.projects.getServiceAccount', 'stream.locations.get', 'stream.locations.list', 'stream.operations.cancel', 'stream.operations.delete', 'stream.operations.get', 'stream.operations.list', 'stream.streamContents.build', 'stream.streamContents.create', 'stream.streamContents.delete', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamContents.update', 'stream.streamInstances.create', 'stream.streamInstances.delete', 'stream.streamInstances.get', 'stream.streamInstances.list', 'stream.streamInstances.rollout', 'stream.streamInstances.update', 'subscribewithgoogledeveloper.tools.get', 'telcoautomation.blueprints.approve', 'telcoautomation.blueprints.create', 'telcoautomation.blueprints.delete', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.blueprints.propose', 'telcoautomation.blueprints.update', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.edgeSlms.get', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.locations.get', 'telcoautomation.locations.list', 'telcoautomation.operations.cancel', 'telcoautomation.operations.delete', 'telcoautomation.operations.get', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.delete', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.get', 'telcoautomation.publicBlueprints.list', 'timeseriesinsights.datasets.create', 'timeseriesinsights.datasets.delete', 'timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.datasets.update', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list', 'tpu.acceleratortypes.get', 'tpu.acceleratortypes.list', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.create', 'tpu.nodes.delete', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.nodes.reimage', 'tpu.nodes.reset', 'tpu.nodes.simulateMaintenanceEvent', 'tpu.nodes.start', 'tpu.nodes.stop', 'tpu.nodes.update', 'tpu.operations.get', 'tpu.operations.list', 'tpu.runtimeversions.get', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.get', 'tpu.tensorflowversions.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics', 'transcoder.jobTemplates.create', 'transcoder.jobTemplates.delete', 'transcoder.jobTemplates.get', 'transcoder.jobTemplates.list', 'transcoder.jobs.create', 'transcoder.jobs.delete', 'transcoder.jobs.get', 'transcoder.jobs.list', 'transferappliance.appliances.create', 'transferappliance.appliances.delete', 'transferappliance.appliances.get', 'transferappliance.appliances.list', 'transferappliance.appliances.update', 'transferappliance.credentials.get', 'transferappliance.locations.get', 'transferappliance.locations.list', 'transferappliance.operations.cancel', 'transferappliance.operations.delete', 'transferappliance.operations.get', 'transferappliance.operations.list', 'transferappliance.orders.create', 'transferappliance.orders.delete', 'transferappliance.orders.get', 'transferappliance.orders.list', 'transferappliance.orders.update', 'transferappliance.savedAddresses.create', 'transferappliance.savedAddresses.delete', 'transferappliance.savedAddresses.get', 'transferappliance.savedAddresses.list', 'transferappliance.savedAddresses.update', 'translationhub.portals.create', 'translationhub.portals.delete', 'translationhub.portals.get', 'translationhub.portals.list', 'translationhub.portals.update', 'videostitcher.cdnKeys.create', 'videostitcher.cdnKeys.delete', 'videostitcher.cdnKeys.get', 'videostitcher.cdnKeys.list', 'videostitcher.cdnKeys.update', 'videostitcher.liveAdTagDetails.get', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.create', 'videostitcher.liveConfigs.delete', 'videostitcher.liveConfigs.get', 'videostitcher.liveConfigs.list', 'videostitcher.liveSessions.create', 'videostitcher.liveSessions.get', 'videostitcher.operations.cancel', 'videostitcher.operations.delete', 'videostitcher.operations.get', 'videostitcher.operations.list', 'videostitcher.slates.create', 'videostitcher.slates.delete', 'videostitcher.slates.get', 'videostitcher.slates.list', 'videostitcher.slates.update', 'videostitcher.vodAdTagDetails.get', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.create', 'videostitcher.vodConfigs.delete', 'videostitcher.vodConfigs.get', 'videostitcher.vodConfigs.list', 'videostitcher.vodConfigs.update', 'videostitcher.vodSessions.create', 'videostitcher.vodSessions.get', 'videostitcher.vodStitchDetails.get', 'videostitcher.vodStitchDetails.list', 'visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.analyses.update', 'visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.update', 'visionai.clusters.watch', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.events.update', 'visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.cancel', 'visionai.operations.delete', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operations.wait', 'visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.operators.update', 'visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.processors.update', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.update', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.update', 'visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list', 'visualinspection.annotationSets.create', 'visualinspection.annotationSets.delete', 'visualinspection.annotationSets.get', 'visualinspection.annotationSets.list', 'visualinspection.annotationSets.update', 'visualinspection.annotationSpecs.create', 'visualinspection.annotationSpecs.delete', 'visualinspection.annotationSpecs.get', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.create', 'visualinspection.annotations.delete', 'visualinspection.annotations.get', 'visualinspection.annotations.list', 'visualinspection.annotations.update', 'visualinspection.datasets.create', 'visualinspection.datasets.delete', 'visualinspection.datasets.export', 'visualinspection.datasets.get', 'visualinspection.datasets.import', 'visualinspection.datasets.list', 'visualinspection.datasets.update', 'visualinspection.images.delete', 'visualinspection.images.get', 'visualinspection.images.list', 'visualinspection.images.update', 'visualinspection.locations.get', 'visualinspection.locations.list', 'visualinspection.locations.reportUsageMetrics', 'visualinspection.modelEvaluations.get', 'visualinspection.modelEvaluations.list', 'visualinspection.models.create', 'visualinspection.models.delete', 'visualinspection.models.get', 'visualinspection.models.list', 'visualinspection.models.update', 'visualinspection.models.writePrediction', 'visualinspection.modules.create', 'visualinspection.modules.delete', 'visualinspection.modules.get', 'visualinspection.modules.list', 'visualinspection.modules.update', 'visualinspection.operations.get', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.create', 'visualinspection.solutionArtifacts.delete', 'visualinspection.solutionArtifacts.get', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutionArtifacts.predict', 'visualinspection.solutionArtifacts.update', 'visualinspection.solutions.create', 'visualinspection.solutions.delete', 'visualinspection.solutions.get', 'visualinspection.solutions.list', 'vmmigration.cloneJobs.create', 'vmmigration.cloneJobs.get', 'vmmigration.cloneJobs.list', 'vmmigration.cloneJobs.update', 'vmmigration.cutoverJobs.create', 'vmmigration.cutoverJobs.get', 'vmmigration.cutoverJobs.list', 'vmmigration.cutoverJobs.update', 'vmmigration.datacenterConnectors.create', 'vmmigration.datacenterConnectors.delete', 'vmmigration.datacenterConnectors.get', 'vmmigration.datacenterConnectors.list', 'vmmigration.datacenterConnectors.update', 'vmmigration.deployments.create', 'vmmigration.deployments.get', 'vmmigration.deployments.list', 'vmmigration.groups.create', 'vmmigration.groups.delete', 'vmmigration.groups.get', 'vmmigration.groups.list', 'vmmigration.groups.update', 'vmmigration.locations.get', 'vmmigration.locations.list', 'vmmigration.migratingVms.create', 'vmmigration.migratingVms.delete', 'vmmigration.migratingVms.get', 'vmmigration.migratingVms.list', 'vmmigration.migratingVms.update', 'vmmigration.operations.cancel', 'vmmigration.operations.delete', 'vmmigration.operations.get', 'vmmigration.operations.list', 'vmmigration.replicationCycles.get', 'vmmigration.replicationCycles.list', 'vmmigration.sources.create', 'vmmigration.sources.delete', 'vmmigration.sources.get', 'vmmigration.sources.list', 'vmmigration.sources.update', 'vmmigration.targets.create', 'vmmigration.targets.delete', 'vmmigration.targets.get', 'vmmigration.targets.list', 'vmmigration.targets.update', 'vmmigration.utilizationReports.create', 'vmmigration.utilizationReports.delete', 'vmmigration.utilizationReports.get', 'vmmigration.utilizationReports.list', 'vmwareengine.clusters.create', 'vmwareengine.clusters.delete', 'vmwareengine.clusters.get', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.clusters.update', 'vmwareengine.dnsBindPermission.get', 'vmwareengine.dnsBindPermission.grant', 'vmwareengine.dnsBindPermission.revoke', 'vmwareengine.dnsForwarding.get', 'vmwareengine.dnsForwarding.update', 'vmwareengine.externalAccessRules.create', 'vmwareengine.externalAccessRules.delete', 'vmwareengine.externalAccessRules.get', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAccessRules.update', 'vmwareengine.externalAddresses.create', 'vmwareengine.externalAddresses.delete', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.externalAddresses.update', 'vmwareengine.hcxActivationKeys.create', 'vmwareengine.hcxActivationKeys.get', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.locations.get', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.create', 'vmwareengine.loggingServers.delete', 'vmwareengine.loggingServers.get', 'vmwareengine.loggingServers.list', 'vmwareengine.loggingServers.update', 'vmwareengine.managementDnsZoneBindings.create', 'vmwareengine.managementDnsZoneBindings.delete', 'vmwareengine.managementDnsZoneBindings.get', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.managementDnsZoneBindings.repair', 'vmwareengine.managementDnsZoneBindings.update', 'vmwareengine.networkPeerings.create', 'vmwareengine.networkPeerings.delete', 'vmwareengine.networkPeerings.get', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPeerings.listPeeringRoutes', 'vmwareengine.networkPeerings.update', 'vmwareengine.networkPolicies.create', 'vmwareengine.networkPolicies.delete', 'vmwareengine.networkPolicies.fetchExternalAddresses', 'vmwareengine.networkPolicies.get', 'vmwareengine.networkPolicies.list', 'vmwareengine.networkPolicies.update', 'vmwareengine.nodeTypes.get', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list', 'vmwareengine.operations.delete', 'vmwareengine.operations.get', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.create', 'vmwareengine.privateClouds.delete', 'vmwareengine.privateClouds.get', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateClouds.resetNsxCredentials', 'vmwareengine.privateClouds.resetVcenterCredentials', 'vmwareengine.privateClouds.showNsxCredentials', 'vmwareengine.privateClouds.showVcenterCredentials', 'vmwareengine.privateClouds.undelete', 'vmwareengine.privateClouds.update', 'vmwareengine.privateConnections.create', 'vmwareengine.privateConnections.delete', 'vmwareengine.privateConnections.get', 'vmwareengine.privateConnections.list', 'vmwareengine.privateConnections.listPeeringRoutes', 'vmwareengine.privateConnections.update', 'vmwareengine.projectState.get', 'vmwareengine.services.use', 'vmwareengine.services.view', 'vmwareengine.subnets.get', 'vmwareengine.subnets.list', 'vmwareengine.subnets.update', 'vmwareengine.vmwareEngineNetworks.create', 'vmwareengine.vmwareEngineNetworks.delete', 'vmwareengine.vmwareEngineNetworks.get', 'vmwareengine.vmwareEngineNetworks.list', 'vmwareengine.vmwareEngineNetworks.update', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.connectors.update', 'vpcaccess.connectors.use', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list', 'workflows.callbacks.list', 'workflows.callbacks.send', 'workflows.executions.cancel', 'workflows.executions.create', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.cancel', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision', 'workflows.workflows.update', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.cancel', 'workloadcertificate.operations.delete', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadCertificateFeature.update', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.delete', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list', 'workloadcertificate.workloadRegistrations.update', 'workloadmanager.actuations.create', 'workloadmanager.actuations.delete', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.create', 'workloadmanager.deployments.delete', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.insights.export', 'workloadmanager.insights.listSapSystems', 'workloadmanager.insights.write', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.cancel', 'workloadmanager.operations.delete', 'workloadmanager.operations.get', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list', 'workstations.operations.get', 'workstations.workstationClusters.create', 'workstations.workstationClusters.delete', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationClusters.update', 'workstations.workstationConfigs.create', 'workstations.workstationConfigs.delete', 'workstations.workstationConfigs.get', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstationConfigs.update', 'workstations.workstations.create', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update']
Copy Permissions GA
roles/cloudasset.effectivePolicyServiceAgent
Give effective policy service account access to search all resources and IAM policies.
Effective Policies Service Agent
['cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources']
Copy Permissions GA
roles/endpointsportal.serviceAgent
Can access information about Endpoints services for consumer portal management, and can read Source Repositories for consumer portal custom content.
Endpoints Portal Service Agent
['servicemanagement.services.get', 'servicemanagement.services.list', 'source.repos.get']
Copy Permissions GA
roles/enterpriseknowledgegraph.admin
Administrator of Enterprise Knowledge Graph resources
Enterprise Knowledge Graph Admin
['enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.cancel', 'enterpriseknowledgegraph.entityReconciliationJobs.create', 'enterpriseknowledgegraph.entityReconciliationJobs.delete', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/enterpriseknowledgegraph.editor
Editor of Enterprise Knowledge Graph resources
Enterprise Knowledge Graph Editor
['enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.cancel', 'enterpriseknowledgegraph.entityReconciliationJobs.create', 'enterpriseknowledgegraph.entityReconciliationJobs.delete', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/enterpriseknowledgegraph.serviceAgent
Gives Enterprise Knowledge Graph Service Account access to consumer resources.
Enterprise Knowledge Graph Service Agent
['bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.update', 'bigquery.tables.updateData', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/enterpriseknowledgegraph.viewer
Viewer of Enterprise Knowledge Graph resources
Enterprise Knowledge Graph Viewer
['enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/enterprisepurchasing.admin
Full access to Enterprise Purchasing resources.
Enterprise Purchasing Admin
['enterprisepurchasing.gcveCuds.create', 'enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.cancel', 'enterprisepurchasing.operations.delete', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/enterprisepurchasing.editor
Edit access to Enterprise Purchasing resources.
Enterprise Purchasing Editor
['enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/enterprisepurchasing.viewer
Readonly access to Enterprise Purchasing resources.
Enterprise Purchasing Viewer
['enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/composer.environmentAndStorageObjectAdmin
Full control of Cloud Composer environments and Cloud Storage objects.
Environment and Storage Object Administrator
['composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.create', 'composer.environments.delete', 'composer.environments.executeAirflowCommand', 'composer.environments.get', 'composer.environments.list', 'composer.environments.update', 'composer.imageversions.list', 'composer.operations.delete', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.create', 'composer.userworkloadsconfigmaps.delete', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadsconfigmaps.update', 'composer.userworkloadssecrets.create', 'composer.userworkloadssecrets.delete', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'composer.userworkloadssecrets.update', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/composer.environmentAndStorageObjectUser
Read and use access to Cloud Composer resources and read access Cloud Storage objects.
Environment and Storage Object User
['composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.get', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/composer.environmentAndStorageObjectViewer
Read access to Cloud Composer environments and Cloud Storage objects.
Environment and Storage Object Viewer
['composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.get', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/errorreporting.admin
Administrative access to Error Reporting.
Error Reporting Admin
['cloudnotifications.activities.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.create', 'errorreporting.errorEvents.delete', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groupMetadata.update', 'errorreporting.groups.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get']
Copy Permissions BETA
roles/recommender.errorReportingAdmin
Admin of Error Reporting Insights and Recommendations.
Error Reporting Recommender Admin
['recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingInsights.update', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.errorReportingRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.errorReportingViewer
Viewer of Error Reporting Insights and Recommendations.
Error Reporting Recommender Viewer
['recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/errorreporting.user
User access to Error Reporting. Can list all errors and update their metadata. Can delete error events.
Error Reporting User
['cloudnotifications.activities.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.delete', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groupMetadata.update', 'errorreporting.groups.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get']
Copy Permissions BETA
roles/errorreporting.viewer
Read-only access to all Error Reporting data.
Error Reporting Viewer
['cloudnotifications.activities.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groups.list', 'logging.notificationRules.get', 'logging.notificationRules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get']
Copy Permissions BETA
roles/errorreporting.writer
Can send error events to Error Reporting. Intended for service accounts.
Error Reporting Writer
['errorreporting.errorEvents.create']
Copy Permissions BETA
roles/essentialcontacts.admin
Full access to all essential contacts
Essential Contacts Admin
['essentialcontacts.contacts.create', 'essentialcontacts.contacts.delete', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'essentialcontacts.contacts.send', 'essentialcontacts.contacts.update']
Copy Permissions GA
roles/essentialcontacts.viewer
Viewer for all essential contacts
Essential Contacts Viewer
['essentialcontacts.contacts.get', 'essentialcontacts.contacts.list']
Copy Permissions GA
roles/eventarc.admin
Full control over all Eventarc resources.
Eventarc Admin
['eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/eventarc.connectionPublisher
Can publish events to Eventarc Channel Connections.
Eventarc Connection Publisher
['eventarc.channelConnections.get', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/eventarc.developer
Access to read and write Eventarc resources.
Eventarc Developer
['eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/eventarc.eventReceiver
Can receive events from all event providers.
Eventarc Event Receiver
['eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent']
Copy Permissions GA
roles/eventarc.messageBusAdmin
Full control over Message Buses resources.
Eventarc Message Bus Admin
['eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use']
Copy Permissions BETA
roles/eventarc.messageBusUser
Access to publish to or bind to a Message Bus.
Eventarc Message Bus User
['eventarc.messageBuses.get', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.use']
Copy Permissions BETA
roles/eventarc.publisher
Can publish events to Eventarc channels.
Eventarc Publisher
['eventarc.channels.get', 'eventarc.channels.list', 'eventarc.channels.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/eventarc.serviceAgent
Gives Eventarc service account access to managed resources.
Eventarc Service Agent
['cloudfunctions.functions.get', 'compute.instanceGroupManagers.get', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.regionOperations.get', 'container.clusters.connect', 'container.clusters.get', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.list', 'container.deployments.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.namespaces.list', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.services.get', 'container.services.list', 'dns.networks.targetWithPeeringZone', 'eventarc.channels.publish', 'eventarc.messageBuses.publish', 'eventarc.operations.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'monitoring.timeSeries.create', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'run.jobs.get', 'run.services.get', 'serviceusage.services.use', 'storage.buckets.get', 'storage.buckets.update', 'workflows.workflows.get']
Copy Permissions GA
roles/eventarc.viewer
Can view the state of all Eventarc resources, including IAM policies.
Eventarc Viewer
['eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/databaseinsights.eventsViewer
Viewer role for Events Service data
Events Service viewer
['databaseinsights.aggregatedEvents.query', 'databaseinsights.clusterEvents.query', 'databaseinsights.instanceEvents.query']
Copy Permissions BETA
roles/publicca.externalAccountKeyCreator
This role can create a new externalAccountKey resource.
External Account Key Creator
['publicca.externalAccountKeys.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/financialservices.admin
Full access to all Financial Services API resources.
Financial Services Admin
['financialservices.locations.get', 'financialservices.locations.list', 'financialservices.operations.cancel', 'financialservices.operations.delete', 'financialservices.operations.get', 'financialservices.operations.list', 'financialservices.v1backtests.create', 'financialservices.v1backtests.delete', 'financialservices.v1backtests.exportMetadata', 'financialservices.v1backtests.get', 'financialservices.v1backtests.list', 'financialservices.v1backtests.update', 'financialservices.v1datasets.create', 'financialservices.v1datasets.delete', 'financialservices.v1datasets.get', 'financialservices.v1datasets.list', 'financialservices.v1datasets.update', 'financialservices.v1engineconfigs.create', 'financialservices.v1engineconfigs.delete', 'financialservices.v1engineconfigs.exportMetadata', 'financialservices.v1engineconfigs.get', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineconfigs.update', 'financialservices.v1engineversions.get', 'financialservices.v1engineversions.list', 'financialservices.v1instances.create', 'financialservices.v1instances.delete', 'financialservices.v1instances.exportRegisteredParties', 'financialservices.v1instances.get', 'financialservices.v1instances.importRegisteredParties', 'financialservices.v1instances.list', 'financialservices.v1instances.update', 'financialservices.v1models.create', 'financialservices.v1models.delete', 'financialservices.v1models.exportMetadata', 'financialservices.v1models.get', 'financialservices.v1models.list', 'financialservices.v1models.update', 'financialservices.v1predictions.create', 'financialservices.v1predictions.delete', 'financialservices.v1predictions.exportMetadata', 'financialservices.v1predictions.get', 'financialservices.v1predictions.list', 'financialservices.v1predictions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/financialservices.viewer
View access to all Financial Services API resources.
Financial Services Viewer
['financialservices.locations.get', 'financialservices.locations.list', 'financialservices.operations.get', 'financialservices.operations.list', 'financialservices.v1backtests.exportMetadata', 'financialservices.v1backtests.get', 'financialservices.v1backtests.list', 'financialservices.v1datasets.get', 'financialservices.v1datasets.list', 'financialservices.v1engineconfigs.exportMetadata', 'financialservices.v1engineconfigs.get', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineversions.get', 'financialservices.v1engineversions.list', 'financialservices.v1instances.exportRegisteredParties', 'financialservices.v1instances.get', 'financialservices.v1instances.list', 'financialservices.v1models.exportMetadata', 'financialservices.v1models.get', 'financialservices.v1models.list', 'financialservices.v1predictions.exportMetadata', 'financialservices.v1predictions.get', 'financialservices.v1predictions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/datacatalog.categoryFineGrainedReader
Read access to sub-resources tagged by a policy tag, for example, BigQuery columns
Fine-Grained Reader
['datacatalog.categories.fineGrainedGet']
Copy Permissions GA
roles/firebaseabt.admin
Full read/write access to Firebase A/B Testing resources.
Firebase A/B Testing Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.create', 'firebaseabt.experiments.delete', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.experiments.update', 'firebaseabt.projectmetadata.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseabt.viewer
Read-only access to Firebase A/B Testing resources.
Firebase A/B Testing Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.projectmetadata.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebase.admin
Full access to Firebase products.
Firebase Admin
['apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'appengine.applications.get', 'automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.brands.update', 'clientauthconfig.clients.create', 'clientauthconfig.clients.delete', 'clientauthconfig.clients.get', 'clientauthconfig.clients.list', 'clientauthconfig.clients.update', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudconfig.configs.get', 'cloudconfig.configs.update', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudmessaging.messages.create', 'cloudnotifications.activities.list', 'cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.create', 'cloudtestservice.matrices.get', 'cloudtestservice.matrices.update', 'cloudtoolresults.executions.create', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.executions.update', 'cloudtoolresults.histories.create', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.create', 'cloudtoolresults.settings.get', 'cloudtoolresults.settings.update', 'cloudtoolresults.steps.create', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtoolresults.steps.update', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'errorreporting.groups.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'fcmdata.deliverydata.list', 'firebase.billingPlans.get', 'firebase.billingPlans.update', 'firebase.clients.create', 'firebase.clients.delete', 'firebase.clients.get', 'firebase.clients.list', 'firebase.clients.undelete', 'firebase.clients.update', 'firebase.links.create', 'firebase.links.delete', 'firebase.links.list', 'firebase.links.update', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.playLinks.update', 'firebase.projects.delete', 'firebase.projects.get', 'firebase.projects.update', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.create', 'firebaseabt.experiments.delete', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.experiments.update', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.appCheckTokens.verify', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update', 'firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'firebasecrash.issues.update', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.config.update', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.issues.update', 'firebasecrashlytics.sessions.get', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.destinations.update', 'firebasedynamiclinks.domains.create', 'firebasedynamiclinks.domains.delete', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.domains.update', 'firebasedynamiclinks.links.create', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.links.update', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.create', 'firebaseextensions.configs.delete', 'firebaseextensions.configs.list', 'firebaseextensions.configs.update', 'firebaseextensionspublisher.extensions.create', 'firebaseextensionspublisher.extensions.delete', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'firebaseinappmessaging.campaigns.create', 'firebaseinappmessaging.campaigns.delete', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebaseinappmessaging.campaigns.update', 'firebasemessagingcampaigns.campaigns.create', 'firebasemessagingcampaigns.campaigns.delete', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasemessagingcampaigns.campaigns.start', 'firebasemessagingcampaigns.campaigns.stop', 'firebasemessagingcampaigns.campaigns.update', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'firebaseperformance.config.update', 'firebaseperformance.data.get', 'firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'firebasestorage.buckets.addFirebase', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.buckets.removeFirebase', 'firebasestorage.defaultBucket.create', 'firebasestorage.defaultBucket.delete', 'firebasestorage.defaultBucket.get', 'logging.logEntries.list', 'monitoring.timeSeries.list', 'oauthconfig.verification.get', 'orgpolicy.policy.get', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.update', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/firebase.sdkAdminServiceAgent
Read and write access to Firebase products available in the Admin SDK
Firebase Admin SDK Administrator Service Agent
['appengine.applications.get', 'cloudconfig.configs.get', 'cloudconfig.configs.update', 'cloudmessaging.messages.create', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'firebase.clients.create', 'firebase.clients.delete', 'firebase.clients.get', 'firebase.clients.list', 'firebase.clients.undelete', 'firebase.clients.update', 'firebase.projects.get', 'firebase.projects.update', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.appCheckTokens.verify', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'firebaserules.releases.get', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'identitytoolkit.tenants.create', 'identitytoolkit.tenants.delete', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.setIamPolicy', 'identitytoolkit.tenants.update', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.update', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/firebase.analyticsAdmin
Full access to Google Analytics for Firebase.
Firebase Analytics Admin
['cloudnotifications.activities.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseextensions.configs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebase.analyticsViewer
Read access to Google Analytics for Firebase.
Firebase Analytics Viewer
['cloudnotifications.activities.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseextensions.configs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaseappcheck.admin
Full management of Firebase App Check.
Firebase App Check Admin
['firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.appCheckTokens.verify', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update']
Copy Permissions GA
roles/firebaseappcheck.serviceAgent
Grants Firebase App Check Service Account access to consumer app attestation resources, such as reCAPTCHA Enterprise and Play Integrity API.
Firebase App Check Service Agent
['recaptchaenterprise.assessments.annotate', 'recaptchaenterprise.assessments.create', 'serviceusage.services.use']
Copy Permissions GA
roles/firebaseappcheck.tokenVerifier
Access to token verification capabilities for Firebase App Check.
Firebase App Check Token Verifier
['firebaseappcheck.appCheckTokens.verify']
Copy Permissions GA
roles/firebaseappcheck.viewer
Read-only access for Firebase App Check.
Firebase App Check Viewer
['firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.services.get']
Copy Permissions GA
roles/firebaseappdistro.admin
Full read/write access to Firebase App Distribution resources.
Firebase App Distribution Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebase.appDistributionSdkServiceAgent
Read and write access to Firebase App Distribution with the Admin SDK
Firebase App Distribution Admin SDK Service Agent
['firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update']
Copy Permissions GA
roles/firebaseappdistro.viewer
Read-only access to Firebase App Distribution resources.
Firebase App Distribution Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaseapphosting.serviceAgent
Gives Firebase App Hosting access to resource for Building & Deploying Backends.
Firebase App Hosting Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.update', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.fetchReadWriteToken', 'developerconnect.gitRepositoryLinks.get', 'iam.serviceAccounts.actAs', 'run.operations.delete', 'run.operations.get', 'run.revisions.delete', 'run.revisions.get', 'run.routes.get', 'run.routes.invoke', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.update', 'serviceusage.services.use']
Copy Permissions GA
roles/firebaseauth.admin
Full read/write access to Firebase Authentication resources.
Firebase Authentication Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaseauth.viewer
Read-only access to Firebase Authentication resources.
Firebase Authentication Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseauth.configs.get', 'firebaseauth.users.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasenotifications.admin
Full read/write access to Firebase Cloud Messaging resources.
Firebase Cloud Messaging Admin
['fcmdata.deliverydata.list', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasecloudmessaging.admin
Full read/write access to Firebase Cloud Messaging API resources.
Firebase Cloud Messaging API Admin
['cloudmessaging.messages.create', 'fcmdata.deliverydata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebasenotifications.viewer
Read-only access to Firebase Cloud Messaging resources.
Firebase Cloud Messaging Viewer
['fcmdata.deliverydata.list', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasecrash.symbolMappingsAdmin
Full read/write access to symbol mapping file resources for Firebase Crash Reporting.
Firebase Crash Symbol Uploader
['firebase.clients.get', 'firebase.clients.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/firebasecrashlytics.admin
Full read/write access to Firebase Crashlytics resources.
Firebase Crashlytics Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.config.update', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.issues.update', 'firebasecrashlytics.sessions.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasecrashlytics.viewer
Read-only access to Firebase Crashlytics resources.
Firebase Crashlytics Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.sessions.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasedataconnect.admin
Full access to Firebase Data Connect API resources, including data.
Firebase Data Connect API Admin
['firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebasedataconnect.dataAdmin
Full access to data sources.
Firebase Data Connect API Data Admin
['firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead']
Copy Permissions BETA
roles/firebasedataconnect.dataViewer
Readonly access to data sources.
Firebase Data Connect API Data Viewer
['firebasedataconnect.services.executeGraphqlRead']
Copy Permissions BETA
roles/firebasedataconnect.viewer
Readonly access to Firebase Data Connect API resources. Role does not grant access to data.
Firebase Data Connect API Viewer
['firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebasedataconnect.serviceAgent
Gives Firebase Data Connect access to administer Cloud SQL instances.
Firebase Data Connect Service Agent
['cloudsql.databases.create', 'cloudsql.databases.get', 'cloudsql.instances.connect', 'cloudsql.instances.get', 'cloudsql.instances.login', 'cloudsql.users.create', 'cloudsql.users.get']
Copy Permissions GA
roles/firebase.developAdmin
Full access to Firebase Develop products and Analytics.
Firebase Develop Admin
['apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'appengine.applications.get', 'automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.brands.update', 'clientauthconfig.clients.get', 'clientauthconfig.clients.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudnotifications.activities.list', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'errorreporting.groups.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.appCheckTokens.verify', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'firebaseextensions.configs.list', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'firebasestorage.buckets.addFirebase', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.buckets.removeFirebase', 'firebasestorage.defaultBucket.create', 'firebasestorage.defaultBucket.delete', 'firebasestorage.defaultBucket.get', 'logging.logEntries.list', 'monitoring.timeSeries.list', 'oauthconfig.verification.get', 'orgpolicy.policy.get', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.update', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/firebase.developViewer
Read access to Firebase Develop products and Analytics.
Firebase Develop Viewer
['apikeys.keys.get', 'apikeys.keys.list', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.get', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudnotifications.activities.list', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'errorreporting.groups.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.services.get', 'firebaseauth.configs.get', 'firebaseauth.users.get', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebaseextensions.configs.list', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaserules.releases.get', 'firebaserules.releases.list', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.defaultBucket.get', 'logging.logEntries.list', 'monitoring.timeSeries.list', 'oauthconfig.verification.get', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/firebasedynamiclinks.admin
Full read/write access to Firebase Dynamic Links resources.
Firebase Dynamic Links Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.destinations.update', 'firebasedynamiclinks.domains.create', 'firebasedynamiclinks.domains.delete', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.domains.update', 'firebasedynamiclinks.links.create', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.links.update', 'firebasedynamiclinks.stats.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasedynamiclinks.viewer
Read-only access to Firebase Dynamic Links resources.
Firebase Dynamic Links Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.stats.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasemods.serviceAgent
Grants Firebase Extensions API Service Account access to manage resources.
Firebase Extensions API Service Agent
['appengine.applications.get', 'artifactregistry.packages.delete', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.setIamPolicy', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'cloudtasks.tasks.create', 'cloudtasks.tasks.fullView', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.setIamPolicy', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.updateLiens', 'run.services.getIamPolicy', 'run.services.setIamPolicy', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebaseextensions.developer
View, create, and delete Firebase Extensions Instances and Extensions Versions, and update Extensions Instances
Firebase Extensions Developer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseextensionspublisher.extensionsAdmin
Fully manage Firebase Extensions
Firebase Extensions Publisher - Extensions Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseextensionspublisher.extensions.create', 'firebaseextensionspublisher.extensions.delete', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseextensionspublisher.extensionsViewer
View Firebase Extensions
Firebase Extensions Publisher - Extensions Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseextensions.viewer
Viewer of Firebase Extensions Instances
Firebase Extensions Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebase.growthAdmin
Full access to Firebase Grow products and Analytics.
Firebase Grow Admin
['apikeys.keys.get', 'apikeys.keys.list', 'clientauthconfig.clients.get', 'clientauthconfig.clients.list', 'cloudconfig.configs.get', 'cloudconfig.configs.update', 'cloudmessaging.messages.create', 'cloudnotifications.activities.list', 'fcmdata.deliverydata.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.create', 'firebaseabt.experiments.delete', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.experiments.update', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.destinations.update', 'firebasedynamiclinks.domains.create', 'firebasedynamiclinks.domains.delete', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.domains.update', 'firebasedynamiclinks.links.create', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.links.update', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.list', 'firebaseinappmessaging.campaigns.create', 'firebaseinappmessaging.campaigns.delete', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebaseinappmessaging.campaigns.update', 'firebasemessagingcampaigns.campaigns.create', 'firebasemessagingcampaigns.campaigns.delete', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasemessagingcampaigns.campaigns.start', 'firebasemessagingcampaigns.campaigns.stop', 'firebasemessagingcampaigns.campaigns.update', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebase.growthViewer
Read access to Firebase Grow products and Analytics.
Firebase Grow Viewer
['apikeys.keys.get', 'apikeys.keys.list', 'cloudconfig.configs.get', 'cloudnotifications.activities.list', 'fcmdata.deliverydata.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.list', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebasehosting.admin
Full read/write access to Firebase Hosting resources.
Firebase Hosting Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasehosting.viewer
Read-only access to Firebase Hosting resources.
Firebase Hosting Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaseinappmessaging.admin
Full read/write access to Firebase In-App Messaging resources.
Firebase In-App Messaging Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseinappmessaging.campaigns.create', 'firebaseinappmessaging.campaigns.delete', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebaseinappmessaging.campaigns.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseinappmessaging.viewer
Read-only access to Firebase In-App Messaging resources.
Firebase In-App Messaging Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseml.serviceAgent
Access to Cloud ML and AI resources used by Firebase ML
Firebase Machine Learning Service Agent
['aiplatform.endpoints.predict']
Copy Permissions GA
roles/firebasemessagingcampaigns.admin
Full management of Firebase Messaging Campaigns.
Firebase Messaging Campaigns Admin
['firebasemessagingcampaigns.campaigns.create', 'firebasemessagingcampaigns.campaigns.delete', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasemessagingcampaigns.campaigns.start', 'firebasemessagingcampaigns.campaigns.stop', 'firebasemessagingcampaigns.campaigns.update']
Copy Permissions BETA
roles/firebasemessagingcampaigns.viewer
Read-only access for Firebase Messaging Campaigns.
Firebase Messaging Campaigns Viewer
['firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list']
Copy Permissions BETA
roles/firebaseml.admin
Full read/write access to Firebase ML Kit resources.
Firebase ML Kit Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseml.viewer
Read-only access to Firebase ML Kit resources.
Firebase ML Kit Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firebaseperformance.admin
Full access to firebaseperformance resources.
Firebase Performance Reporting Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseperformance.config.update', 'firebaseperformance.data.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaseperformance.viewer
Read-only access to firebaseperformance resources.
Firebase Performance Reporting Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebaseperformance.data.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebase.qualityAdmin
Full access to Firebase Quality products and Analytics.
Firebase Quality Admin
['apikeys.keys.get', 'apikeys.keys.list', 'cloudnotifications.activities.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update', 'firebasecrash.issues.update', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.config.update', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.issues.update', 'firebasecrashlytics.sessions.get', 'firebaseextensions.configs.list', 'firebaseperformance.config.update', 'firebaseperformance.data.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebase.qualityViewer
Read access to Firebase Quality products and Analytics.
Firebase Quality Viewer
['apikeys.keys.get', 'apikeys.keys.list', 'cloudnotifications.activities.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.sessions.get', 'firebaseextensions.configs.list', 'firebaseperformance.data.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/firebasedatabase.admin
Full read/write access to Firebase Realtime Database resources.
Firebase Realtime Database Admin
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebasedatabase.serviceAgent
Access to publish triggers
Firebase Realtime Database Service Agent
['pubsub.topics.publish', 'serviceusage.services.use']
Copy Permissions GA
roles/firebasedatabase.viewer
Read-only access to Firebase Realtime Database resources.
Firebase Realtime Database Viewer
['firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudconfig.admin
Full access to Firebase Remote Config resources.
Firebase Remote Config Admin
['cloudconfig.configs.get', 'cloudconfig.configs.update', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudconfig.viewer
Read access to Firebase Remote Config resources.
Firebase Remote Config Viewer
['cloudconfig.configs.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaserules.admin
Full management of Firebase Rules.
Firebase Rules Admin
['firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebaserules.firestoreServiceAgent
Grants Firebase Security Rules access to Firestore for providing cross-service Rules.
Firebase Rules Firestore Service Agent
['datastore.entities.get']
Copy Permissions GA
roles/firebaserules.system
Read/write/list access for Datastore entities and Cloud Storage objects, as well as get/list/publish access for PubSub topics.
Firebase Rules System
['datastore.databases.get', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/firebaserules.viewer
Read-only access on all resources with the ability to test Rulesets.
Firebase Rules Viewer
['firebaserules.releases.get', 'firebaserules.releases.list', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/firebase.sdkProvisioningServiceAgent
Access to provision apps with the Admin SDK.
Firebase SDK Provisioning Service Agent
['apikeys.keys.list', 'clientauthconfig.clients.list', 'cloudmessaging.messages.create', 'firebase.clients.create', 'servicemanagement.services.bind', 'serviceusage.services.enable', 'serviceusage.services.get']
Copy Permissions GA
roles/firebase.managementServiceAgent
Access to create new service agents for Firebase projects; assign roles to service agents; provision GCP resources as required by Firebase services.
Firebase Service Management Service Agent
['apikeys.keys.create', 'apikeys.keys.get', 'apikeys.keys.list', 'apikeys.keys.update', 'appengine.applications.create', 'appengine.applications.get', 'appengine.applications.update', 'appengine.operations.get', 'appengine.services.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.update', 'bigquery.transfers.get', 'bigquery.transfers.update', 'clientauthconfig.brands.create', 'clientauthconfig.brands.update', 'clientauthconfig.clients.create', 'clientauthconfig.clients.getWithSecret', 'clientauthconfig.clients.list', 'clientauthconfig.clients.update', 'firebase.clients.create', 'firebase.clients.delete', 'firebase.clients.get', 'firebase.clients.undelete', 'firebase.projects.delete', 'firebase.projects.get', 'firebase.projects.update', 'firebaseabt.experiments.delete', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.update', 'firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.rulesets.create', 'firebasestorage.defaultBucket.get', 'iam.roles.get', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.projects.update', 'servicemanagement.services.bind', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.setIamPolicy']
Copy Permissions GA
roles/cloudtestservice.testAdmin
Full access to all Test Lab features
Firebase Test Lab Admin
['cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.create', 'cloudtestservice.matrices.get', 'cloudtestservice.matrices.update', 'cloudtoolresults.executions.create', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.executions.update', 'cloudtoolresults.histories.create', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.create', 'cloudtoolresults.settings.get', 'cloudtoolresults.settings.update', 'cloudtoolresults.steps.create', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtoolresults.steps.update', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/cloudtestservice.directAccessAdmin
Administrator owning access to Direct Access
Firebase Test Lab Direct Access Admin
['cloudtestservice.devicesession.cancel', 'cloudtestservice.devicesession.create', 'cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'cloudtestservice.devicesession.update', 'cloudtestservice.devicesession.use', 'cloudtestservice.environmentcatalog.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtestservice.directAccessViewer
Viewer, able to see what direct access sessions exist
Firebase Test Lab Direct Access Viewer
['cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudtestservice.testViewer
Read access to Test Lab features
Firebase Test Lab Viewer
['cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.get', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.get', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/firebase.viewer
Read-only access to Firebase products.
Firebase Viewer
['apikeys.keys.get', 'apikeys.keys.list', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.get', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudconfig.configs.get', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudnotifications.activities.list', 'cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.get', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.get', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'errorreporting.groups.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'fcmdata.deliverydata.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.services.get', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'firebaseauth.configs.get', 'firebaseauth.users.get', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.sessions.get', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.list', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebaseperformance.data.get', 'firebaserules.releases.get', 'firebaserules.releases.list', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.defaultBucket.get', 'logging.logEntries.list', 'monitoring.timeSeries.list', 'oauthconfig.verification.get', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions GA
roles/recommender.firestoredatabasereliabilityAdmin
Admin of Firestore Database Reliability Insights and Recommendations.
Firestore Database Reliability Recommender Admin
['recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityInsights.update', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.firestoreDatabaseReliabilityRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.firestoredatabasereliabilityViewer
Viewer of Firestore Database Reliability Insights and Recommendations.
Firestore Database Reliability Recommender Viewer
['recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/firestore.serviceAgent
Gives Firestore service account access to managed resources.
Firestore Service Agent
['storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/recommender.firewallAdmin
Admin of Firewall insights and recommendations.
Firewall Recommender Admin
['monitoring.timeSeries.list', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsightTypeConfigs.update', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.computeFirewallInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.firewallViewer
Viewer of Firewall insights and recommendations.
Firewall Recommender Viewer
['monitoring.timeSeries.list', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkehub.admin
Full access to Fleet resources.
Fleet Admin (formerly GKE Hub Admin)
['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.setIamPolicy', 'gkehub.scopes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkehub.editor
Edit access to Fleet resources.
Fleet Editor (formerly GKE Hub Editor)
['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/fleetengine.consumerSdkUser
Limited read access to Fleet Engine resources
Fleet Engine Consumer SDK User
['fleetengine.trips.get', 'fleetengine.vehicles.get', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed']
Copy Permissions GA
roles/fleetengine.deliveryAdmin
Full access to Fleet Engine Delivery resources.
Fleet Engine Delivery Admin
['fleetengine.deliveryvehicles.allowAllActions', 'fleetengine.deliveryvehicles.create', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.deliveryvehicles.update', 'fleetengine.deliveryvehicles.updateLocation', 'fleetengine.deliveryvehicles.updateVehicleStops', 'fleetengine.tasks.allowAllActions', 'fleetengine.tasks.create', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasks.update', 'fleetengine.tasktrackinginfo.allowAllActions', 'fleetengine.tasktrackinginfo.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/fleetengine.deliveryConsumer
Limited read access to Fleet Engine Delivery resources
Fleet Engine Delivery Consumer User
['fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasktrackinginfo.get']
Copy Permissions GA
roles/fleetengine.deliveryFleetReader
Grants read access to all Fleet Engine Delivery resources
Fleet Engine Delivery Fleet Reader User
['fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasktrackinginfo.get']
Copy Permissions GA
roles/fleetengine.deliverySuperUser
Full access to Fleet Engine DeliveryVehicles and Tasks resources.
Fleet Engine Delivery Super User
['fleetengine.deliveryvehicles.create', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.deliveryvehicles.update', 'fleetengine.deliveryvehicles.updateLocation', 'fleetengine.deliveryvehicles.updateVehicleStops', 'fleetengine.tasks.create', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasks.update', 'fleetengine.tasktrackinginfo.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/fleetengine.deliveryTrustedDriver
Read and write access to Fleet Engine Delivery resources
Fleet Engine Delivery Trusted Driver User
['fleetengine.deliveryvehicles.create', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.update', 'fleetengine.deliveryvehicles.updateLocation', 'fleetengine.deliveryvehicles.updateVehicleStops', 'fleetengine.tasks.create', 'fleetengine.tasks.update']
Copy Permissions GA
roles/fleetengine.deliveryUntrustedDriver
Limited write access to Fleet Engine Delivery Vehicle resources
Fleet Engine Delivery Untrusted Driver User
['fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.updateLocation']
Copy Permissions GA
roles/fleetengine.driverSdkUser
Read and limited update access to Fleet Engine resources
Fleet Engine Driver SDK User
['fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.trips.update', 'fleetengine.vehicles.get', 'fleetengine.vehicles.updateLocation']
Copy Permissions GA
roles/fleetengine.ondemandAdmin
Full access to Vehicle and Trip resources.
Fleet Engine On-Demand Admin
['fleetengine.trips.allowAllActions', 'fleetengine.trips.create', 'fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.trips.update', 'fleetengine.trips.updateState', 'fleetengine.vehicles.allowAllActions', 'fleetengine.vehicles.create', 'fleetengine.vehicles.get', 'fleetengine.vehicles.list', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed', 'fleetengine.vehicles.update', 'fleetengine.vehicles.updateLocation', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/fleetengine.serviceSuperUser
Full access to all Fleet Engine resources.
Fleet Engine Service Super User
['fleetengine.trips.create', 'fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.trips.update', 'fleetengine.trips.updateState', 'fleetengine.vehicles.create', 'fleetengine.vehicles.get', 'fleetengine.vehicles.list', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed', 'fleetengine.vehicles.update', 'fleetengine.vehicles.updateLocation', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkehub.scopeEditorProjectLevel
Role for project-level permissions for editor of Fleet Scopes.
Fleet Project-level Scope Editor
['gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.memberships.get', 'gkehub.operations.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get']
Copy Permissions GA
roles/gkehub.scopeViewerProjectLevel
Role for project-level permissions for viewer of Fleet Scopes.
Fleet Project-level Scope Viewer
['gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.memberships.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get']
Copy Permissions GA
roles/gkehub.scopeAdmin
Admin access to Fleet Scopes to set IAM Bindings and RBACRoleBindings.
Fleet Scope Admin
['gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.setIamPolicy']
Copy Permissions GA
roles/gkehub.scopeEditor
Edit access to Namespaces under Fleet Scopes.
Fleet Scope Editor
['gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.listBoundMemberships']
Copy Permissions GA
roles/gkehub.scopeViewer
Viewer of Fleet Scopes and associated resources.
Fleet Scope Viewer
['gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.listBoundMemberships']
Copy Permissions GA
roles/gkehub.viewer
Read-only access to Fleets and related resources.
Fleet Viewer (formerly GKE Hub Viewer)
['gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/fleetengine.serviceAgent
Grants the FleetEngine Service Account access to manage resources.
FleetEngine Service Agent
['bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.tables.getData', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.enable']
Copy Permissions GA
roles/resourcemanager.folderAdmin
Access and administer a folder and all of its sub-resources.
Folder Admin
['essentialcontacts.contacts.create', 'essentialcontacts.contacts.delete', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'essentialcontacts.contacts.send', 'essentialcontacts.contacts.update', 'iam.policybindings.get', 'iam.policybindings.list', 'orgpolicy.constraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.create', 'resourcemanager.folders.createPolicyBinding', 'resourcemanager.folders.delete', 'resourcemanager.folders.deletePolicyBinding', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.move', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.folders.undelete', 'resourcemanager.folders.update', 'resourcemanager.folders.updatePolicyBinding', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.projects.createPolicyBinding', 'resourcemanager.projects.deletePolicyBinding', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.projects.updatePolicyBinding']
Copy Permissions GA
roles/resourcemanager.folderCreator
Create folder and view all of its sub-resources.
Folder Creator
['essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'orgpolicy.constraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/resourcemanager.folderEditor
Edit, delete, and undelete a folder and all of its child resources.
Folder Editor
['essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'orgpolicy.constraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.delete', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.folders.undelete', 'resourcemanager.folders.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/resourcemanager.folderIamAdmin
Access and administer a folder IAM policies.
Folder IAM Admin
['iam.policybindings.get', 'iam.policybindings.list', 'resourcemanager.folders.createPolicyBinding', 'resourcemanager.folders.deletePolicyBinding', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.folders.updatePolicyBinding']
Copy Permissions GA
roles/resourcemanager.folderMover
Move a folder and all of its child resources.
Folder Mover
['resourcemanager.folders.move', 'resourcemanager.projects.move']
Copy Permissions GA
roles/resourcemanager.folderViewer
Access to view a folder and all of its child resources.
Folder Viewer
['essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'orgpolicy.constraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gameservices.serviceAgent
Gives Game Services Service Account access to GCP resources.
Game Services Service Agent
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.bind', 'container.roles.create', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'iam.serviceAccounts.actAs', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkmanagement.serviceAgent
Grants the GCP Network Management API the authority to complete analysis based on network configurations from Compute Engine and Container Engine.
GCP Network Management Service Agent
['cloudsql.instances.get', 'cloudsql.instances.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instances.get', 'compute.instances.list', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listPeeringRoutes', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.routers.get', 'compute.routers.list', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'container.clusters.get', 'container.clusters.list', 'container.nodes.get', 'container.nodes.list']
Copy Permissions GA
roles/gdchardwaremanagement.admin
Full access to GDC Hardware Management resources.
GDC Hardware Management Admin
['gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.create', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.create', 'gdchardwaremanagement.hardware.delete', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardware.update', 'gdchardwaremanagement.hardwareGroups.create', 'gdchardwaremanagement.hardwareGroups.delete', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.hardwareGroups.update', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.cancel', 'gdchardwaremanagement.operations.delete', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.create', 'gdchardwaremanagement.orders.delete', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.orders.submit', 'gdchardwaremanagement.orders.update', 'gdchardwaremanagement.sites.create', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.sites.update', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.create', 'gdchardwaremanagement.zones.delete', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'gdchardwaremanagement.zones.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/gdchardwaremanagement.operator
Create, read, and update access to GDC Hardware Management resources that support those operations. Also grants delete access to HardwareGroup resource.
GDC Hardware Management Operator
['gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.create', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.create', 'gdchardwaremanagement.hardware.delete', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardware.update', 'gdchardwaremanagement.hardwareGroups.create', 'gdchardwaremanagement.hardwareGroups.delete', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.hardwareGroups.update', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.create', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.orders.update', 'gdchardwaremanagement.sites.create', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.sites.update', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.create', 'gdchardwaremanagement.zones.delete', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'gdchardwaremanagement.zones.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/gdchardwaremanagement.reader
Readonly access to GDC Hardware Management resources.
GDC Hardware Management Reader
['gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudaicompanion.user
A user who can use Gemini for Google Cloud
Gemini for Google Cloud User
['cloudaicompanion.companions.generateChat', 'cloudaicompanion.companions.generateCode', 'cloudaicompanion.entitlements.get', 'cloudaicompanion.instances.completeCode', 'cloudaicompanion.instances.completeTask', 'cloudaicompanion.instances.generateCode', 'cloudaicompanion.instances.generateText', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/genomics.admin
Full access to genomics datasets and operations.
Genomics Admin
['genomics.datasets.create', 'genomics.datasets.delete', 'genomics.datasets.get', 'genomics.datasets.getIamPolicy', 'genomics.datasets.list', 'genomics.datasets.setIamPolicy', 'genomics.datasets.update', 'genomics.operations.cancel', 'genomics.operations.create', 'genomics.operations.get', 'genomics.operations.list']
Copy Permissions GA
roles/genomics.editor
Access to read and edit genomics datasets and operations.
Genomics Editor
['genomics.datasets.create', 'genomics.datasets.delete', 'genomics.datasets.get', 'genomics.datasets.list', 'genomics.datasets.update', 'genomics.operations.cancel', 'genomics.operations.create', 'genomics.operations.get', 'genomics.operations.list']
Copy Permissions GA
roles/genomics.pipelinesRunner
Full access to operate on genomics pipelines.
Genomics Pipelines Runner
['genomics.operations.cancel', 'genomics.operations.create', 'genomics.operations.get', 'genomics.operations.list']
Copy Permissions GA
roles/genomics.serviceAgent
Gives Genomics Service Account access to compute resources. Includes access to service accounts.
Genomics Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/genomics.viewer
Access to view genomics datasets and operations.
Genomics Viewer
['genomics.datasets.get', 'genomics.datasets.list', 'genomics.operations.get', 'genomics.operations.list']
Copy Permissions GA
roles/gkehub.connect
Ability to set up GKE Connect between external clusters and Google.
GKE Connect Agent
['gkehub.endpoints.connect']
Copy Permissions GA
roles/recommender.containerDiagnosisAdmin
Admin of GKE Diagnosis Insights and Recommendations.
GKE Diagnosis Recommender Admin
['recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.containerDiagnosisViewer
Viewer of GKE Diagnosis Insights and Recommendations.
GKE Diagnosis Recommender Viewer
['recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkehub.crossProjectServiceAgent
Gives the GKE Hub service agent permission to manage the project for cross-project fleet registration.
GKE Hub Cross Project Service Agent
['resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy']
Copy Permissions GA
roles/gkehub.serviceAgent
Gives the GKE Hub service agent access to Cloud Platform resources.
GKE Hub Service Agent
['container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.namespaces.get', 'container.operations.get', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'gkehub.features.create', 'gkehub.features.get', 'gkehub.features.list', 'gkehub.fleet.create', 'gkehub.fleet.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.create', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.operations.get', 'gkemulticloud.awsClusters.get', 'gkemulticloud.azureClusters.get', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.vmwareClusters.get', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.views.create', 'logging.views.get', 'logging.views.list', 'logging.views.update', 'monitoring.metricsScopes.link', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/gkeonprem.admin
Full access to GKE on-prem all resources.
GKE on-prem Admin
['gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.create', 'gkeonprem.bareMetalAdminClusters.enroll', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.queryVersionConfig', 'gkeonprem.bareMetalAdminClusters.setIamPolicy', 'gkeonprem.bareMetalAdminClusters.unenroll', 'gkeonprem.bareMetalAdminClusters.update', 'gkeonprem.bareMetalClusters.create', 'gkeonprem.bareMetalClusters.delete', 'gkeonprem.bareMetalClusters.enroll', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.queryVersionConfig', 'gkeonprem.bareMetalClusters.setIamPolicy', 'gkeonprem.bareMetalClusters.unenroll', 'gkeonprem.bareMetalClusters.update', 'gkeonprem.bareMetalNodePools.create', 'gkeonprem.bareMetalNodePools.delete', 'gkeonprem.bareMetalNodePools.enroll', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.bareMetalNodePools.setIamPolicy', 'gkeonprem.bareMetalNodePools.unenroll', 'gkeonprem.bareMetalNodePools.update', 'gkeonprem.locations.get', 'gkeonprem.locations.list', 'gkeonprem.operations.cancel', 'gkeonprem.operations.delete', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.enroll', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareAdminClusters.setIamPolicy', 'gkeonprem.vmwareAdminClusters.unenroll', 'gkeonprem.vmwareAdminClusters.update', 'gkeonprem.vmwareClusters.create', 'gkeonprem.vmwareClusters.delete', 'gkeonprem.vmwareClusters.enroll', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.queryVersionConfig', 'gkeonprem.vmwareClusters.setIamPolicy', 'gkeonprem.vmwareClusters.unenroll', 'gkeonprem.vmwareClusters.update', 'gkeonprem.vmwareNodePools.create', 'gkeonprem.vmwareNodePools.delete', 'gkeonprem.vmwareNodePools.enroll', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gkeonprem.vmwareNodePools.setIamPolicy', 'gkeonprem.vmwareNodePools.unenroll', 'gkeonprem.vmwareNodePools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkeonprem.serviceAgent
Gives the GKE On-Prem service agent access to Cloud Platform resources.
GKE On-Prem Service Agent
['gkehub.memberships.delete', 'gkehub.memberships.get', 'gkehub.memberships.update', 'gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.enroll', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.unenroll', 'gkeonprem.bareMetalClusters.enroll', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.unenroll', 'gkeonprem.bareMetalNodePools.enroll', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.unenroll', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.enroll', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.unenroll', 'gkeonprem.vmwareClusters.enroll', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.unenroll', 'gkeonprem.vmwareNodePools.enroll', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.unenroll']
Copy Permissions GA
roles/gkeonprem.viewer
Read-only access to GKE on-prem all resources.
GKE on-prem Viewer
['gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.queryVersionConfig', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.queryVersionConfig', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.locations.get', 'gkeonprem.locations.list', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.queryVersionConfig', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/containersecurity.viewer
Readonly access to GKE Security Posture resources.
GKE Security Posture Viewer
['container.clusters.list', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.get', 'containersecurity.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/batch.serviceAgent
Gives Google Batch account access to manage customer resources.
Google Batch Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/managedidentities.admin
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level.
Google Cloud Managed Identities Admin
['managedidentities.backups.create', 'managedidentities.backups.delete', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.setIamPolicy', 'managedidentities.backups.update', 'managedidentities.domains.attachTrust', 'managedidentities.domains.checkMigrationPermission', 'managedidentities.domains.create', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.delete', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.detachTrust', 'managedidentities.domains.disableMigration', 'managedidentities.domains.domainJoinMachine', 'managedidentities.domains.enableMigration', 'managedidentities.domains.extendSchema', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.domains.reconfigureTrust', 'managedidentities.domains.resetpassword', 'managedidentities.domains.restore', 'managedidentities.domains.setIamPolicy', 'managedidentities.domains.update', 'managedidentities.domains.updateLDAPSSettings', 'managedidentities.domains.validateTrust', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.cancel', 'managedidentities.operations.delete', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.create', 'managedidentities.peerings.delete', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.peerings.setIamPolicy', 'managedidentities.peerings.update', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.backupAdmin
Full access to Google Cloud Managed Identities Backup and related resources. Intended to be granted on a project-level
Google Cloud Managed Identities Backup Admin
['managedidentities.backups.create', 'managedidentities.backups.delete', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.setIamPolicy', 'managedidentities.backups.update', 'managedidentities.domains.get', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.cancel', 'managedidentities.operations.delete', 'managedidentities.operations.get', 'managedidentities.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.backupViewer
Read-only access to Google Cloud Managed Identities Backup and related resources.
Google Cloud Managed Identities Backup Viewer
['managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.domains.get', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.get', 'managedidentities.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.domainAdmin
Read-Update-Delete to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a resource (domain) level.
Google Cloud Managed Identities Domain Admin
['managedidentities.backups.create', 'managedidentities.backups.delete', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.setIamPolicy', 'managedidentities.backups.update', 'managedidentities.domains.attachTrust', 'managedidentities.domains.checkMigrationPermission', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.delete', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.detachTrust', 'managedidentities.domains.disableMigration', 'managedidentities.domains.domainJoinMachine', 'managedidentities.domains.enableMigration', 'managedidentities.domains.extendSchema', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.domains.reconfigureTrust', 'managedidentities.domains.resetpassword', 'managedidentities.domains.restore', 'managedidentities.domains.update', 'managedidentities.domains.updateLDAPSSettings', 'managedidentities.domains.validateTrust', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.domainJoin
Access to domain join VMs with Cloud AD
Google Cloud Managed Identities Domain Join
['managedidentities.domains.domainJoinMachine', 'managedidentities.domains.get']
Copy Permissions BETA
roles/managedidentities.peeringAdmin
Full access to Google Cloud Managed Identities Domains and related resources. Intended to be granted on a project-level
Google Cloud Managed Identities Peering Admin
['managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.cancel', 'managedidentities.operations.delete', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.create', 'managedidentities.peerings.delete', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.peerings.setIamPolicy', 'managedidentities.peerings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.peeringViewer
Read-only access to Google Cloud Managed Identities Peering and related resources.
Google Cloud Managed Identities Peering Viewer
['managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/managedidentities.viewer
Read-only access to Google Cloud Managed Identities Domains and related resources.
Google Cloud Managed Identities Viewer
['managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/netapp.admin
Full access to Google Cloud NetApp Volumes resources.
Google Cloud NetApp Volumes Admin
['netapp.activeDirectories.create', 'netapp.activeDirectories.delete', 'netapp.activeDirectories.get', 'netapp.activeDirectories.list', 'netapp.activeDirectories.update', 'netapp.backupPolicies.create', 'netapp.backupPolicies.delete', 'netapp.backupPolicies.get', 'netapp.backupPolicies.list', 'netapp.backupPolicies.update', 'netapp.backupVaults.create', 'netapp.backupVaults.delete', 'netapp.backupVaults.get', 'netapp.backupVaults.list', 'netapp.backupVaults.update', 'netapp.backups.create', 'netapp.backups.delete', 'netapp.backups.get', 'netapp.backups.list', 'netapp.backups.update', 'netapp.kmsConfigs.create', 'netapp.kmsConfigs.delete', 'netapp.kmsConfigs.encrypt', 'netapp.kmsConfigs.get', 'netapp.kmsConfigs.list', 'netapp.kmsConfigs.update', 'netapp.kmsConfigs.verify', 'netapp.locations.get', 'netapp.locations.list', 'netapp.operations.cancel', 'netapp.operations.delete', 'netapp.operations.get', 'netapp.operations.list', 'netapp.replications.create', 'netapp.replications.delete', 'netapp.replications.establishPeering', 'netapp.replications.get', 'netapp.replications.list', 'netapp.replications.resume', 'netapp.replications.reverse', 'netapp.replications.stop', 'netapp.replications.sync', 'netapp.replications.update', 'netapp.snapshots.create', 'netapp.snapshots.delete', 'netapp.snapshots.get', 'netapp.snapshots.list', 'netapp.snapshots.update', 'netapp.storagePools.create', 'netapp.storagePools.delete', 'netapp.storagePools.get', 'netapp.storagePools.list', 'netapp.storagePools.switch', 'netapp.storagePools.update', 'netapp.volumes.create', 'netapp.volumes.delete', 'netapp.volumes.get', 'netapp.volumes.list', 'netapp.volumes.revert', 'netapp.volumes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/netapp.viewer
Readonly access to Google Cloud NetApp Volumes resources.
Google Cloud NetApp Volumes Viewer
['netapp.activeDirectories.get', 'netapp.activeDirectories.list', 'netapp.backupPolicies.get', 'netapp.backupPolicies.list', 'netapp.backupVaults.get', 'netapp.backupVaults.list', 'netapp.backups.get', 'netapp.backups.list', 'netapp.kmsConfigs.get', 'netapp.kmsConfigs.list', 'netapp.locations.get', 'netapp.locations.list', 'netapp.operations.get', 'netapp.operations.list', 'netapp.replications.get', 'netapp.replications.list', 'netapp.snapshots.get', 'netapp.snapshots.list', 'netapp.storagePools.get', 'netapp.storagePools.list', 'netapp.volumes.get', 'netapp.volumes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/securitycenter.securityResponseServiceAgent
Gives Playbook Runner permissions to execute all Google authored Playbooks. This role will keep evolving as we add more playbooks
Google Cloud Security Response Service Agent
['compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.setMetadata', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'securitycenter.findings.list', 'storage.buckets.get', 'storage.buckets.update']
Copy Permissions GA
roles/nestconsole.homeDeveloperAdmin
Admin access to Google Home Developer Console resources
Google Home Developer Console Admin
['nestconsole.smarthomePreviews.update', 'nestconsole.smarthomeProjects.create', 'nestconsole.smarthomeProjects.delete', 'nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeProjects.update', 'nestconsole.smarthomeVersions.create', 'nestconsole.smarthomeVersions.get', 'nestconsole.smarthomeVersions.submit', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/nestconsole.homeDeveloperEditor
Read-Write access to Google Home Developer Console resources
Google Home Developer Console Editor
['nestconsole.smarthomePreviews.update', 'nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeProjects.update', 'nestconsole.smarthomeVersions.create', 'nestconsole.smarthomeVersions.get', 'nestconsole.smarthomeVersions.submit', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/nestconsole.homeDeveloperViewer
Read-only access to Google Home Developer Console resources
Google Home Developer Console Reader
['nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeVersions.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.gmpAdmin
Admin of all Google Maps Platform insights and recommendations.
Google Maps Platform Insights/Recommendations Admin
['recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceInsights.update', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpGuidedExperienceRecommendations.update', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementInsights.update', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectManagementRecommendations.update', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsInsights.update', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.gmpProjectProductSuggestionsRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.gmpViewer
Viewer of all Google Maps Platform insights and recommendations.
Google Maps Platform Insights/Recommendations Viewer
['recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gsuiteaddons.developer
Full access to Google Workspace Add-ons resources
Google Workspace Add-ons Developer
['gsuiteaddons.authorizations.get', 'gsuiteaddons.deployments.create', 'gsuiteaddons.deployments.delete', 'gsuiteaddons.deployments.execute', 'gsuiteaddons.deployments.get', 'gsuiteaddons.deployments.install', 'gsuiteaddons.deployments.installStatus', 'gsuiteaddons.deployments.list', 'gsuiteaddons.deployments.uninstall', 'gsuiteaddons.deployments.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gsuiteaddons.reader
Read-only access to Google Workspace Add-ons resources
Google Workspace Add-ons Reader
['gsuiteaddons.authorizations.get', 'gsuiteaddons.deployments.get', 'gsuiteaddons.deployments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gsuiteaddons.tester
Testing execution access to Google Workspace Add-ons resources
Google Workspace Add-ons Tester
['gsuiteaddons.deployments.execute', 'gsuiteaddons.deployments.install', 'gsuiteaddons.deployments.installStatus', 'gsuiteaddons.deployments.uninstall', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/commerceorggovernance.user
Full access to Governed Marketplace features.
Governed Marketplace User
['commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'commerceorggovernance.services.request', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networkconnectivity.groupUser
Enables use access on group resources
Group User
['networkconnectivity.groups.use']
Copy Permissions GA
roles/osconfig.guestPolicyAdmin
Full admin access to GuestPolicies
GuestPolicy Admin
['osconfig.guestPolicies.create', 'osconfig.guestPolicies.delete', 'osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.guestPolicies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/osconfig.guestPolicyEditor
Editor of GuestPolicy resources
GuestPolicy Editor
['osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.guestPolicies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/osconfig.guestPolicyViewer
Viewer of GuestPolicy resources
GuestPolicy Viewer
['osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/healthcare.annotationStoreAdmin
Administer Annotation stores.
Healthcare Annotation Administrator
['healthcare.annotationStores.create', 'healthcare.annotationStores.delete', 'healthcare.annotationStores.evaluate', 'healthcare.annotationStores.export', 'healthcare.annotationStores.get', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.import', 'healthcare.annotationStores.list', 'healthcare.annotationStores.setIamPolicy', 'healthcare.annotationStores.update', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.annotationEditor
Create, delete, update, read and list annotations.
Healthcare Annotation Editor
['healthcare.annotationStores.get', 'healthcare.annotationStores.list', 'healthcare.annotations.create', 'healthcare.annotations.delete', 'healthcare.annotations.get', 'healthcare.annotations.list', 'healthcare.annotations.update', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.annotationReader
Read and list annotations in an Annotation store.
Healthcare Annotation Reader
['healthcare.annotationStores.get', 'healthcare.annotationStores.list', 'healthcare.annotations.get', 'healthcare.annotations.list', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.annotationStoreViewer
List Annotation Stores in a dataset.
Healthcare Annotation Store Viewer
['healthcare.annotationStores.get', 'healthcare.annotationStores.list', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.attributeDefinitionEditor
Edit AttributeDefinition objects.
Healthcare Attribute Definition Editor
['healthcare.attributeDefinitions.create', 'healthcare.attributeDefinitions.delete', 'healthcare.attributeDefinitions.get', 'healthcare.attributeDefinitions.list', 'healthcare.attributeDefinitions.update', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.attributeDefinitionReader
Read AttributeDefinition objects in a consent store.
Healthcare Attribute Definition Reader
['healthcare.attributeDefinitions.get', 'healthcare.attributeDefinitions.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentArtifactAdmin
Administer ConsentArtifact objects.
Healthcare Consent Artifact Administrator
['healthcare.consentArtifacts.create', 'healthcare.consentArtifacts.delete', 'healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentArtifactEditor
Edit ConsentArtifact objects.
Healthcare Consent Artifact Editor
['healthcare.consentArtifacts.create', 'healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentArtifactReader
Read ConsentArtifact objects in a consent store.
Healthcare Consent Artifact Reader
['healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentEditor
Edit Consent objects.
Healthcare Consent Editor
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consents.activate', 'healthcare.consents.create', 'healthcare.consents.delete', 'healthcare.consents.get', 'healthcare.consents.list', 'healthcare.consents.reject', 'healthcare.consents.revoke', 'healthcare.consents.update', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentReader
Read Consent objects in a consent store.
Healthcare Consent Reader
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consents.get', 'healthcare.consents.list', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentStoreAdmin
Administer Consent stores.
Healthcare Consent Store Administrator
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.create', 'healthcare.consentStores.delete', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consentStores.setIamPolicy', 'healthcare.consentStores.update', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.consentStoreViewer
List Consent Stores in a dataset.
Healthcare Consent Store Viewer
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.datasetAdmin
Administer Healthcare Datasets.
Healthcare Dataset Administrator
['healthcare.datasets.create', 'healthcare.datasets.deidentify', 'healthcare.datasets.delete', 'healthcare.datasets.get', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.datasets.setIamPolicy', 'healthcare.datasets.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'healthcare.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.datasetViewer
List the Healthcare Datasets in a project.
Healthcare Dataset Viewer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.dicomEditor
Edit DICOM images individually and in bulk.
Healthcare DICOM Editor
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.dicomStores.dicomWebDelete', 'healthcare.dicomStores.dicomWebRead', 'healthcare.dicomStores.dicomWebWrite', 'healthcare.dicomStores.export', 'healthcare.dicomStores.get', 'healthcare.dicomStores.import', 'healthcare.dicomStores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.dicomStoreAdmin
Administer DICOM stores.
Healthcare DICOM Store Administrator
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.dicomStores.create', 'healthcare.dicomStores.deidentify', 'healthcare.dicomStores.delete', 'healthcare.dicomStores.dicomWebDelete', 'healthcare.dicomStores.get', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.list', 'healthcare.dicomStores.setIamPolicy', 'healthcare.dicomStores.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.dicomStoreViewer
List DICOM Stores in a dataset.
Healthcare DICOM Store Viewer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.dicomStores.get', 'healthcare.dicomStores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.dicomViewer
Retrieve DICOM images from a DICOM store.
Healthcare DICOM Viewer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.dicomStores.dicomWebRead', 'healthcare.dicomStores.export', 'healthcare.dicomStores.get', 'healthcare.dicomStores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.fhirResourceEditor
Create, delete, update, read and search FHIR resources.
Healthcare FHIR Resource Editor
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.fhirResources.create', 'healthcare.fhirResources.delete', 'healthcare.fhirResources.get', 'healthcare.fhirResources.patch', 'healthcare.fhirResources.translateConceptMap', 'healthcare.fhirResources.update', 'healthcare.fhirStores.executeBundle', 'healthcare.fhirStores.get', 'healthcare.fhirStores.list', 'healthcare.fhirStores.searchResources', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.fhirResourceReader
Read and search FHIR resources.
Healthcare FHIR Resource Reader
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.fhirResources.get', 'healthcare.fhirResources.translateConceptMap', 'healthcare.fhirStores.executeBundle', 'healthcare.fhirStores.get', 'healthcare.fhirStores.list', 'healthcare.fhirStores.searchResources', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.fhirStoreAdmin
Administer FHIR resource stores.
Healthcare FHIR Store Administrator
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.fhirResources.purge', 'healthcare.fhirStores.applyConsents', 'healthcare.fhirStores.configureSearch', 'healthcare.fhirStores.create', 'healthcare.fhirStores.deidentify', 'healthcare.fhirStores.delete', 'healthcare.fhirStores.explainDataAccess', 'healthcare.fhirStores.export', 'healthcare.fhirStores.get', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.import', 'healthcare.fhirStores.list', 'healthcare.fhirStores.rollback', 'healthcare.fhirStores.setIamPolicy', 'healthcare.fhirStores.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.fhirStoreViewer
List FHIR Stores in a dataset.
Healthcare FHIR Store Viewer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.fhirStores.get', 'healthcare.fhirStores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.hl7V2Consumer
List and read HL7v2 messages, update message labels, and publish new messages.
Healthcare HL7v2 Message Consumer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.hl7V2Messages.create', 'healthcare.hl7V2Messages.get', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Messages.update', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.hl7V2Editor
Read, write, and delete access to HL7v2 messages.
Healthcare HL7v2 Message Editor
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.hl7V2Messages.create', 'healthcare.hl7V2Messages.delete', 'healthcare.hl7V2Messages.get', 'healthcare.hl7V2Messages.ingest', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Messages.update', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.hl7V2Ingest
Ingest HL7v2 messages received from a source network.
Healthcare HL7v2 Message Ingest
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.hl7V2Messages.ingest', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.hl7V2StoreAdmin
Administer HL7v2 Stores.
Healthcare HL7v2 Store Administrator
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.hl7V2Stores.create', 'healthcare.hl7V2Stores.delete', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.import', 'healthcare.hl7V2Stores.list', 'healthcare.hl7V2Stores.rollback', 'healthcare.hl7V2Stores.setIamPolicy', 'healthcare.hl7V2Stores.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.cancel', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.hl7V2StoreViewer
View HL7v2 Stores in a dataset.
Healthcare HL7v2 Store Viewer
['healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.nlpServiceViewer
Extract and analyze medical entities from a given text.
Healthcare NLP Service Viewer
['healthcare.locations.get', 'healthcare.locations.list', 'healthcare.nlpservice.analyzeEntities', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/healthcare.serviceAgent
Gives the Healthcare Service Account access to networks, Kubernetes engine, and Pub/Sub resources.
Healthcare Service Agent
['cloudnotifications.activities.list', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'pubsub.snapshots.seek', 'pubsub.subscriptions.consume', 'pubsub.topics.attachSubscription', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list']
Copy Permissions GA
roles/healthcare.userDataMappingEditor
Edit UserDataMapping objects.
Healthcare User Data Mapping Editor
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'healthcare.userDataMappings.archive', 'healthcare.userDataMappings.create', 'healthcare.userDataMappings.delete', 'healthcare.userDataMappings.get', 'healthcare.userDataMappings.list', 'healthcare.userDataMappings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/healthcare.userDataMappingReader
Read UserDataMapping objects in a consent store.
Healthcare User Data Mapping Reader
['healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.datasets.get', 'healthcare.datasets.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.operations.get', 'healthcare.userDataMappings.get', 'healthcare.userDataMappings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.hubAdmin
Enables full access to hub and spoke resources
Hub & Spoke Admin
['networkconnectivity.groups.acceptSpoke', 'networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.groups.rejectSpoke', 'networkconnectivity.groups.setIamPolicy', 'networkconnectivity.groups.use', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRouteTables.setIamPolicy', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubRoutes.setIamPolicy', 'networkconnectivity.hubs.create', 'networkconnectivity.hubs.delete', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.hubs.setIamPolicy', 'networkconnectivity.hubs.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkconnectivity.spokes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.hubViewer
Enables read-only access to hub and spoke resources
Hub & Spoke Viewer
['networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.oauthClientAdmin
Full rights to create and manage OAuth clients.
IAM OAuth Client Admin
['iam.googleapis.com/oauthClientCredentials.create', 'iam.googleapis.com/oauthClientCredentials.delete', 'iam.googleapis.com/oauthClientCredentials.get', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClientCredentials.update', 'iam.googleapis.com/oauthClients.create', 'iam.googleapis.com/oauthClients.delete', 'iam.googleapis.com/oauthClients.get', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/oauthClients.undelete', 'iam.googleapis.com/oauthClients.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iam.oauthClientViewer
Read access to a particular instance of an OAuth client.
IAM OAuth Client Viewer
['iam.googleapis.com/oauthClientCredentials.get', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClients.get', 'iam.googleapis.com/oauthClients.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iam.operationViewer
Operation user role, with permissions to view and list operations in IAM v3
IAM Operation Viewer
['iam.operations.get']
Copy Permissions BETA
roles/recommender.iampolicychangeriskAdmin
Admin of IAM Policy Change Risk Insights and Recommendations.
IAM Policy Change Risk Recommender Admin
['recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskInsights.update', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyChangeRiskRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.iampolicychangeriskViewer
Viewer of IAM Policy Change Risk Insights and Recommendations.
IAM Policy Change Risk Recommender Viewer
['recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.iamAdmin
Admin of IAM recommendations.
IAM Recommender Admin
['recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyLateralMovementInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamPolicyRecommenderConfig.update', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.iamServiceAccountInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.iamViewer
Viewer of IAM recommendations.
IAM Recommender Viewer
['recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.workforcePoolAdmin
Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.
IAM Workforce Pool Admin
['iam.googleapis.com/workforcePoolProviderKeys.create', 'iam.googleapis.com/workforcePoolProviderKeys.delete', 'iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviderKeys.undelete', 'iam.googleapis.com/workforcePoolProviders.create', 'iam.googleapis.com/workforcePoolProviders.delete', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePoolProviders.undelete', 'iam.googleapis.com/workforcePoolProviders.update', 'iam.googleapis.com/workforcePoolSubjects.delete', 'iam.googleapis.com/workforcePoolSubjects.undelete', 'iam.googleapis.com/workforcePools.create', 'iam.googleapis.com/workforcePools.createPolicyBinding', 'iam.googleapis.com/workforcePools.delete', 'iam.googleapis.com/workforcePools.deletePolicyBinding', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.searchPolicyBindings', 'iam.googleapis.com/workforcePools.setIamPolicy', 'iam.googleapis.com/workforcePools.undelete', 'iam.googleapis.com/workforcePools.update', 'iam.googleapis.com/workforcePools.updatePolicyBinding']
Copy Permissions GA
roles/iam.workforcePoolEditor
Rights to edit a particular instance of a workforce pool.
IAM Workforce Pool Editor
['iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.create', 'iam.googleapis.com/workforcePoolProviders.delete', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePoolProviders.undelete', 'iam.googleapis.com/workforcePoolProviders.update', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.update']
Copy Permissions GA
roles/iam.workforcePoolViewer
Rights to read workforce pool.
IAM Workforce Pool Viewer
['iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.list']
Copy Permissions GA
roles/iam.workloadIdentityPoolAdmin
Full rights to create and manage workload identity pools.
IAM Workload Identity Pool Admin
['iam.googleapis.com/workloadIdentityPoolProviderKeys.create', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.delete', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.get', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.undelete', 'iam.googleapis.com/workloadIdentityPoolProviders.create', 'iam.googleapis.com/workloadIdentityPoolProviders.delete', 'iam.googleapis.com/workloadIdentityPoolProviders.get', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPoolProviders.undelete', 'iam.googleapis.com/workloadIdentityPoolProviders.update', 'iam.googleapis.com/workloadIdentityPools.create', 'iam.googleapis.com/workloadIdentityPools.delete', 'iam.googleapis.com/workloadIdentityPools.get', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.googleapis.com/workloadIdentityPools.undelete', 'iam.googleapis.com/workloadIdentityPools.update', 'iam.workloadIdentityPools.createPolicyBinding', 'iam.workloadIdentityPools.deletePolicyBinding', 'iam.workloadIdentityPools.searchPolicyBindings', 'iam.workloadIdentityPools.updatePolicyBinding', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iam.workloadIdentityPoolViewer
Read access to workload identity pools.
IAM Workload Identity Pool Viewer
['iam.googleapis.com/workloadIdentityPoolProviderKeys.get', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviders.get', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.get', 'iam.googleapis.com/workloadIdentityPools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iap.admin
Administrator of IAP Permissions
IAP Policy Admin
['iap.tunnel.getIamPolicy', 'iap.tunnel.setIamPolicy', 'iap.tunnelDestGroups.getIamPolicy', 'iap.tunnelDestGroups.setIamPolicy', 'iap.tunnelInstances.getIamPolicy', 'iap.tunnelInstances.setIamPolicy', 'iap.tunnelLocations.getIamPolicy', 'iap.tunnelLocations.setIamPolicy', 'iap.tunnelZones.getIamPolicy', 'iap.tunnelZones.setIamPolicy', 'iap.web.getIamPolicy', 'iap.web.setIamPolicy', 'iap.webServiceVersions.getIamPolicy', 'iap.webServiceVersions.setIamPolicy', 'iap.webServices.getIamPolicy', 'iap.webServices.setIamPolicy', 'iap.webTypes.getIamPolicy', 'iap.webTypes.setIamPolicy']
Copy Permissions GA
roles/iap.settingsAdmin
Administrator of IAP Settings.
IAP Settings Admin
['iap.projects.getSettings', 'iap.projects.updateSettings', 'iap.web.getSettings', 'iap.web.updateSettings', 'iap.webServiceVersions.getSettings', 'iap.webServiceVersions.updateSettings', 'iap.webServices.getSettings', 'iap.webServices.updateSettings', 'iap.webTypes.getSettings', 'iap.webTypes.updateSettings']
Copy Permissions GA
roles/iap.remediatorUser
Remediate IAP resource
IAP-secured Resource Remediator User
['iap.tunnelDestGroups.remediate', 'iap.tunnelinstances.remediate', 'iap.webServiceVersions.remediate']
Copy Permissions BETA
roles/iap.tunnelDestGroupEditor
Edit Tunnel Destination Group resources which use Identity-Aware Proxy
IAP-secured Tunnel Destination Group Editor
['iap.tunnelDestGroups.create', 'iap.tunnelDestGroups.delete', 'iap.tunnelDestGroups.get', 'iap.tunnelDestGroups.list', 'iap.tunnelDestGroups.update']
Copy Permissions GA
roles/iap.tunnelDestGroupViewer
View Tunnel Destination Group resources which use Identity-Aware Proxy
IAP-secured Tunnel Destination Group Viewer
['iap.tunnelDestGroups.get', 'iap.tunnelDestGroups.list']
Copy Permissions GA
roles/iap.tunnelResourceAccessor
Access Tunnel resources which use Identity-Aware Proxy
IAP-secured Tunnel User
['iap.tunnelDestGroups.accessViaIAP', 'iap.tunnelInstances.accessViaIAP']
Copy Permissions GA
roles/iap.httpsResourceAccessor
Access HTTPS resources which use Identity-Aware Proxy
IAP-secured Web App User
['iap.webServiceVersions.accessViaIAP']
Copy Permissions GA
roles/identityplatform.admin
Full access to Identity Platform resources.
Identity Platform Admin
['firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'identitytoolkit.tenants.create', 'identitytoolkit.tenants.delete', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.setIamPolicy', 'identitytoolkit.tenants.update']
Copy Permissions BETA
roles/identitytoolkit.serviceAgent
Gives Identity Platform service account access to customer project resources.
Identity Platform Service Agent
['recaptchaenterprise.assessments.create', 'recaptchaenterprise.keys.create', 'recaptchaenterprise.keys.delete', 'recaptchaenterprise.keys.get']
Copy Permissions GA
roles/identityplatform.viewer
Read access to Identity Platform resources.
Identity Platform Viewer
['firebaseauth.configs.get', 'firebaseauth.users.get', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list']
Copy Permissions BETA
roles/identitytoolkit.admin
Full access to Identity Toolkit resources.
Identity Toolkit Admin
['firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'identitytoolkit.tenants.create', 'identitytoolkit.tenants.delete', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.setIamPolicy', 'identitytoolkit.tenants.update']
Copy Permissions GA
roles/identitytoolkit.viewer
Read access to Identity Toolkit resources.
Identity Toolkit Viewer
['firebaseauth.configs.get', 'firebaseauth.users.get', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list']
Copy Permissions GA
roles/cloudconfig.serviceAgent
Gives Infrastructure Manager service agent access to managed resources
Infrastructure Manager Service Agent
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'logging.logEntries.route', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/compute.instanceGroupManagerServiceAgent
Role containing all permissions required by Managed Instance Groups to create and managed instances.
Instance Group Manager Service Agent
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalAddresses.get', 'compute.globalOperations.get', 'compute.healthChecks.get', 'compute.httpHealthChecks.get', 'compute.httpsHealthChecks.get', 'compute.images.useReadOnly', 'compute.instanceGroups.update', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.regionOperations.get', 'compute.resourcePolicies.use', 'compute.snapshots.useReadOnly', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetPools.addInstance', 'compute.targetPools.removeInstance', 'compute.zoneOperations.get', 'iam.serviceAccounts.actAs']
Copy Permissions GA
roles/osconfig.instanceOSPoliciesComplianceViewer
Viewer of OS Policies Compliance of VM instances
InstanceOSPoliciesCompliance Viewer
['osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.accountManagerAdmin
This role can perform all account manager related operations
Issuerswitch Account Manager Admin
['issuerswitch.accountManagerTransactions.list', 'issuerswitch.accountManagerTransactions.update', 'issuerswitch.managedAccounts.get', 'issuerswitch.managedAccounts.update', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.accountManagerTransactionsAdmin
This role can perform all account manager transactions related operations
Issuerswitch Account Manager Transactions Admin
['issuerswitch.accountManagerTransactions.list', 'issuerswitch.accountManagerTransactions.update', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.accountManagerTransactionsViewer
This role can view all account manager transactions
Issuerswitch Account Manager Transactions Viewer
['issuerswitch.accountManagerTransactions.list', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.admin
Access to all issuer switch roles
Issuerswitch Admin
['issuerswitch.accountManagerTransactions.list', 'issuerswitch.accountManagerTransactions.update', 'issuerswitch.complaintTransactions.list', 'issuerswitch.complaints.create', 'issuerswitch.complaints.resolve', 'issuerswitch.disputes.create', 'issuerswitch.disputes.resolve', 'issuerswitch.financialTransactions.list', 'issuerswitch.issuerParticipants.get', 'issuerswitch.issuerParticipants.update', 'issuerswitch.managedAccounts.get', 'issuerswitch.managedAccounts.update', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.cancel', 'issuerswitch.operations.delete', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'issuerswitch.operations.wait', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.create', 'issuerswitch.ruleMetadataValues.delete', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.issuerParticipantsAdmin
Full access to issuer switch participants
Issuerswitch Participants Admin
['issuerswitch.issuerParticipants.get', 'issuerswitch.issuerParticipants.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.resolutionsAdmin
Full access to issuer switch resolutions
Issuerswitch Resolutions Admin
['issuerswitch.complaintTransactions.list', 'issuerswitch.complaints.create', 'issuerswitch.complaints.resolve', 'issuerswitch.disputes.create', 'issuerswitch.disputes.resolve', 'issuerswitch.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.rulesAdmin
Full access to issuer switch rules
Issuerswitch Rules Admin
['issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.create', 'issuerswitch.ruleMetadataValues.delete', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.rulesViewer
This role can view rules and related metadata.
Issuerswitch Rules Viewer
['issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/issuerswitch.transactionsViewer
This role can view all transactions
Issuerswitch Transactions Viewer
['issuerswitch.complaintTransactions.list', 'issuerswitch.financialTransactions.list', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/krmapihosting.anthosApiEndpointServiceAgent
Grants permissions to resources managed by AnthosApiEndpoint.
KRM API Hosting AnthosApiEndpoint Service Agent
['compute.instanceGroupManagers.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.gateway.stream', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'iam.serviceAccounts.actAs', 'meshconfig.projects.init', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.setIamPolicy', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/krmapihosting.serviceAgent
Gives KRM API Hosting service account access to managed resource.
KRM API Hosting Service Agent
['compute.instanceGroupManagers.get', 'compute.regions.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'iam.serviceAccounts.actAs', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions GA
roles/container.admin
Full management of Kubernetes Clusters and their Kubernetes API objects.
Kubernetes Engine Admin
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/container.clusterAdmin
Management of Kubernetes Clusters.
Kubernetes Engine Cluster Admin
['container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.operations.get', 'container.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/container.clusterViewer
Get and list access to GKE Clusters.
Kubernetes Engine Cluster Viewer
['container.clusters.get', 'container.clusters.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/container.defaultNodeServiceAccount
Least privilege role to use as the default service account for GKE Nodes.
Kubernetes Engine Default Node Service Account
['autoscaling.sites.writeMetrics', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list']
Copy Permissions GA
roles/container.developer
Full access to Kubernetes API objects inside Kubernetes Clusters.
Kubernetes Engine Developer
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/container.hostServiceAgentUser
Allows the Kubernetes Engine service account in the host project to configure shared network resources for cluster management. Also gives access to inspect the firewall rules in the host project, and configure Cloud DNS resources.
Kubernetes Engine Host Service Agent User
['compute.firewalls.get', 'container.hostServiceAgent.use', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update']
Copy Permissions GA
roles/container.cloudKmsKeyUser
Allow the Kubernetes Engine service agent in the cluster project to call KMS with user provided crypto keys to sign payloads.
Kubernetes Engine KMS Crypto Key User
['cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/container.nodeServiceAgent
Minimal set of permission required by a GKE node to support standard capabilities such as logging and monitoring export, and image pulls.
Kubernetes Engine Node Service Agent
['autoscaling.sites.writeMetrics', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/container.serviceAgent
Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts.
Kubernetes Engine Service Agent
['autoscaling.sites.readRecommendations', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'binaryauthorization.policy.evaluatePolicy', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.create', 'tpu.nodes.delete', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.operations.get', 'tpu.operations.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/container.viewer
Read-only access to Kubernetes Engine resources.
Kubernetes Engine Viewer
['container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.auditSinks.get', 'container.auditSinks.list', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.bindings.get', 'container.bindings.list', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.get', 'container.configMaps.list', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodes.get', 'container.csiNodes.list', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpoints.get', 'container.endpoints.list', 'container.events.get', 'container.events.list', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.leases.get', 'container.leases.list', 'container.limitRanges.get', 'container.limitRanges.list', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.petSets.get', 'container.petSets.list', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podPresets.get', 'container.podPresets.list', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.get', 'container.podTemplates.list', 'container.pods.get', 'container.pods.getStatus', 'container.pods.list', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.tokenReviews.create', 'container.updateInfos.get', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.get', 'container.volumeSnapshots.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/kuberun.eventsControlPlaneServiceAgent
Service account role used to setup authentication for the control plane used by KubeRun Events.
KubeRun Events Control Plane Service Agent
['cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.get', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.setIamPolicy', 'resourcemanager.projects.get', 'storage.buckets.get', 'storage.buckets.update']
Copy Permissions GA
roles/kuberun.eventsDataPlaneServiceAgent
Service account role used to setup authentication for the data plane used by KubeRun Events.
KubeRun Events Data Plane Service Agent
['cloudtrace.traces.patch', 'monitoring.timeSeries.create', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.get', 'pubsub.topics.get', 'pubsub.topics.publish', 'resourcemanager.projects.get']
Copy Permissions GA
roles/livestream.editor
Full access to Live Stream resources.
Live Stream Editor
['livestream.assets.create', 'livestream.assets.delete', 'livestream.assets.get', 'livestream.assets.list', 'livestream.channels.create', 'livestream.channels.delete', 'livestream.channels.get', 'livestream.channels.list', 'livestream.channels.start', 'livestream.channels.stop', 'livestream.channels.update', 'livestream.clips.create', 'livestream.clips.delete', 'livestream.clips.get', 'livestream.clips.list', 'livestream.events.create', 'livestream.events.delete', 'livestream.events.get', 'livestream.events.list', 'livestream.inputs.create', 'livestream.inputs.delete', 'livestream.inputs.get', 'livestream.inputs.list', 'livestream.inputs.update', 'livestream.locations.get', 'livestream.locations.list', 'livestream.operations.cancel', 'livestream.operations.delete', 'livestream.operations.get', 'livestream.operations.list', 'livestream.pools.get', 'livestream.pools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/livestream.serviceAgent
Uploads media files to customer GCS buckets.
Live Stream Service Agent
['storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/livestream.viewer
Read access to Live Stream resources.
Live Stream Viewer
['livestream.assets.get', 'livestream.assets.list', 'livestream.channels.get', 'livestream.channels.list', 'livestream.clips.get', 'livestream.clips.list', 'livestream.events.get', 'livestream.events.list', 'livestream.inputs.get', 'livestream.inputs.list', 'livestream.locations.get', 'livestream.locations.list', 'livestream.operations.get', 'livestream.operations.list', 'livestream.pools.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloud.locationReader
Read and enumerate locations available for resource creation.
Location reader
['cloud.locations.get', 'cloud.locations.list']
Copy Permissions BETA
roles/logging.fieldAccessor
Ability to read restricted fields in a log bucket.
Log Field Accessor
['logging.fields.access']
Copy Permissions GA
roles/logging.linkViewer
Ability to see links for a bucket.
Log Link Accessor
['logging.links.get', 'logging.links.list']
Copy Permissions GA
roles/logging.admin
Access to all logging permissions, and dependent permissions.
Logging Admin
['logging.buckets.copyLogEntries', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.fields.access', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.delete', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.deleteShared', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.share', 'logging.queries.updateShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.usage.get', 'logging.views.access', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'logging.views.setIamPolicy', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/logging.bucketWriter
Ability to write logs to a log bucket.
Logs Bucket Writer
['logging.buckets.write']
Copy Permissions GA
roles/logging.configWriter
Access to configure log exporting and metrics.
Logs Configuration Writer
['logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/logging.viewAccessor
Ability to read logs in a view.
Logs View Accessor
['logging.logEntries.download', 'logging.views.access', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues']
Copy Permissions GA
roles/logging.viewer
Access to view logs, except for logs with private contents.
Logs Viewer
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/logging.logWriter
Access to write logs.
Logs Writer
['logging.logEntries.create', 'logging.logEntries.route']
Copy Permissions GA
roles/looker.admin
Full access to all Looker resources.
Looker Admin
['looker.backups.create', 'looker.backups.delete', 'looker.backups.get', 'looker.backups.list', 'looker.instances.create', 'looker.instances.delete', 'looker.instances.export', 'looker.instances.get', 'looker.instances.import', 'looker.instances.list', 'looker.instances.login', 'looker.instances.update', 'looker.locations.get', 'looker.locations.list', 'looker.operations.cancel', 'looker.operations.delete', 'looker.operations.get', 'looker.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/lookerstudio.lookerAdmin
Admin of Looker instance mapping to a Studio subscription
Looker Admin
['datastudio.datasources.delete', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.setIamPolicy', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.delete', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.setIamPolicy', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.delete', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.moveOut', 'datastudio.workspaces.restoreTrash', 'datastudio.workspaces.search', 'datastudio.workspaces.setIamPolicy', 'datastudio.workspaces.trash', 'datastudio.workspaces.update', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions BETA
roles/looker.instanceUser
Access to log in to a Looker instance.
Looker Instance User
['looker.instances.get', 'looker.instances.login', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/looker.serviceAgent
Gives the Looker service account permission to manage customer resources
Looker Service Agent
['bigquery.config.get', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'compute.globalAddresses.get', 'looker.backups.create', 'resourcemanager.projects.get', 'serviceusage.services.use']
Copy Permissions GA
roles/lookerstudio.proManager
Looker Studio Pro Manager
Looker Studio Pro Manager
['lookerstudio.pro.manage', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.updateLiens']
Copy Permissions BETA
roles/looker.viewer
Read-only access to all Looker resources.
Looker Viewer
['looker.backups.get', 'looker.backups.list', 'looker.instances.get', 'looker.instances.list', 'looker.instances.login', 'looker.locations.get', 'looker.locations.list', 'looker.operations.get', 'looker.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.lunsadmin
Administrator of Bare Metal Solution Lun resources
Luns Admin
['baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.operations.get']
Copy Permissions GA
roles/baremetalsolution.lunsviewer
Viewer of Bare Metal Solution Lun resources
Luns Viewer
['baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.operations.get']
Copy Permissions GA
roles/baremetalsolution.maintenanceeventsadmin
Administrator of Bare Metal Solution maintenance events resources
Maintenance Events Admin
['baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list']
Copy Permissions GA
roles/baremetalsolution.maintenanceeventseditor
Editor of Bare Metal Solution maintenance events resources
Maintenance Events Editor
['baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list']
Copy Permissions GA
roles/baremetalsolution.maintenanceeventsviewer
Viewer of Bare Metal Solution maintenance events resources
Maintenance Events Viewer
['baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list']
Copy Permissions GA
roles/managedflink.admin
Full access to Managed Flink resources.
Managed Flink Admin
['managedflink.deployments.create', 'managedflink.deployments.delete', 'managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.deployments.update', 'managedflink.jobs.create', 'managedflink.jobs.delete', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.jobs.update', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.cancel', 'managedflink.operations.delete', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.create', 'managedflink.sessions.delete', 'managedflink.sessions.get', 'managedflink.sessions.list', 'managedflink.sessions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/managedflink.developer
Full access to Managed Flink Jobs and Sessions and read access to Deployments.
Managed Flink Developer
['managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.jobs.create', 'managedflink.jobs.delete', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.jobs.update', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.create', 'managedflink.sessions.delete', 'managedflink.sessions.get', 'managedflink.sessions.list', 'managedflink.sessions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/managedflink.serviceAgent
Gives Managed Flink Service Agent access to Cloud Platform resources.
Managed Flink Service Agent
['compute.networkAttachments.create', 'compute.networkAttachments.delete', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.networks.list', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'dns.networks.targetWithPeeringZone', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.clusters.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use', 'storage.objects.get']
Copy Permissions GA
roles/managedflink.viewer
Readonly access to Managed Flink resources.
Managed Flink Viewer
['managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.get', 'managedflink.sessions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/managedkafka.admin
Full access to Managed Kafka resources.
Managed Kafka Admin
['managedkafka.clusters.connect', 'managedkafka.clusters.create', 'managedkafka.clusters.delete', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.clusters.update', 'managedkafka.consumerGroups.delete', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.consumerGroups.update', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.cancel', 'managedkafka.operations.delete', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.create', 'managedkafka.topics.delete', 'managedkafka.topics.get', 'managedkafka.topics.list', 'managedkafka.topics.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/managedkafka.client
Provides access to connect to the Kafka servers in a cluster, i.e. provides Kafka data plane access. Intended for, e.g., producers and consumers.
Managed Kafka Client
['managedkafka.clusters.connect', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.delete', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.consumerGroups.update', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.create', 'managedkafka.topics.delete', 'managedkafka.topics.get', 'managedkafka.topics.list', 'managedkafka.topics.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/managedkafka.clusterEditor
Provides read and write access to Kafka clusters. Intended for, e.g., IT Departments that provision Kafka clusters, but need not be able to read or modify topics or consumer groups.
Managed Kafka Cluster Editor
['managedkafka.clusters.create', 'managedkafka.clusters.delete', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.clusters.update', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.get', 'managedkafka.topics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/managedkafka.consumerGroupEditor
Provides read and write access to consumer group metadata. Intended for, e.g., developers who configure consumer groups.
Managed Kafka Consumer Group Editor
['managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.delete', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.consumerGroups.update', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.get', 'managedkafka.topics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/managedkafka.serviceAgent
Gives Managed Kafka Service Agent access to Cloud Platform resources.
Managed Kafka Service Agent
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.list', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.networks.get', 'compute.networks.use', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'dns.changes.create', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'managedkafka.clusters.connect', 'privateca.caPools.get', 'servicedirectory.namespaces.create', 'servicedirectory.services.create', 'servicedirectory.services.delete']
Copy Permissions GA
roles/managedkafka.topicEditor
Provides read and write access to topic metadata. Intended for, e.g., developers who configure topics.
Managed Kafka Topic Editor
['managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.create', 'managedkafka.topics.delete', 'managedkafka.topics.get', 'managedkafka.topics.list', 'managedkafka.topics.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/managedkafka.viewer
Readonly access to Managed Kafka resources.
Managed Kafka Viewer
['managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.get', 'managedkafka.topics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/mandiant.attackSurfaceManagementEditor
Access to write Attack Surface Management
Mandiant Attack Surface Management Editor
['mandiant.genericAttackSurfaceManagements.create', 'mandiant.genericAttackSurfaceManagements.delete', 'mandiant.genericAttackSurfaceManagements.update', 'mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.attackSurfaceManagementViewer
Access to read Attack Surface Management
Mandiant Attack Surface Management Viewer
['mandiant.genericAttackSurfaceManagements.get', 'mandiant.genericPlatforms.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.digitalThreatMonitoringEditor
Access to write Digital Threat Monitoring
Mandiant Digital Threat Monitoring Editor
['mandiant.genericDigitalThreatMonitorings.create', 'mandiant.genericDigitalThreatMonitorings.update', 'mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.digitalThreatMonitoringViewer
Access to read Digital Threat Monitoring
Mandiant Digital Threat Monitoring Viewer
['mandiant.genericDigitalThreatMonitorings.get', 'mandiant.genericPlatforms.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.expertiseOnDemandEditor
Access to write Expertise On Demand
Mandiant Expertise On Demand Editor
['mandiant.genericExpertiseOnDemands.create', 'mandiant.genericExpertiseOnDemands.delete', 'mandiant.genericExpertiseOnDemands.update', 'mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.expertiseOnDemandViewer
Access to read Expertise On Demand
Mandiant Expertise On Demand Viewer
['mandiant.genericExpertiseOnDemands.get', 'mandiant.genericPlatforms.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.threatIntelEditor
Access to write Threat Intel
Mandiant Threat Intel Editor
['mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.update', 'mandiant.genericThreatIntels.create', 'mandiant.genericThreatIntels.delete', 'mandiant.genericThreatIntels.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.threatIntelViewer
Access to read Threat Intel
Mandiant Threat Intel Viewer
['mandiant.genericPlatforms.get', 'mandiant.genericThreatIntels.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.validationEditor
Access to write Validation
Mandiant Validation Editor
['mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.update', 'mandiant.genericValidations.create', 'mandiant.genericValidations.delete', 'mandiant.genericValidations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mandiant.validationViewer
Access to read Validation
Mandiant Validation Viewer
['mandiant.genericPlatforms.get', 'mandiant.genericValidations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mapsanalytics.viewer
Grants read-only access to all of the Maps Analytics resources.
Maps Analytics Viewer
['mapsanalytics.metricData.query', 'mapsanalytics.metricMetadata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.list']
Copy Permissions BETA
roles/mapsadmin.admin
Grants permission to read and write everything
Maps API Admin
['mapsadmin.clientMaps.create', 'mapsadmin.clientMaps.delete', 'mapsadmin.clientMaps.get', 'mapsadmin.clientMaps.list', 'mapsadmin.clientMaps.update', 'mapsadmin.clientStyleActivationRules.update', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyleSheetSnapshots.update', 'mapsadmin.clientStyles.create', 'mapsadmin.clientStyles.delete', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.clientStyles.update', 'mapsadmin.styleEditorConfigs.get', 'mapsadmin.styleSnapshots.list', 'mapsadmin.styleSnapshots.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/mapsadmin.viewer
Grants permission to read everything
Maps API Viewer
['mapsadmin.clientMaps.get', 'mapsadmin.clientMaps.list', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.styleEditorConfigs.get', 'mapsadmin.styleSnapshots.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/mapsplatformdatasets.admin
Grants read and write access to all the Maps Platform Datasets API resources
Maps Platform Datasets Admin
['mapsadmin.clientStyles.create', 'mapsadmin.clientStyles.delete', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.clientStyles.update', 'mapsplatformdatasets.datasets.create', 'mapsplatformdatasets.datasets.delete', 'mapsplatformdatasets.datasets.export', 'mapsplatformdatasets.datasets.get', 'mapsplatformdatasets.datasets.import', 'mapsplatformdatasets.datasets.list', 'mapsplatformdatasets.datasets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mapsplatformdatasets.viewer
Grants readonly access to all the Maps Platform Datasets API resources
Maps Platform Datasets Viewer
['mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsplatformdatasets.datasets.export', 'mapsplatformdatasets.datasets.get', 'mapsplatformdatasets.datasets.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/marketplacesolutions.admin
Full access to Marketplace Solutions resources.
Marketplace Solutions Admin
['marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.cancel', 'marketplacesolutions.operations.delete', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.applyPowerAction', 'marketplacesolutions.powerInstances.create', 'marketplacesolutions.powerInstances.delete', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerInstances.reset', 'marketplacesolutions.powerInstances.update', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/marketplacesolutions.editor
Edit access to Marketplace Solutions resources.
Marketplace Solutions Editor
['marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerInstances.update', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/marketplacesolutions.viewer
Readonly access to Marketplace Solutions resources.
Marketplace Solutions Viewer
['marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/bigquerydatapolicy.maskedReader
Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns
Masked Reader
['bigquery.dataPolicies.maskedGet']
Copy Permissions GA
roles/mediaasset.serviceAgent
Downloads and uploads media files from and to customer GCS buckets.
Media Asset Service Agent
['pubsub.topics.get', 'pubsub.topics.publish', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'transcoder.jobs.create', 'transcoder.jobs.delete', 'transcoder.jobs.get']
Copy Permissions GA
roles/memorystore.admin
Full access to Memorystore resources.
Memorystore Admin
['memorystore.instances.create', 'memorystore.instances.delete', 'memorystore.instances.get', 'memorystore.instances.list', 'memorystore.instances.update', 'memorystore.locations.get', 'memorystore.locations.list', 'memorystore.operations.cancel', 'memorystore.operations.delete', 'memorystore.operations.get', 'memorystore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/memorystore.dbConnectionUser
Access to connecting to Memorystore Server db.
Memorystore DB Connector User
['memorystore.instances.connect']
Copy Permissions BETA
roles/memorystore.viewer
Readonly access to Memorystore resources.
Memorystore Viewer
['memorystore.instances.get', 'memorystore.instances.list', 'memorystore.locations.get', 'memorystore.locations.list', 'memorystore.operations.get', 'memorystore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/meshconfig.admin
Full access to all mesh configuration resources
Mesh Config Admin
['meshconfig.projects.init']
Copy Permissions BETA
roles/meshconfig.serviceAgent
Apply mesh configuration
Mesh Config Service Agent
['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.use', 'compute.subnetworks.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.update', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.httpfilters.update']
Copy Permissions GA
roles/meshconfig.viewer
Read access to mesh configuration
Mesh Config Viewer
Copy Permissions BETA
roles/meshdataplane.serviceAgent
Run user-space Istio components
Mesh Data Plane Service Agent
['cloudtrace.traces.patch', 'compute.forwardingRules.get', 'compute.globalForwardingRules.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use']
Copy Permissions GA
roles/meshcontrolplane.serviceAgent
Anthos Service Mesh Managed Control Plane Agent
Mesh Managed Control Plane Service Agent
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.list', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.gateway.stream', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.use', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions GA
roles/kubernetesmetadata.publisher
Publisher of Kubernetes clusters metadata
Metadata Publisher
['kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot']
Copy Permissions BETA
roles/metastore.federationAccessor
Access to the Metastore Federation resource.
Metastore Federation Accessor
['metastore.federations.use']
Copy Permissions GA
roles/migrationcenter.admin
Full access to Migration Center all resources.
Migration Center Admin
['migrationcenter.assets.create', 'migrationcenter.assets.delete', 'migrationcenter.assets.get', 'migrationcenter.assets.list', 'migrationcenter.assets.reportFrames', 'migrationcenter.assets.update', 'migrationcenter.discoveryClients.create', 'migrationcenter.discoveryClients.delete', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.list', 'migrationcenter.discoveryClients.sendHeartbeat', 'migrationcenter.discoveryClients.update', 'migrationcenter.errorFrames.get', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.create', 'migrationcenter.groups.delete', 'migrationcenter.groups.get', 'migrationcenter.groups.list', 'migrationcenter.groups.update', 'migrationcenter.importDataFiles.create', 'migrationcenter.importDataFiles.delete', 'migrationcenter.importDataFiles.get', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.create', 'migrationcenter.importJobs.delete', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.importJobs.update', 'migrationcenter.locations.get', 'migrationcenter.locations.list', 'migrationcenter.operations.cancel', 'migrationcenter.operations.delete', 'migrationcenter.operations.get', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.create', 'migrationcenter.preferenceSets.delete', 'migrationcenter.preferenceSets.get', 'migrationcenter.preferenceSets.list', 'migrationcenter.preferenceSets.update', 'migrationcenter.relations.get', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.create', 'migrationcenter.reportConfigs.delete', 'migrationcenter.reportConfigs.get', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.create', 'migrationcenter.reports.delete', 'migrationcenter.reports.get', 'migrationcenter.reports.list', 'migrationcenter.settings.get', 'migrationcenter.settings.update', 'migrationcenter.sources.create', 'migrationcenter.sources.delete', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'migrationcenter.sources.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'rma.annotations.create', 'rma.annotations.get', 'rma.collectors.create', 'rma.collectors.delete', 'rma.collectors.get', 'rma.collectors.list', 'rma.collectors.update', 'rma.locations.get', 'rma.locations.list', 'rma.operations.cancel', 'rma.operations.delete', 'rma.operations.get', 'rma.operations.list', 'serviceusage.quotas.get']
Copy Permissions BETA
roles/migrationcenter.discoveryClient
Migration Center Discover Client role
Migration Center Discovery Client
['migrationcenter.assets.reportFrames', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.sendHeartbeat']
Copy Permissions BETA
roles/migrationcenter.discoveryClientRegistrator
Registrator of Migration Center Discover Clients
Migration Center Discovery Client Registrator
['migrationcenter.discoveryClients.create', 'migrationcenter.discoveryClients.delete', 'migrationcenter.discoveryClients.update', 'migrationcenter.operations.get', 'migrationcenter.sources.create', 'migrationcenter.sources.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/migrationcenter.serviceAgent
Gives Migration Center Service Account access to objects storedin object store and Cloud Migration products.
Migration Center Service Agent
['storage.objects.get', 'vmmigration.migratingVms.create']
Copy Permissions GA
roles/migrationcenter.viewer
Read-only access to Migration Center all resources.
Migration Center Viewer
['migrationcenter.assets.get', 'migrationcenter.assets.list', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.list', 'migrationcenter.errorFrames.get', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.get', 'migrationcenter.groups.list', 'migrationcenter.importDataFiles.get', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.locations.get', 'migrationcenter.locations.list', 'migrationcenter.operations.get', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.get', 'migrationcenter.preferenceSets.list', 'migrationcenter.relations.get', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.get', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.get', 'migrationcenter.reports.list', 'migrationcenter.settings.get', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'rma.annotations.get', 'rma.collectors.get', 'rma.collectors.list', 'rma.locations.get', 'rma.locations.list', 'rma.operations.get', 'rma.operations.list', 'serviceusage.quotas.get']
Copy Permissions BETA
roles/bigquerymigration.translationUser
User of EDW migration interactive SQL translation service.
Migration Translation User
['bigquerymigration.translation.translate']
Copy Permissions GA
roles/bigquerymigration.editor
Editor of EDW migration workflows.
MigrationWorkflow Editor
['bigquerymigration.locations.get', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.get', 'bigquerymigration.subtasks.list', 'bigquerymigration.workflows.create', 'bigquerymigration.workflows.delete', 'bigquerymigration.workflows.get', 'bigquerymigration.workflows.list', 'bigquerymigration.workflows.update']
Copy Permissions GA
roles/bigquerymigration.viewer
Viewer of EDW migration MigrationWorkflow.
MigrationWorkflow Viewer
['bigquerymigration.locations.get', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.get', 'bigquerymigration.subtasks.list', 'bigquerymigration.workflows.get', 'bigquerymigration.workflows.list']
Copy Permissions GA
roles/networksecurity.mirroringDeploymentAdmin
Enables full access to mirroring resources on the Producer's side.
Mirroring Deployment Admin
['networksecurity.mirroringDeploymentGroups.create', 'networksecurity.mirroringDeploymentGroups.delete', 'networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeploymentGroups.update', 'networksecurity.mirroringDeploymentGroups.use', 'networksecurity.mirroringDeployments.create', 'networksecurity.mirroringDeployments.delete', 'networksecurity.mirroringDeployments.get', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringDeployments.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networksecurity.mirroringDeploymentUser
Allows a consumer to connect their mirroringEndpointGroup to the Producer's mirroringDeploymentGroup.
Mirroring Deployment User
['networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeploymentGroups.use']
Copy Permissions BETA
roles/networksecurity.mirroringDeploymentViewer
Enables read-only access to mirroring resources on the Producer's side.
Mirroring Deployment Viewer
['networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeployments.get', 'networksecurity.mirroringDeployments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networksecurity.mirroringEndpointAdmin
Enables full access to mirroring resources on the consumer's side.
Mirroring Endpoint Admin
['networksecurity.mirroringEndpointGroupAssociations.create', 'networksecurity.mirroringEndpointGroupAssociations.delete', 'networksecurity.mirroringEndpointGroupAssociations.get', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroupAssociations.update', 'networksecurity.mirroringEndpointGroups.create', 'networksecurity.mirroringEndpointGroups.delete', 'networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.mirroringEndpointGroups.update', 'networksecurity.mirroringEndpointGroups.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networksecurity.mirroringEndpointUser
Allows a consumer to connect their networks to a mirroringEndpointGroup.
Mirroring Endpoint User
['networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.mirroringEndpointGroups.use']
Copy Permissions BETA
roles/networksecurity.mirroringEndpointViewer
Enables read-only access to mirroring resources on the Consumer's side.
Mirroring Endpoint Viewer
['networksecurity.mirroringEndpointGroupAssociations.get', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/mapsanalytics.mobilitySolutionsOverageViewer
Grants read-only access to Mobility Solutions Overages metric data.
Mobility Solutions Overages Viewer
['mapsanalytics.metricData.queryMobilitySolutionsOverageData', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.list']
Copy Permissions BETA
roles/monitoring.admin
All current and future monitoring permissions.
Monitoring Admin
['cloudnotifications.activities.list', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.metricsScopes.link', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.getVerificationCode', 'monitoring.notificationChannels.list', 'monitoring.notificationChannels.sendVerificationCode', 'monitoring.notificationChannels.update', 'monitoring.notificationChannels.verify', 'monitoring.services.create', 'monitoring.services.delete', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.services.update', 'monitoring.slos.create', 'monitoring.slos.delete', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.slos.update', 'monitoring.snoozes.create', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.snoozes.update', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'monitoring.uptimeCheckConfigs.update', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.enable', 'serviceusage.services.get', 'stackdriver.projects.edit', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write']
Copy Permissions GA
roles/monitoring.alertPolicyEditor
Read/write access to alerting policies.
Monitoring AlertPolicy Editor
['monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update']
Copy Permissions GA
roles/monitoring.alertPolicyViewer
Read-only access to alerting policies.
Monitoring AlertPolicy Viewer
['monitoring.alertPolicies.get', 'monitoring.alertPolicies.list']
Copy Permissions GA
roles/monitoring.cloudConsoleIncidentEditor
Read/write access to incidents from Cloud Console.
Monitoring Cloud Console Incident Editor
Copy Permissions BETA
roles/monitoring.cloudConsoleIncidentViewer
Read access to incidents from Cloud Console.
Monitoring Cloud Console Incident Viewer
Copy Permissions BETA
roles/monitoring.dashboardEditor
Read/write access to dashboard configurations.
Monitoring Dashboard Configuration Editor
['monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update']
Copy Permissions GA
roles/monitoring.dashboardViewer
Read-only access to dashboard configurations.
Monitoring Dashboard Configuration Viewer
['monitoring.dashboards.get', 'monitoring.dashboards.list']
Copy Permissions GA
roles/monitoring.editor
Read/write access to all monitoring data and configuration.
Monitoring Editor
['cloudnotifications.activities.list', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.notificationChannels.sendVerificationCode', 'monitoring.notificationChannels.update', 'monitoring.notificationChannels.verify', 'monitoring.services.create', 'monitoring.services.delete', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.services.update', 'monitoring.slos.create', 'monitoring.slos.delete', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.slos.update', 'monitoring.snoozes.create', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.snoozes.update', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'monitoring.uptimeCheckConfigs.update', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.enable', 'serviceusage.services.get', 'stackdriver.projects.edit', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write']
Copy Permissions GA
roles/monitoring.metricWriter
Write-only access to metrics. This provides exactly the permissions needed by the Stackdriver agent and other systems that send metrics.
Monitoring Metric Writer
['monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/monitoring.metricsScopesAdmin
Access to add and remove monitored projects from metrics scopes.
Monitoring Metrics Scopes Admin
['monitoring.metricsScopes.link', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/monitoring.metricsScopesViewer
Read-only access to metrics scopes and their monitored projects.
Monitoring Metrics Scopes Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/monitoring.notificationChannelEditor
Read/write access to notification channels.
Monitoring NotificationChannel Editor
['monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.notificationChannels.sendVerificationCode', 'monitoring.notificationChannels.update', 'monitoring.notificationChannels.verify']
Copy Permissions BETA
roles/monitoring.notificationChannelViewer
Read-only access to notification channels.
Monitoring NotificationChannel Viewer
['monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list']
Copy Permissions BETA
roles/monitoring.notificationServiceAgent
Grants Cloud Monitoring and Cloud Alerting permission to access consumer resources and track usage.
Monitoring Service Agent
['bigquery.jobs.create', 'cloudfunctions.functions.get', 'cloudtrace.traces.patch', 'logging.links.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.list', 'run.routes.invoke', 'servicedirectory.networks.access', 'servicedirectory.services.resolve', 'serviceusage.services.use']
Copy Permissions GA
roles/monitoring.servicesEditor
Read/write access to services.
Monitoring Services Editor
['monitoring.services.create', 'monitoring.services.delete', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.services.update', 'monitoring.slos.create', 'monitoring.slos.delete', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.slos.update']
Copy Permissions GA
roles/monitoring.servicesViewer
Read-only access to services.
Monitoring Services Viewer
['monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list']
Copy Permissions GA
roles/monitoring.snoozeEditor
Monitoring Snooze Editor
['monitoring.snoozes.create', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.snoozes.update']
Copy Permissions GA
roles/monitoring.snoozeViewer
Monitoring Snooze Viewer
['monitoring.snoozes.get', 'monitoring.snoozes.list']
Copy Permissions GA
roles/monitoring.uptimeCheckConfigEditor
Read/write access to uptime check configurations.
Monitoring Uptime Check Configuration Editor
['monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'monitoring.uptimeCheckConfigs.update']
Copy Permissions BETA
roles/monitoring.uptimeCheckConfigViewer
Read-only access to uptime check configurations.
Monitoring Uptime Check Configuration Viewer
['monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list']
Copy Permissions BETA
roles/monitoring.viewer
Read-only access to get and list information about all monitoring data and configuration.
Monitoring Viewer
['cloudnotifications.activities.list', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list']
Copy Permissions GA
roles/multiclusteringress.serviceAgent
Gives the Multi Cluster Ingress service agent access to CloudPlatform resources.
Multi Cluster Ingress Service Agent
['certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.delete', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.use', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.securityPolicies.use', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.use', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.clusters.get', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.events.create', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.namespaces.list', 'container.secrets.get', 'container.secrets.list', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/multiclustermetering.serviceAgent
Gives the Multi-cluster metering service agent access to CloudPlatform resources.
Multi-cluster metering Service Agent
['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions GA
roles/multiclusterservicediscovery.serviceAgent
Gives the Multi-Cluster Service Discovery service access to Cloud Platform resources.
Multi-Cluster Service Discovery Service Agent
['compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regions.get', 'compute.regions.list', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'container.clusters.get', 'container.clusters.list', 'container.thirdPartyObjects.update', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/netappcloudvolumes.admin
This role is managed by NetApp, not Google.
NetApp Cloud Volumes Admin
['cloudvolumesgcp-api.netapp.com/activeDirectories.create', 'cloudvolumesgcp-api.netapp.com/activeDirectories.delete', 'cloudvolumesgcp-api.netapp.com/activeDirectories.get', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/activeDirectories.update', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.get', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.create', 'cloudvolumesgcp-api.netapp.com/snapshots.delete', 'cloudvolumesgcp-api.netapp.com/snapshots.get', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/snapshots.update', 'cloudvolumesgcp-api.netapp.com/volumereplication.authorize', 'cloudvolumesgcp-api.netapp.com/volumereplication.break', 'cloudvolumesgcp-api.netapp.com/volumereplication.create', 'cloudvolumesgcp-api.netapp.com/volumereplication.delete', 'cloudvolumesgcp-api.netapp.com/volumereplication.get', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.release', 'cloudvolumesgcp-api.netapp.com/volumereplication.resync', 'cloudvolumesgcp-api.netapp.com/volumereplication.update', 'cloudvolumesgcp-api.netapp.com/volumes.create', 'cloudvolumesgcp-api.netapp.com/volumes.delete', 'cloudvolumesgcp-api.netapp.com/volumes.get', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'cloudvolumesgcp-api.netapp.com/volumes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/netappcloudvolumes.viewer
This role is managed by NetApp, not Google.
NetApp Cloud Volumes Viewer
['cloudvolumesgcp-api.netapp.com/activeDirectories.get', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.get', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.get', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/volumes.get', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networkactions.serviceAgent
Gives Network Actions service account access to read required resources.
Network Actions Service Agent
['artifactregistry.repositories.downloadArtifacts']
Copy Permissions GA
roles/recommender.networkAnalyzerCloudSqlAdmin
Admin of Network Analyzer Cloud SQL Insights and Recommendations.
Network Analyzer Cloud SQL Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerCloudSqlInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerCloudSqlViewer
Viewer of Network Analyzer Cloud SQL Insights and Recommendations.
Network Analyzer Cloud SQL Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerDynamicRouteAdmin
Admin of Network Analyzer Dynamic Route Insights and Recommendations.
Network Analyzer Dynamic Route Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerDynamicRouteViewer
Viewer of Network Analyzer Dynamic Route Insights and Recommendations.
Network Analyzer Dynamic Route Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeConnectivityAdmin
Admin of Network Analyzer GKE Connectivity Insights and Recommendations.
Network Analyzer GKE Connectivity Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeConnectivityViewer
Viewer of Network Analyzer GKE Connectivity Insights and Recommendations.
Network Analyzer GKE Connectivity Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeIpAddressAdmin
Admin of Network Analyzer GKE IP Address Insights and Recommendations.
Network Analyzer GKE IP Address Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeIpAddressViewer
Viewer of Network Analyzer GKE IP Address Insights and Recommendations.
Network Analyzer GKE IP Address Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeServiceAccountAdmin
Admin of Network Analyzer GKE Service Account Insights Insights and Recommendations.
Network Analyzer GKE Service Account Insights Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerGkeServiceAccountViewer
Viewer of Network Analyzer GKE Service Account Insights Insights and Recommendations.
Network Analyzer GKE Service Account Insights Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerIpAddressAdmin
Admin of Network Analyzer IP Address Insights and Recommendations.
Network Analyzer IP Address Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerIpAddressViewer
Viewer of Network Analyzer IP Address Insights and Recommendations.
Network Analyzer IP Address Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerLoadBalancerAdmin
Admin of Network Analyzer Load Balancer Insights and Recommendations.
Network Analyzer Load Balancer Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerLoadBalancerViewer
Viewer of Network Analyzer Load Balancer Insights and Recommendations.
Network Analyzer Load Balancer Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerAdmin
Admin of Network Analyzer Insights and Recommendations.
Network Analyzer Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerCloudSqlInsights.update', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.update', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.update', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerIpAddressInsights.update', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.update', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerViewer
Viewer of Network Analyzer Insights and Recommendations.
Network Analyzer Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerVpcConnectivityAdmin
Admin of Network Analyzer VPC Connectivity Insights and Recommendations.
Network Analyzer VPC Connectivity Recommender Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.networkAnalyzerVpcConnectivityViewer
Viewer of Network Analyzer VPC Connectivity Insights and Recommendations.
Network Analyzer VPC Connectivity Recommender Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.serviceAgent
Grants the Network Connectivity API authority to read some networking resources. It does not mutate these resources.
Network Connectivity Service Agent
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.instances.get', 'compute.interconnectAttachments.get', 'compute.networks.get', 'compute.networks.use', 'compute.projects.get', 'compute.regionOperations.get', 'compute.routers.get', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.use', 'compute.vpnTunnels.get', 'dns.managedZones.create', 'dns.networks.bindPrivateDNSZone', 'networkconnectivity.operations.get', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete']
Copy Permissions GA
roles/networkmanagement.admin
Full access to Network Management resources.
Network Management Admin
['networkmanagement.connectivitytests.create', 'networkmanagement.connectivitytests.delete', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.connectivitytests.rerun', 'networkmanagement.connectivitytests.setIamPolicy', 'networkmanagement.connectivitytests.update', 'networkmanagement.locations.get', 'networkmanagement.locations.list', 'networkmanagement.operations.cancel', 'networkmanagement.operations.delete', 'networkmanagement.operations.get', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.create', 'networkmanagement.vpcflowlogsconfigs.delete', 'networkmanagement.vpcflowlogsconfigs.get', 'networkmanagement.vpcflowlogsconfigs.list', 'networkmanagement.vpcflowlogsconfigs.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkmanagement.viewer
Read-only access to Network Management resources.
Network Management Viewer
['networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.locations.get', 'networkmanagement.locations.list', 'networkmanagement.operations.get', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.get', 'networkmanagement.vpcflowlogsconfigs.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/baremetalsolution.networksadmin
Admin of Bare Metal Solution networks resources
Networks Admin
['baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list']
Copy Permissions GA
roles/baremetalsolution.nfssharesadmin
Administrator of Bare Metal Solution NFS Share resources
NFS Shares Admin
['baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list']
Copy Permissions GA
roles/baremetalsolution.nfsshareseditor
Editor of Bare Metal Solution NFS Share resources
NFS Shares Editor
['baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list']
Copy Permissions GA
roles/baremetalsolution.nfssharesviewer
Viewer of Bare Metal Solution NFS Share resources
NFS Shares Viewer
['baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.operations.get']
Copy Permissions GA
roles/aiplatform.notebookExecutorUser
Grants users full access to schedules and notebook execution jobs.
Notebook Executor User
['aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update']
Copy Permissions BETA
roles/aiplatform.notebookRuntimeAdmin
Grants full access to all runtime templates and runtimes in Notebook Service.
Notebook Runtime Admin
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'compute.reservations.get', 'compute.reservations.list']
Copy Permissions GA
roles/aiplatform.notebookRuntimeUser
Grants users permissions to create runtime resources using a runtime template and manage the runtime resources they created.
Notebook Runtime User
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list']
Copy Permissions GA
roles/notebooks.admin
Full access to Notebooks all resources.
Notebooks Admin
['aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/notebooks.legacyAdmin
Full access to Notebooks all resources through compute API.
Notebooks Legacy Admin
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.futureReservations.cancel', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.futureReservations.setIamPolicy', 'compute.futureReservations.update', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.delete', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.globalPublicDelegatedPrefixes.create', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEdgeSecurityServices.create', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.delete', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEdgeSecurityServices.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.addNodes', 'compute.nodeGroups.create', 'compute.nodeGroups.delete', 'compute.nodeGroups.deleteNodes', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeGroups.performMaintenance', 'compute.nodeGroups.setIamPolicy', 'compute.nodeGroups.setNodeTemplate', 'compute.nodeGroups.simulateMaintenanceEvent', 'compute.nodeGroups.update', 'compute.nodeTemplates.create', 'compute.nodeTemplates.delete', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTemplates.setIamPolicy', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.disableXpnHost', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.organizations.listAssociations', 'compute.organizations.setFirewallPolicy', 'compute.organizations.setSecurityPolicy', 'compute.oslogin.updateExternalUser', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCloudArmorTier', 'compute.projects.setCommonInstanceMetadata', 'compute.projects.setDefaultNetworkTier', 'compute.projects.setDefaultServiceAccount', 'compute.projects.setManagedProtectionTier', 'compute.projects.setUsageExportBucket', 'compute.publicAdvertisedPrefixes.create', 'compute.publicAdvertisedPrefixes.delete', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicAdvertisedPrefixes.update', 'compute.publicAdvertisedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.create', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.delete', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionOperations.setIamPolicy', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.create', 'compute.reservations.delete', 'compute.reservations.get', 'compute.reservations.list', 'compute.reservations.resize', 'compute.reservations.update', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshotSettings.get', 'compute.snapshotSettings.update', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.delete', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zoneOperations.setIamPolicy', 'compute.zones.get', 'compute.zones.list', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/notebooks.legacyViewer
Read-only access to Notebooks all resources through compute API.
Notebooks Legacy Viewer
['compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.checkUpgradability', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/notebooks.runner
Restricted access for running scheduled Notebooks.
Notebooks Runner
['aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.create', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.schedules.create', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/notebooks.viewer
Read-only access to Notebooks all resources.
Notebooks Viewer
['aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.checkUpgradability', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/oauthconfig.editor
Read/write access to OAuth config resources
OAuth Config Editor
['clientauthconfig.brands.create', 'clientauthconfig.brands.delete', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.brands.update', 'clientauthconfig.clients.create', 'clientauthconfig.clients.createSecret', 'clientauthconfig.clients.delete', 'clientauthconfig.clients.get', 'clientauthconfig.clients.getWithSecret', 'clientauthconfig.clients.list', 'clientauthconfig.clients.listWithSecrets', 'clientauthconfig.clients.undelete', 'clientauthconfig.clients.update', 'oauthconfig.clientpolicy.get', 'oauthconfig.testusers.get', 'oauthconfig.testusers.update', 'oauthconfig.verification.get', 'oauthconfig.verification.submit', 'oauthconfig.verification.update']
Copy Permissions BETA
roles/oauthconfig.viewer
Read-only access to OAuth config resources
OAuth Config Viewer
['clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.clients.get', 'clientauthconfig.clients.list', 'oauthconfig.clientpolicy.get', 'oauthconfig.testusers.get', 'oauthconfig.verification.get']
Copy Permissions BETA
roles/observability.admin
Full access to Observability resources.
Observability Admin
['observability.scopes.get', 'observability.scopes.update']
Copy Permissions BETA
roles/observability.editor
Edit access to Observability resources.
Observability Editor
['observability.scopes.get', 'observability.scopes.update']
Copy Permissions BETA
roles/observability.viewer
Read only access to Observability resources.
Observability Viewer
['observability.scopes.get']
Copy Permissions BETA
roles/applianceactivation.client
Grants access to read commands for an appliance and send its result.
On-appliance troubleshooting client
['applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.sendResult']
Copy Permissions BETA
roles/ondemandscanning.admin
All permissions for On-Demand Scanning
On-Demand Scanning Admin
['ondemandscanning.operations.cancel', 'ondemandscanning.operations.delete', 'ondemandscanning.operations.get', 'ondemandscanning.operations.list', 'ondemandscanning.operations.wait', 'ondemandscanning.scans.analyzePackages', 'ondemandscanning.scans.listVulnerabilities', 'ondemandscanning.scans.scan']
Copy Permissions BETA
roles/ondemandscanning.serviceAgent
Gives the On-Demand Scanning API the access it needs to function.
On-Demand Scanning Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/opsconfigmonitoring.resourceMetadata.viewer
Read-only access to resource metadata.
Ops Config Monitoring Resource Metadata Viewer
['opsconfigmonitoring.resourceMetadata.list']
Copy Permissions BETA
roles/opsconfigmonitoring.resourceMetadata.writer
Write-only access to resource metadata. This provides exactly the permissions needed by the Ops Config Monitoring metadata agent and other systems that send metadata.
Ops Config Monitoring Resource Metadata Writer
['opsconfigmonitoring.resourceMetadata.write']
Copy Permissions BETA
roles/oracledatabase.admin
Grants full access to manage all Oracle Database resources.
Oracle Database@Google Cloud admin
['oracledatabase.autonomousDatabaseBackups.create', 'oracledatabase.autonomousDatabaseBackups.delete', 'oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.create', 'oracledatabase.autonomousDatabases.delete', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDatabases.restore', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.create', 'oracledatabase.cloudExadataInfrastructures.delete', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudExadataInfrastructures.update', 'oracledatabase.cloudExadataInfrastructures.use', 'oracledatabase.cloudVmClusters.create', 'oracledatabase.cloudVmClusters.delete', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.cloudVmClusters.update', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.autonomousDatabaseAdmin
Grants full access to manage all Autonomous Database resources.
Oracle Database@Google Cloud Autonomous Database Admin
['oracledatabase.autonomousDatabaseBackups.create', 'oracledatabase.autonomousDatabaseBackups.delete', 'oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.create', 'oracledatabase.autonomousDatabases.delete', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDatabases.restore', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.entitlements.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.autonomousDatabaseViewer
Grants read access to see all Autonomous Database resources.
Oracle Database@Google Cloud Autonomous Database Viewer
['oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.entitlements.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.cloudExadataInfrastructureAdmin
Grants full access to manage all Exadata Infrastructure resources.
Oracle Database@Google Cloud Exadata Infrastructure Admin
['oracledatabase.cloudExadataInfrastructures.create', 'oracledatabase.cloudExadataInfrastructures.delete', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudExadataInfrastructures.update', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.cloudExadataInfrastructureViewer
Grants read access to see all Exadata Infrastructure resources.
Oracle Database@Google Cloud Exadata Infrastructure Viewer
['oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oci.serviceAgent
Grants Oracle Database@Google Cloud access to services and APIs in the user project
Oracle Database@Google Cloud Service Agent
['compute.addresses.get', 'compute.addresses.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.updatePolicy', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regions.get', 'compute.regions.list', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.list', 'compute.routers.update', 'compute.routers.use', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.zones.get', 'compute.zones.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.updateLiens']
Copy Permissions GA
roles/oracledatabase.viewer
Grants view access to all Oracle Database resources.
Oracle Database@Google Cloud viewer
['oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.cloudVmClusterAdmin
Grants full access to manage all VM Cluster resources.
Oracle Database@Google Cloud VM Cluster Admin
['oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudExadataInfrastructures.use', 'oracledatabase.cloudVmClusters.create', 'oracledatabase.cloudVmClusters.delete', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.cloudVmClusters.update', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/oracledatabase.cloudVmClusterViewer
Grants read access to see all VM Cluster resources.
Oracle Database@Google Cloud VM Cluster Viewer
['oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.dbNodes.list', 'oracledatabase.entitlements.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/resourcemanager.organizationAdmin
Access to manage IAM policies and view organization policies for organizations, folders, and projects.
Organization Administrator
['essentialcontacts.contacts.create', 'essentialcontacts.contacts.delete', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'essentialcontacts.contacts.send', 'essentialcontacts.contacts.update', 'iam.policybindings.get', 'iam.policybindings.list', 'orgpolicy.constraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.createPolicyBinding', 'resourcemanager.folders.deletePolicyBinding', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.folders.updatePolicyBinding', 'resourcemanager.organizations.createPolicyBinding', 'resourcemanager.organizations.deletePolicyBinding', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.searchPolicyBindings', 'resourcemanager.organizations.setIamPolicy', 'resourcemanager.organizations.updatePolicyBinding', 'resourcemanager.projects.createPolicyBinding', 'resourcemanager.projects.deletePolicyBinding', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.projects.updatePolicyBinding']
Copy Permissions GA
roles/orgpolicy.policyAdmin
The permission to set Organization Policies on resources.
Organization Policy Administrator
['orgpolicy.constraints.list', 'orgpolicy.customConstraints.create', 'orgpolicy.customConstraints.delete', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.customConstraints.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.create', 'policysimulator.orgPolicyViolationsPreviews.get', 'policysimulator.orgPolicyViolationsPreviews.list']
Copy Permissions GA
roles/orgpolicy.policyViewer
Access to view Organization Policies on resources.
Organization Policy Viewer
['orgpolicy.constraints.list', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get']
Copy Permissions GA
roles/iam.organizationRoleAdmin
Access to administer all custom roles in the organization and the projects below it.
Organization Role Administrator
['iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.undelete', 'iam.roles.update', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.organizationRoleViewer
Read access to all custom roles in the organization and the projects below it.
Organization Role Viewer
['iam.roles.get', 'iam.roles.list', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions GA
roles/resourcemanager.organizationViewer
Access only to view an Organization.
Organization Viewer
['resourcemanager.organizations.get']
Copy Permissions GA
roles/policysimulator.orgPolicyAdmin
OrgPolicy Admin that can run and access simulations.
OrgPolicy Simulator Admin
['cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.assets.searchAllResources', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.create', 'policysimulator.orgPolicyViolationsPreviews.get', 'policysimulator.orgPolicyViolationsPreviews.list', 'resourcemanager.organizations.get']
Copy Permissions BETA
roles/osconfig.admin
Full access to OS Config resources
OS Config Admin
['osconfig.guestPolicies.create', 'osconfig.guestPolicies.delete', 'osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.guestPolicies.update', 'osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.get', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'osconfig.osPolicyAssignments.create', 'osconfig.osPolicyAssignments.delete', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.osPolicyAssignments.update', 'osconfig.patchDeployments.create', 'osconfig.patchDeployments.delete', 'osconfig.patchDeployments.execute', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchDeployments.pause', 'osconfig.patchDeployments.resume', 'osconfig.patchDeployments.update', 'osconfig.patchJobs.exec', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list']
Copy Permissions BETA
roles/osconfig.viewer
Readonly access to OS Config resources
OS Config Viewer
['osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.get', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'osconfig.projectFeatureSettings.get', 'osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list']
Copy Permissions BETA
roles/baremetalsolution.osimagesviewer
Viewer of Bare Metal Solution OS images resources
OS Images Viewer
['baremetalsolution.osimages.list']
Copy Permissions GA
roles/osconfig.inventoryViewer
Viewer of OS Inventories
OS Inventory Viewer
['osconfig.inventories.get', 'osconfig.inventories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.vulnerabilityReportViewer
Viewer of OS VulnerabilityReports
OS VulnerabilityReport Viewer
['osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.osPolicyAssignmentAdmin
Full admin access to OS Policy Assignments
OSPolicyAssignment Admin
['osconfig.osPolicyAssignments.create', 'osconfig.osPolicyAssignments.delete', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.osPolicyAssignments.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.osPolicyAssignmentEditor
Editor of OS Policy Assignments
OSPolicyAssignment Editor
['osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.osPolicyAssignments.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.osPolicyAssignmentViewer
Viewer of OS Policy Assignments
OSPolicyAssignment Viewer
['osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.osPolicyAssignmentReportViewer
Viewer of OS policy assignment reports for VM instances
OSPolicyAssignmentReport Viewer
['osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudasset.otherCloudConfigServiceAgent
Service Agent used by other-cloud config to collect assets data from other-cloud.
Other Cloud Config Service Agent
Copy Permissions ALPHA
roles/securedlandingzone.overwatchActivator
This role can activate or suspend Overwatches
Overwatch Activator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.suspend']
Copy Permissions BETA
roles/securedlandingzone.overwatchAdmin
Full access to Overwatches
Overwatch Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.create', 'securedlandingzone.overwatches.delete', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list', 'securedlandingzone.overwatches.suspend', 'securedlandingzone.overwatches.update']
Copy Permissions BETA
roles/securedlandingzone.overwatchViewer
This role can view all properties of Overwatches
Overwatch Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list']
Copy Permissions BETA
roles/owner
Full access to most Google Cloud resources. See the list of included permissions.
Owner
['accessapproval.requests.approve', 'accessapproval.requests.dismiss', 'accessapproval.requests.get', 'accessapproval.requests.invalidate', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.delete', 'accessapproval.settings.get', 'accessapproval.settings.update', 'accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.gcpUserAccessBindings.create', 'accesscontextmanager.gcpUserAccessBindings.delete', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.gcpUserAccessBindings.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.setIamPolicy', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'actions.agent.claimContentProvider', 'actions.agent.get', 'actions.agent.update', 'actions.agentVersions.create', 'actions.agentVersions.delete', 'actions.agentVersions.deploy', 'actions.agentVersions.get', 'actions.agentVersions.list', 'advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'advisorynotifications.settings.update', 'aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cacheConfigs.update', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.consents.update', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.setIamPolicy', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.setIamPolicy', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.setIamPolicy', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.migratableResources.migrate', 'aiplatform.migratableResources.search', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.create', 'aiplatform.persistentResources.delete', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.recordAccess', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'alloydb.backups.create', 'alloydb.backups.createTagBinding', 'alloydb.backups.delete', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.backups.update', 'alloydb.clusters.create', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.delete', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.export', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.import', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.clusters.promote', 'alloydb.clusters.switchover', 'alloydb.clusters.update', 'alloydb.clusters.upgrade', 'alloydb.databases.list', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.executeSql', 'alloydb.instances.failover', 'alloydb.instances.get', 'alloydb.instances.injectFault', 'alloydb.instances.list', 'alloydb.instances.restart', 'alloydb.instances.update', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.cancel', 'alloydb.operations.delete', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.create', 'alloydb.users.delete', 'alloydb.users.get', 'alloydb.users.list', 'alloydb.users.login', 'alloydb.users.update', 'analyticshub.dataExchanges.create', 'analyticshub.dataExchanges.delete', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.setIamPolicy', 'analyticshub.dataExchanges.subscribe', 'analyticshub.dataExchanges.update', 'analyticshub.dataExchanges.viewSubscriptions', 'analyticshub.listings.create', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.subscribe', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'androidmanagement.enterprises.manage', 'apigateway.apiconfigs.create', 'apigateway.apiconfigs.delete', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.setIamPolicy', 'apigateway.apiconfigs.update', 'apigateway.apis.create', 'apigateway.apis.delete', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.setIamPolicy', 'apigateway.apis.update', 'apigateway.gateways.create', 'apigateway.gateways.delete', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.setIamPolicy', 'apigateway.gateways.update', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.cancel', 'apigateway.operations.delete', 'apigateway.operations.get', 'apigateway.operations.list', 'apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.caches.delete', 'apigee.caches.list', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datalocation.get', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.endpointattachments.create', 'apigee.endpointattachments.delete', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.create', 'apigee.envgroupattachments.delete', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.create', 'apigee.envgroups.delete', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.envgroups.update', 'apigee.environments.create', 'apigee.environments.delete', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.manageRuntime', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.create', 'apigee.instanceattachments.delete', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.create', 'apigee.instances.delete', 'apigee.instances.get', 'apigee.instances.list', 'apigee.instances.reportStatus', 'apigee.instances.update', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.nataddresses.activate', 'apigee.nataddresses.create', 'apigee.nataddresses.delete', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.create', 'apigee.organizations.delete', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.organizations.update', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'apigee.projects.migrate', 'apigee.projects.previewMigration', 'apigee.projects.update', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.runtimeconfigs.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.setupcontexts.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'apigeeconnect.connections.list', 'apigeeconnect.endpoints.connect', 'apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.setIamPolicy', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.setIamPolicy', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.instances.get', 'apigeeregistry.instances.update', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.cancel', 'apigeeregistry.operations.delete', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.setIamPolicy', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.setIamPolicy', 'apigeeregistry.versions.update', 'apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'apikeys.keys.create', 'apikeys.keys.delete', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apikeys.keys.undelete', 'apikeys.keys.update', 'apim.apiObservations.batchEditTags', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.create', 'apim.observationJobs.delete', 'apim.observationJobs.disable', 'apim.observationJobs.enable', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.create', 'apim.observationSources.delete', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.cancel', 'apim.operations.delete', 'apim.operations.get', 'apim.operations.list', 'appengine.applications.create', 'appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.getKey', 'appengine.memcache.list', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.getFileContents', 'appengine.versions.list', 'appengine.versions.update', 'apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.setIamPolicy', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.attach', 'apphub.serviceProjectAttachments.create', 'apphub.serviceProjectAttachments.delete', 'apphub.serviceProjectAttachments.detach', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'applianceactivation.rttCommands.approve', 'applianceactivation.rttCommands.create', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'applianceactivation.rttCommands.sendResult', 'artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.enrollResource', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.delete', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.catalogs.update', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.create', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.events.purge', 'automlrecommendations.events.rejoin', 'automlrecommendations.placements.create', 'automlrecommendations.placements.delete', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.delete', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'autoscaling.sites.setIamPolicy', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'batch.states.report', 'batch.tasks.get', 'batch.tasks.list', 'beyondcorp.appConnections.create', 'beyondcorp.appConnections.delete', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.setIamPolicy', 'beyondcorp.appConnections.update', 'beyondcorp.appConnectors.create', 'beyondcorp.appConnectors.delete', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.reportStatus', 'beyondcorp.appConnectors.setIamPolicy', 'beyondcorp.appConnectors.update', 'beyondcorp.appGateways.create', 'beyondcorp.appGateways.delete', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.setIamPolicy', 'beyondcorp.appGateways.update', 'beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.create', 'beyondcorp.partnerTenants.delete', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.partnerTenants.update', 'beyondcorp.proxyConfigs.create', 'beyondcorp.proxyConfigs.delete', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.proxyConfigs.update', 'beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'biglake.catalogs.create', 'biglake.catalogs.delete', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.create', 'biglake.databases.delete', 'biglake.databases.get', 'biglake.databases.list', 'biglake.databases.update', 'biglake.locks.check', 'biglake.locks.create', 'biglake.locks.delete', 'biglake.locks.list', 'biglake.tables.create', 'biglake.tables.delete', 'biglake.tables.get', 'biglake.tables.list', 'biglake.tables.lock', 'biglake.tables.update', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.getIamPolicy', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setIamPolicy', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.locations.get', 'bigquerymigration.locations.list', 'bigquerymigration.subtaskTypes.executeTask', 'bigquerymigration.subtasks.create', 'bigquerymigration.subtasks.executeTask', 'bigquerymigration.subtasks.get', 'bigquerymigration.subtasks.list', 'bigquerymigration.taskTypes.orchestrateTask', 'bigquerymigration.taskTypes.writeLogs', 'bigquerymigration.translation.translate', 'bigquerymigration.workflows.create', 'bigquerymigration.workflows.delete', 'bigquerymigration.workflows.get', 'bigquerymigration.workflows.list', 'bigquerymigration.workflows.orchestrateTask', 'bigquerymigration.workflows.update', 'bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceCosts.get', 'billing.resourcebudgets.read', 'billing.resourcebudgets.write', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.setIamPolicy', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.setIamPolicy', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.setIamPolicy', 'binaryauthorization.policy.update', 'blockchainnodeengine.blockchainNodes.create', 'blockchainnodeengine.blockchainNodes.delete', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.blockchainNodes.update', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.cancel', 'blockchainnodeengine.operations.delete', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.create', 'blockchainvalidatormanager.blockchainValidatorConfigs.delete', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.update', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.cancel', 'blockchainvalidatormanager.operations.delete', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'carestudio.patients.get', 'carestudio.patients.list', 'certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.delete', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.cancel', 'certificatemanager.operations.delete', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.delete', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'chat.bots.get', 'chat.bots.update', 'chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.bigQueryAccess.provide', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessLabels.create', 'chronicle.dataAccessLabels.delete', 'chronicle.dataAccessLabels.get', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessLabels.update', 'chronicle.dataAccessScopes.create', 'chronicle.dataAccessScopes.delete', 'chronicle.dataAccessScopes.get', 'chronicle.dataAccessScopes.list', 'chronicle.dataAccessScopes.permit', 'chronicle.dataAccessScopes.update', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.extensionValidationReports.get', 'chronicle.extensionValidationReports.list', 'chronicle.feedServiceAccounts.fetch', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.create', 'chronicle.feeds.delete', 'chronicle.feeds.disable', 'chronicle.feeds.enable', 'chronicle.feeds.generateSecret', 'chronicle.feeds.get', 'chronicle.feeds.list', 'chronicle.feeds.update', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.generateWorkspaceConnectionToken', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.instances.soarAdmin', 'chronicle.instances.soarThreatManager', 'chronicle.instances.soarVulnerabilityManager', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.parserExtensions.activate', 'chronicle.parserExtensions.create', 'chronicle.parserExtensions.delete', 'chronicle.parserExtensions.generateKeyValueMappings', 'chronicle.parserExtensions.get', 'chronicle.parserExtensions.legacySubmitParserExtension', 'chronicle.parserExtensions.list', 'chronicle.parserExtensions.removeSyslog', 'chronicle.parsers.activate', 'chronicle.parsers.activateReleaseCandidate', 'chronicle.parsers.copyPrebuiltParser', 'chronicle.parsers.create', 'chronicle.parsers.deactivate', 'chronicle.parsers.delete', 'chronicle.parsers.generateEventTypesSuggestions', 'chronicle.parsers.get', 'chronicle.parsers.list', 'chronicle.parsers.runParser', 'chronicle.parsingErrors.list', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.validationErrors.list', 'chronicle.validationReports.get', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'chroniclesm.gcpAssociations.create', 'chroniclesm.gcpAssociations.delete', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update', 'clientauthconfig.brands.create', 'clientauthconfig.brands.delete', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.brands.update', 'clientauthconfig.clients.create', 'clientauthconfig.clients.createSecret', 'clientauthconfig.clients.delete', 'clientauthconfig.clients.get', 'clientauthconfig.clients.getWithSecret', 'clientauthconfig.clients.list', 'clientauthconfig.clients.listWithSecrets', 'clientauthconfig.clients.undelete', 'clientauthconfig.clients.update', 'cloud.locations.get', 'cloud.locations.list', 'cloudaicompanion.codeRepositoryIndexes.create', 'cloudaicompanion.codeRepositoryIndexes.delete', 'cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.codeRepositoryIndexes.update', 'cloudaicompanion.companions.generateChat', 'cloudaicompanion.companions.generateCode', 'cloudaicompanion.entitlements.get', 'cloudaicompanion.instances.completeCode', 'cloudaicompanion.instances.completeTask', 'cloudaicompanion.instances.generateCode', 'cloudaicompanion.instances.generateText', 'cloudaicompanion.operations.cancel', 'cloudaicompanion.operations.delete', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.create', 'cloudaicompanion.repositoryGroups.delete', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.setIamPolicy', 'cloudaicompanion.repositoryGroups.update', 'cloudaicompanion.repositoryGroups.use', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'cloudbuild.builds.approve', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'cloudbuild.workerpools.use', 'cloudconfig.configs.get', 'cloudconfig.configs.update', 'cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list', 'clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create', 'clouddebugger.debuggees.list', 'clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.setIamPolicy', 'clouddeploy.targets.update', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update', 'cloudjobdiscovery.companies.create', 'cloudjobdiscovery.companies.delete', 'cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.companies.update', 'cloudjobdiscovery.events.create', 'cloudjobdiscovery.jobs.create', 'cloudjobdiscovery.jobs.delete', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.jobs.update', 'cloudjobdiscovery.profiles.create', 'cloudjobdiscovery.profiles.delete', 'cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.profiles.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'cloudjobdiscovery.tools.access', 'cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.destroy', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.manageRawAesCbcKeys', 'cloudkms.cryptoKeyVersions.manageRawAesCtrKeys', 'cloudkms.cryptoKeyVersions.manageRawPKCS1Keys', 'cloudkms.cryptoKeyVersions.restore', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.locations.optOutKeyDeletionMsa', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'cloudkms.protectedResources.search', 'cloudmessaging.messages.create', 'cloudmigration.velostrataendpoints.connect', 'cloudnotifications.activities.list', 'cloudonefs.isiloncloud.com/clusters.create', 'cloudonefs.isiloncloud.com/clusters.delete', 'cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/clusters.update', 'cloudonefs.isiloncloud.com/clusters.updateAdvancedSettings', 'cloudonefs.isiloncloud.com/fileshares.create', 'cloudonefs.isiloncloud.com/fileshares.delete', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudonefs.isiloncloud.com/fileshares.update', 'cloudoptimization.operations.create', 'cloudoptimization.operations.get', 'cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'cloudprofiler.profiles.create', 'cloudprofiler.profiles.list', 'cloudprofiler.profiles.update', 'cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'cloudsupport.accounts.create', 'cloudsupport.accounts.delete', 'cloudsupport.accounts.get', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.accounts.purchase', 'cloudsupport.accounts.setIamPolicy', 'cloudsupport.accounts.update', 'cloudsupport.accounts.updateUserRoles', 'cloudsupport.operations.get', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'cloudtasks.cmekConfig.get', 'cloudtasks.cmekConfig.update', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'cloudtasks.tasks.create', 'cloudtasks.tasks.delete', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'cloudtasks.tasks.run', 'cloudtestservice.devicesession.cancel', 'cloudtestservice.devicesession.create', 'cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'cloudtestservice.devicesession.update', 'cloudtestservice.devicesession.use', 'cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.create', 'cloudtestservice.matrices.get', 'cloudtestservice.matrices.update', 'cloudtoolresults.executions.create', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.executions.update', 'cloudtoolresults.histories.create', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.create', 'cloudtoolresults.settings.get', 'cloudtoolresults.settings.update', 'cloudtoolresults.steps.create', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtoolresults.steps.update', 'cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'cloudtrace.traces.patch', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'cloudvolumesgcp-api.netapp.com/activeDirectories.create', 'cloudvolumesgcp-api.netapp.com/activeDirectories.delete', 'cloudvolumesgcp-api.netapp.com/activeDirectories.get', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/activeDirectories.update', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.get', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.create', 'cloudvolumesgcp-api.netapp.com/snapshots.delete', 'cloudvolumesgcp-api.netapp.com/snapshots.get', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/snapshots.update', 'cloudvolumesgcp-api.netapp.com/volumereplication.authorize', 'cloudvolumesgcp-api.netapp.com/volumereplication.break', 'cloudvolumesgcp-api.netapp.com/volumereplication.create', 'cloudvolumesgcp-api.netapp.com/volumereplication.delete', 'cloudvolumesgcp-api.netapp.com/volumereplication.get', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.release', 'cloudvolumesgcp-api.netapp.com/volumereplication.resync', 'cloudvolumesgcp-api.netapp.com/volumereplication.update', 'cloudvolumesgcp-api.netapp.com/volumes.create', 'cloudvolumesgcp-api.netapp.com/volumes.delete', 'cloudvolumesgcp-api.netapp.com/volumes.get', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'cloudvolumesgcp-api.netapp.com/volumes.update', 'commerceagreementpublishing.agreements.create', 'commerceagreementpublishing.agreements.delete', 'commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.agreements.update', 'commerceagreementpublishing.documents.create', 'commerceagreementpublishing.documents.delete', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commerceagreementpublishing.documents.update', 'commercebusinessenablement.leadgenConfig.get', 'commercebusinessenablement.leadgenConfig.update', 'commercebusinessenablement.operations.cancel', 'commercebusinessenablement.operations.delete', 'commercebusinessenablement.operations.get', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.paymentConfig.get', 'commercebusinessenablement.paymentConfig.update', 'commercebusinessenablement.refunds.cancel', 'commercebusinessenablement.refunds.create', 'commercebusinessenablement.refunds.delete', 'commercebusinessenablement.refunds.get', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.refunds.start', 'commercebusinessenablement.refunds.update', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerConfig.update', 'commercebusinessenablement.resellerDiscountConfig.get', 'commercebusinessenablement.resellerDiscountOffers.cancel', 'commercebusinessenablement.resellerDiscountOffers.create', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.cancel', 'commercebusinessenablement.resellerPrivateOfferPlans.create', 'commercebusinessenablement.resellerPrivateOfferPlans.delete', 'commercebusinessenablement.resellerPrivateOfferPlans.get', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerPrivateOfferPlans.publish', 'commercebusinessenablement.resellerPrivateOfferPlans.update', 'commercebusinessenablement.resellerRestrictions.list', 'commercebusinessenablement.resellerRestrictions.update', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'commerceorggovernance.collectionRequestApprovals.list', 'commerceorggovernance.collectionRequestApprovals.review', 'commerceorggovernance.collections.create', 'commerceorggovernance.collections.delete', 'commerceorggovernance.collections.get', 'commerceorggovernance.collections.list', 'commerceorggovernance.collections.update', 'commerceorggovernance.consumerSharingPolicies.get', 'commerceorggovernance.consumerSharingPolicies.update', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'commerceorggovernance.populateCollectionJobs.create', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.populateCollectionJobs.run', 'commerceorggovernance.populateCollectionJobs.update', 'commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'commerceorggovernance.services.request', 'commerceprice.events.get', 'commerceprice.events.list', 'commerceprice.privateoffers.cancel', 'commerceprice.privateoffers.create', 'commerceprice.privateoffers.delete', 'commerceprice.privateoffers.get', 'commerceprice.privateoffers.list', 'commerceprice.privateoffers.publish', 'commerceprice.privateoffers.sendEmail', 'commerceprice.privateoffers.update', 'composer.dags.execute', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.create', 'composer.environments.delete', 'composer.environments.executeAirflowCommand', 'composer.environments.get', 'composer.environments.list', 'composer.environments.update', 'composer.imageversions.list', 'composer.operations.delete', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.create', 'composer.userworkloadsconfigmaps.delete', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadsconfigmaps.update', 'composer.userworkloadssecrets.create', 'composer.userworkloadssecrets.delete', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'composer.userworkloadssecrets.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.futureReservations.cancel', 'compute.futureReservations.create', 'compute.futureReservations.delete', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.futureReservations.setIamPolicy', 'compute.futureReservations.update', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.delete', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.globalPublicDelegatedPrefixes.create', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEdgeSecurityServices.create', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.delete', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEdgeSecurityServices.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.addNodes', 'compute.nodeGroups.create', 'compute.nodeGroups.delete', 'compute.nodeGroups.deleteNodes', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeGroups.performMaintenance', 'compute.nodeGroups.setIamPolicy', 'compute.nodeGroups.setNodeTemplate', 'compute.nodeGroups.simulateMaintenanceEvent', 'compute.nodeGroups.update', 'compute.nodeTemplates.create', 'compute.nodeTemplates.delete', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTemplates.setIamPolicy', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.organizations.setFirewallPolicy', 'compute.organizations.setSecurityPolicy', 'compute.oslogin.updateExternalUser', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCloudArmorTier', 'compute.projects.setCommonInstanceMetadata', 'compute.projects.setDefaultNetworkTier', 'compute.projects.setDefaultServiceAccount', 'compute.projects.setManagedProtectionTier', 'compute.projects.setUsageExportBucket', 'compute.publicAdvertisedPrefixes.create', 'compute.publicAdvertisedPrefixes.delete', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicAdvertisedPrefixes.update', 'compute.publicAdvertisedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.create', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.publicDelegatedPrefixes.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.delete', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionOperations.setIamPolicy', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.create', 'compute.reservations.delete', 'compute.reservations.get', 'compute.reservations.list', 'compute.reservations.resize', 'compute.reservations.update', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshotSettings.get', 'compute.snapshotSettings.update', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.delete', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zoneOperations.setIamPolicy', 'compute.zones.get', 'compute.zones.list', 'confidentialcomputing.challenges.create', 'confidentialcomputing.challenges.verify', 'confidentialcomputing.locations.get', 'confidentialcomputing.locations.list', 'config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.deleteState', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.list', 'config.deployments.lock', 'config.deployments.setIamPolicy', 'config.deployments.unlock', 'config.deployments.update', 'config.deployments.updateState', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.export', 'config.previews.get', 'config.previews.list', 'config.previews.upload', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.getState', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'configdelivery.fleetPackages.create', 'configdelivery.fleetPackages.delete', 'configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.fleetPackages.update', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.cancel', 'configdelivery.operations.delete', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.delete', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.delete', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'configdelivery.rollouts.abort', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'configdelivery.rollouts.resume', 'configdelivery.rollouts.suspend', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.create', 'connectors.connections.delete', 'connectors.connections.executeSqlQuery', 'connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.getIamPolicy', 'connectors.connections.getRuntimeActionSchema', 'connectors.connections.getRuntimeEntitySchema', 'connectors.connections.list', 'connectors.connections.listenEvent', 'connectors.connections.setIamPolicy', 'connectors.connections.update', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.create', 'connectors.customConnectorVersions.delete', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectorVersions.setIamPolicy', 'connectors.customConnectorVersions.update', 'connectors.customConnectors.create', 'connectors.customConnectors.delete', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.customConnectors.setIamPolicy', 'connectors.customConnectors.update', 'connectors.endpointAttachments.create', 'connectors.endpointAttachments.delete', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.endpointAttachments.setIamPolicy', 'connectors.endpointAttachments.update', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.create', 'connectors.eventSubscriptions.delete', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventSubscriptions.update', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.create', 'connectors.managedZones.delete', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.managedZones.setIamPolicy', 'connectors.managedZones.update', 'connectors.operations.cancel', 'connectors.operations.delete', 'connectors.operations.get', 'connectors.operations.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.regionalSettings.get', 'connectors.regionalSettings.update', 'connectors.runtimeconfig.get', 'connectors.schemaMetadata.refresh', 'connectors.settings.get', 'connectors.settings.update', 'connectors.versions.get', 'connectors.versions.list', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.allowProjectGrant', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.freeTrials.create', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'contactcenteraiplatform.contactCenters.create', 'contactcenteraiplatform.contactCenters.delete', 'contactcenteraiplatform.contactCenters.get', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.contactCenters.program', 'contactcenteraiplatform.contactCenters.queryQuota', 'contactcenteraiplatform.contactCenters.update', 'contactcenteraiplatform.locations.get', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.cancel', 'contactcenteraiplatform.operations.delete', 'contactcenteraiplatform.operations.get', 'contactcenteraiplatform.operations.list', 'contactcenterinsights.analyses.create', 'contactcenterinsights.analyses.delete', 'contactcenterinsights.analyses.get', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.create', 'contactcenterinsights.analysisRules.delete', 'contactcenterinsights.analysisRules.get', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.analysisRules.update', 'contactcenterinsights.conversations.create', 'contactcenterinsights.conversations.delete', 'contactcenterinsights.conversations.export', 'contactcenterinsights.conversations.get', 'contactcenterinsights.conversations.list', 'contactcenterinsights.conversations.update', 'contactcenterinsights.conversations.upload', 'contactcenterinsights.faqEntries.delete', 'contactcenterinsights.faqEntries.get', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqEntries.update', 'contactcenterinsights.faqModels.create', 'contactcenterinsights.faqModels.delete', 'contactcenterinsights.faqModels.get', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.faqModels.update', 'contactcenterinsights.feedbackLabels.create', 'contactcenterinsights.feedbackLabels.delete', 'contactcenterinsights.feedbackLabels.download', 'contactcenterinsights.feedbackLabels.get', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.feedbackLabels.update', 'contactcenterinsights.feedbackLabels.upload', 'contactcenterinsights.issueModels.create', 'contactcenterinsights.issueModels.delete', 'contactcenterinsights.issueModels.deploy', 'contactcenterinsights.issueModels.export', 'contactcenterinsights.issueModels.get', 'contactcenterinsights.issueModels.import', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issueModels.undeploy', 'contactcenterinsights.issueModels.update', 'contactcenterinsights.issues.create', 'contactcenterinsights.issues.delete', 'contactcenterinsights.issues.get', 'contactcenterinsights.issues.list', 'contactcenterinsights.issues.update', 'contactcenterinsights.operations.cancel', 'contactcenterinsights.operations.get', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.create', 'contactcenterinsights.phraseMatchers.delete', 'contactcenterinsights.phraseMatchers.get', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.phraseMatchers.update', 'contactcenterinsights.qaQuestions.create', 'contactcenterinsights.qaQuestions.delete', 'contactcenterinsights.qaQuestions.get', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaQuestions.update', 'contactcenterinsights.qaScorecardRevisions.create', 'contactcenterinsights.qaScorecardRevisions.delete', 'contactcenterinsights.qaScorecardRevisions.deploy', 'contactcenterinsights.qaScorecardRevisions.get', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecardRevisions.tune', 'contactcenterinsights.qaScorecardRevisions.undeploy', 'contactcenterinsights.qaScorecards.create', 'contactcenterinsights.qaScorecards.delete', 'contactcenterinsights.qaScorecards.get', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.qaScorecards.update', 'contactcenterinsights.settings.get', 'contactcenterinsights.settings.update', 'contactcenterinsights.views.create', 'contactcenterinsights.views.delete', 'contactcenterinsights.views.get', 'contactcenterinsights.views.list', 'contactcenterinsights.views.update', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.notes.listOccurrences', 'containeranalysis.notes.setIamPolicy', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.setIamPolicy', 'containeranalysis.occurrences.update', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.get', 'containersecurity.locations.list', 'contentwarehouse.corpora.create', 'contentwarehouse.corpora.delete', 'contentwarehouse.corpora.get', 'contentwarehouse.corpora.list', 'contentwarehouse.corpora.update', 'contentwarehouse.dataExportJobs.create', 'contentwarehouse.dataExportJobs.update', 'contentwarehouse.documentSchemas.create', 'contentwarehouse.documentSchemas.delete', 'contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documentSchemas.update', 'contentwarehouse.documents.create', 'contentwarehouse.documents.delete', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.documents.setIamPolicy', 'contentwarehouse.documents.update', 'contentwarehouse.links.create', 'contentwarehouse.links.delete', 'contentwarehouse.links.get', 'contentwarehouse.links.update', 'contentwarehouse.locations.getStatus', 'contentwarehouse.locations.initialize', 'contentwarehouse.operations.get', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.rawDocuments.upload', 'contentwarehouse.ruleSets.create', 'contentwarehouse.ruleSets.delete', 'contentwarehouse.ruleSets.get', 'contentwarehouse.ruleSets.list', 'contentwarehouse.ruleSets.update', 'contentwarehouse.synonymSets.create', 'contentwarehouse.synonymSets.delete', 'contentwarehouse.synonymSets.get', 'contentwarehouse.synonymSets.list', 'contentwarehouse.synonymSets.update', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'databaseinsights.activeQueries.fetch', 'databaseinsights.activeQuery.terminate', 'databaseinsights.activitySummary.fetch', 'databaseinsights.aggregatedEvents.query', 'databaseinsights.aggregatedStats.query', 'databaseinsights.clusterEvents.query', 'databaseinsights.instanceEvents.query', 'databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.recommendations.query', 'databaseinsights.resourceRecommendations.query', 'databaseinsights.timeSeries.query', 'databaseinsights.workloadRecommendations.fetch', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'datacatalog.operations.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'datacatalog.taxonomies.update', 'dataconnectors.connectors.create', 'dataconnectors.connectors.delete', 'dataconnectors.connectors.get', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.connectors.setIamPolicy', 'dataconnectors.connectors.update', 'dataconnectors.connectors.use', 'dataconnectors.locations.get', 'dataconnectors.locations.list', 'dataconnectors.operations.cancel', 'dataconnectors.operations.delete', 'dataconnectors.operations.get', 'dataconnectors.operations.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.shuffle.read', 'dataflow.shuffle.write', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataflow.streamingWorkItems.ImportState', 'dataflow.streamingWorkItems.commitWork', 'dataflow.streamingWorkItems.getData', 'dataflow.streamingWorkItems.getWork', 'dataflow.streamingWorkItems.getWorkerMetadata', 'dataflow.workItems.lease', 'dataflow.workItems.sendMessage', 'dataflow.workItems.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.create', 'datafusion.instances.createTagBinding', 'datafusion.instances.delete', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.instances.restart', 'datafusion.instances.runtime', 'datafusion.instances.setIamPolicy', 'datafusion.instances.update', 'datafusion.instances.upgrade', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.cancel', 'datafusion.operations.delete', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.create', 'datafusion.pipelineConnections.delete', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.update', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'datalabeling.annotateddatasets.delete', 'datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.label', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.create', 'datalabeling.annotationspecsets.delete', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.create', 'datalabeling.datasets.delete', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.import', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.create', 'datalabeling.instructions.delete', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.cancel', 'datalabeling.operations.get', 'datalabeling.operations.list', 'datalineage.events.create', 'datalineage.events.delete', 'datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.operations.get', 'datalineage.processes.create', 'datalineage.processes.delete', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.processes.update', 'datalineage.runs.create', 'datalineage.runs.delete', 'datalineage.runs.get', 'datalineage.runs.list', 'datalineage.runs.update', 'datamigration.connectionprofiles.create', 'datamigration.connectionprofiles.delete', 'datamigration.connectionprofiles.get', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.connectionprofiles.setIamPolicy', 'datamigration.connectionprofiles.update', 'datamigration.conversionworkspaces.apply', 'datamigration.conversionworkspaces.commit', 'datamigration.conversionworkspaces.convert', 'datamigration.conversionworkspaces.create', 'datamigration.conversionworkspaces.delete', 'datamigration.conversionworkspaces.get', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.conversionworkspaces.rollback', 'datamigration.conversionworkspaces.seed', 'datamigration.conversionworkspaces.setIamPolicy', 'datamigration.conversionworkspaces.update', 'datamigration.locations.fetchStaticIps', 'datamigration.locations.get', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.mappingrules.import', 'datamigration.mappingrules.setIamPolicy', 'datamigration.migrationjobs.create', 'datamigration.migrationjobs.delete', 'datamigration.migrationjobs.demoteDestination', 'datamigration.migrationjobs.generateSshScript', 'datamigration.migrationjobs.generateTcpProxyScript', 'datamigration.migrationjobs.get', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.migrationjobs.promote', 'datamigration.migrationjobs.restart', 'datamigration.migrationjobs.resume', 'datamigration.migrationjobs.setIamPolicy', 'datamigration.migrationjobs.start', 'datamigration.migrationjobs.stop', 'datamigration.migrationjobs.update', 'datamigration.migrationjobs.verify', 'datamigration.objects.get', 'datamigration.objects.list', 'datamigration.operations.cancel', 'datamigration.operations.delete', 'datamigration.operations.get', 'datamigration.operations.list', 'datamigration.privateconnections.create', 'datamigration.privateconnections.delete', 'datamigration.privateconnections.get', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datamigration.privateconnections.setIamPolicy', 'datapipelines.jobs.list', 'datapipelines.pipelines.create', 'datapipelines.pipelines.delete', 'datapipelines.pipelines.get', 'datapipelines.pipelines.list', 'datapipelines.pipelines.run', 'datapipelines.pipelines.stop', 'datapipelines.pipelines.update', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.ownData', 'dataplex.assets.readData', 'dataplex.assets.setIamPolicy', 'dataplex.assets.update', 'dataplex.assets.writeData', 'dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.setIamPolicy', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.setIamPolicy', 'dataplex.lakes.update', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.projects.search', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.setIamPolicy', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.setIamPolicy', 'dataplex.zones.update', 'dataprep.projects.use', 'dataproc.agents.create', 'dataproc.agents.delete', 'dataproc.agents.get', 'dataproc.agents.list', 'dataproc.agents.update', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.setIamPolicy', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.batches.sparkApplicationWrite', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.clusters.setIamPolicy', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.jobs.setIamPolicy', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.operations.setIamPolicy', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.sparkApplicationWrite', 'dataproc.sessions.terminate', 'dataproc.tasks.lease', 'dataproc.tasks.listInvalidatedLeases', 'dataproc.tasks.reportStatus', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.setIamPolicy', 'dataproc.workflowTemplates.update', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.datasources.update', 'dataprocessing.featurecontrols.list', 'dataprocessing.featurecontrols.update', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'dataprocessing.groupcontrols.update', 'dataprocrm.locations.get', 'dataprocrm.locations.list', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.nodes.update', 'dataprocrm.operations.cancel', 'dataprocrm.operations.delete', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'datastream.connectionProfiles.create', 'datastream.connectionProfiles.createTagBinding', 'datastream.connectionProfiles.delete', 'datastream.connectionProfiles.deleteTagBinding', 'datastream.connectionProfiles.destinationTypes', 'datastream.connectionProfiles.discover', 'datastream.connectionProfiles.get', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listStaticServiceIps', 'datastream.connectionProfiles.listTagBindings', 'datastream.connectionProfiles.setIamPolicy', 'datastream.connectionProfiles.sourceTypes', 'datastream.connectionProfiles.update', 'datastream.locations.fetchStaticIps', 'datastream.locations.get', 'datastream.locations.list', 'datastream.objects.get', 'datastream.objects.list', 'datastream.objects.startBackfillJob', 'datastream.objects.stopBackfillJob', 'datastream.operations.cancel', 'datastream.operations.delete', 'datastream.operations.get', 'datastream.operations.list', 'datastream.privateConnections.create', 'datastream.privateConnections.createTagBinding', 'datastream.privateConnections.delete', 'datastream.privateConnections.deleteTagBinding', 'datastream.privateConnections.get', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.privateConnections.setIamPolicy', 'datastream.routes.create', 'datastream.routes.delete', 'datastream.routes.get', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.routes.setIamPolicy', 'datastream.streams.computeState', 'datastream.streams.create', 'datastream.streams.createTagBinding', 'datastream.streams.delete', 'datastream.streams.deleteTagBinding', 'datastream.streams.fetchErrors', 'datastream.streams.get', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'datastream.streams.pause', 'datastream.streams.resume', 'datastream.streams.setIamPolicy', 'datastream.streams.start', 'datastream.streams.update', 'datastudio.datasources.delete', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.move', 'datastudio.datasources.restoreTrash', 'datastudio.datasources.search', 'datastudio.datasources.setIamPolicy', 'datastudio.datasources.settingsShare', 'datastudio.datasources.share', 'datastudio.datasources.trash', 'datastudio.datasources.update', 'datastudio.reports.delete', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.move', 'datastudio.reports.restoreTrash', 'datastudio.reports.search', 'datastudio.reports.setIamPolicy', 'datastudio.reports.settingsShare', 'datastudio.reports.share', 'datastudio.reports.trash', 'datastudio.reports.update', 'datastudio.workspaces.createUnder', 'datastudio.workspaces.delete', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.moveIn', 'datastudio.workspaces.moveOut', 'datastudio.workspaces.restoreTrash', 'datastudio.workspaces.search', 'datastudio.workspaces.setIamPolicy', 'datastudio.workspaces.trash', 'datastudio.workspaces.update', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.getIamPolicy', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.setIamPolicy', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'developerconnect.connections.constructGitHubAppManifest', 'developerconnect.connections.create', 'developerconnect.connections.delete', 'developerconnect.connections.fetchGitHubInstallations', 'developerconnect.connections.fetchLinkableGitRepositories', 'developerconnect.connections.generateGitHubStateToken', 'developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.connections.processGitHubAppCreationCallback', 'developerconnect.connections.processGitHubOAuthCallback', 'developerconnect.connections.update', 'developerconnect.gitRepositoryLinks.create', 'developerconnect.gitRepositoryLinks.delete', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.fetchReadWriteToken', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.cancel', 'developerconnect.operations.delete', 'developerconnect.operations.get', 'developerconnect.operations.list', 'dialogflow.agents.create', 'dialogflow.agents.delete', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.import', 'dialogflow.agents.list', 'dialogflow.agents.restore', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.agents.train', 'dialogflow.agents.update', 'dialogflow.agents.validate', 'dialogflow.answerrecords.delete', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.answerrecords.update', 'dialogflow.callMatchers.create', 'dialogflow.callMatchers.delete', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.create', 'dialogflow.contexts.delete', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.contexts.update', 'dialogflow.conversationDatasets.create', 'dialogflow.conversationDatasets.delete', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.import', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.create', 'dialogflow.conversationModels.delete', 'dialogflow.conversationModels.deploy', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationModels.undeploy', 'dialogflow.conversationProfiles.create', 'dialogflow.conversationProfiles.delete', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversationProfiles.update', 'dialogflow.conversations.addPhoneNumber', 'dialogflow.conversations.complete', 'dialogflow.conversations.create', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.conversations.update', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.create', 'dialogflow.documents.delete', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.encryptionspec.update', 'dialogflow.entityTypes.create', 'dialogflow.entityTypes.createEntity', 'dialogflow.entityTypes.delete', 'dialogflow.entityTypes.deleteEntity', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.entityTypes.update', 'dialogflow.entityTypes.updateEntity', 'dialogflow.environments.create', 'dialogflow.environments.delete', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.environments.runContinuousTest', 'dialogflow.environments.update', 'dialogflow.examples.create', 'dialogflow.examples.delete', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.examples.update', 'dialogflow.experiments.create', 'dialogflow.experiments.delete', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.experiments.update', 'dialogflow.flows.create', 'dialogflow.flows.delete', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.flows.train', 'dialogflow.flows.update', 'dialogflow.flows.validate', 'dialogflow.fulfillments.get', 'dialogflow.fulfillments.update', 'dialogflow.generators.create', 'dialogflow.generators.delete', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.generators.update', 'dialogflow.integrations.create', 'dialogflow.integrations.delete', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.integrations.update', 'dialogflow.intents.create', 'dialogflow.intents.delete', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.intents.update', 'dialogflow.knowledgeBases.create', 'dialogflow.knowledgeBases.delete', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.knowledgeBases.update', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.create', 'dialogflow.pages.delete', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.pages.update', 'dialogflow.participants.analyzeContent', 'dialogflow.participants.create', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.participants.update', 'dialogflow.phoneNumberOrders.cancel', 'dialogflow.phoneNumberOrders.create', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumberOrders.update', 'dialogflow.phoneNumbers.delete', 'dialogflow.phoneNumbers.list', 'dialogflow.phoneNumbers.undelete', 'dialogflow.phoneNumbers.update', 'dialogflow.playbooks.create', 'dialogflow.playbooks.delete', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.playbooks.update', 'dialogflow.securitySettings.create', 'dialogflow.securitySettings.delete', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.securitySettings.update', 'dialogflow.sessionEntityTypes.create', 'dialogflow.sessionEntityTypes.delete', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.sessionEntityTypes.update', 'dialogflow.sessions.detectIntent', 'dialogflow.sessions.streamingDetectIntent', 'dialogflow.smartMessagingEntries.create', 'dialogflow.smartMessagingEntries.delete', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.create', 'dialogflow.testcases.delete', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.import', 'dialogflow.testcases.list', 'dialogflow.testcases.run', 'dialogflow.testcases.update', 'dialogflow.tools.create', 'dialogflow.tools.delete', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.tools.update', 'dialogflow.transitionRouteGroups.create', 'dialogflow.transitionRouteGroups.delete', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.transitionRouteGroups.update', 'dialogflow.versions.create', 'dialogflow.versions.delete', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.versions.load', 'dialogflow.versions.update', 'dialogflow.webhooks.create', 'dialogflow.webhooks.delete', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'dialogflow.webhooks.update', 'discoveryengine.aclConfigs.get', 'discoveryengine.aclConfigs.update', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.cmekConfigs.update', 'discoveryengine.collections.delete', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.completionConfigs.update', 'discoveryengine.controls.create', 'discoveryengine.controls.delete', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.controls.update', 'discoveryengine.conversations.converse', 'discoveryengine.conversations.create', 'discoveryengine.conversations.delete', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.conversations.update', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.create', 'discoveryengine.dataStores.delete', 'discoveryengine.dataStores.enrollSolutions', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.dataStores.trainCustomModel', 'discoveryengine.dataStores.update', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documentProcessingConfigs.update', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.create', 'discoveryengine.documents.delete', 'discoveryengine.documents.get', 'discoveryengine.documents.import', 'discoveryengine.documents.list', 'discoveryengine.documents.purge', 'discoveryengine.documents.update', 'discoveryengine.engines.create', 'discoveryengine.engines.delete', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.engines.pause', 'discoveryengine.engines.resume', 'discoveryengine.engines.tune', 'discoveryengine.engines.update', 'discoveryengine.evaluations.create', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.locations.estimateDataSize', 'discoveryengine.models.create', 'discoveryengine.models.delete', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.models.pause', 'discoveryengine.models.resume', 'discoveryengine.models.tune', 'discoveryengine.models.update', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.projects.provision', 'discoveryengine.projects.reportConsentChange', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.create', 'discoveryengine.sampleQueries.delete', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.import', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQueries.update', 'discoveryengine.sampleQuerySets.create', 'discoveryengine.sampleQuerySets.delete', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.sampleQuerySets.update', 'discoveryengine.schemas.create', 'discoveryengine.schemas.delete', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.update', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.create', 'discoveryengine.servingConfigs.delete', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.servingConfigs.update', 'discoveryengine.sessions.create', 'discoveryengine.sessions.delete', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.sessions.update', 'discoveryengine.siteSearchEngines.batchVerifyTargetSites', 'discoveryengine.siteSearchEngines.disableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.enableAdvancedSiteSearch', 'discoveryengine.siteSearchEngines.fetchDomainVerificationStatus', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.siteSearchEngines.recrawlUris', 'discoveryengine.suggestionDenyListEntries.import', 'discoveryengine.suggestionDenyListEntries.purge', 'discoveryengine.targetSites.batchCreate', 'discoveryengine.targetSites.create', 'discoveryengine.targetSites.delete', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.targetSites.update', 'discoveryengine.userEvents.create', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.userEvents.import', 'discoveryengine.userEvents.purge', 'discoveryengine.widgetConfigs.get', 'discoveryengine.widgetConfigs.update', 'dlp.analyzeRiskTemplates.create', 'dlp.analyzeRiskTemplates.delete', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.analyzeRiskTemplates.update', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.create', 'dlp.connections.delete', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.connections.update', 'dlp.deidentifyTemplates.create', 'dlp.deidentifyTemplates.delete', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.deidentifyTemplates.update', 'dlp.estimates.cancel', 'dlp.estimates.create', 'dlp.estimates.delete', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.delete', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.create', 'dlp.inspectTemplates.delete', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.inspectTemplates.update', 'dlp.jobTriggers.create', 'dlp.jobTriggers.delete', 'dlp.jobTriggers.get', 'dlp.jobTriggers.hybridInspect', 'dlp.jobTriggers.list', 'dlp.jobTriggers.update', 'dlp.jobs.cancel', 'dlp.jobs.create', 'dlp.jobs.delete', 'dlp.jobs.get', 'dlp.jobs.hybridInspect', 'dlp.jobs.list', 'dlp.kms.encrypt', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.create', 'dlp.storedInfoTypes.delete', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.storedInfoTypes.update', 'dlp.subscriptions.cancel', 'dlp.subscriptions.create', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.subscriptions.update', 'dlp.tableDataProfiles.delete', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.setIamPolicy', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.setIamPolicy', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'documentai.dataLabelingJobs.cancel', 'documentai.dataLabelingJobs.create', 'documentai.dataLabelingJobs.delete', 'documentai.dataLabelingJobs.list', 'documentai.dataLabelingJobs.update', 'documentai.datasetSchemas.get', 'documentai.datasetSchemas.update', 'documentai.datasets.createDocuments', 'documentai.datasets.deleteDocuments', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.datasets.update', 'documentai.datasets.updateDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.create', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.humanReviewConfigs.update', 'documentai.labelerPools.create', 'documentai.labelerPools.delete', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.labelerPools.update', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.create', 'documentai.processorVersions.delete', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processorVersions.update', 'documentai.processors.create', 'documentai.processors.delete', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'documentai.processors.update', 'domains.locations.get', 'domains.locations.list', 'domains.operations.cancel', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.configureContact', 'domains.registrations.configureDns', 'domains.registrations.configureManagement', 'domains.registrations.create', 'domains.registrations.createTagBinding', 'domains.registrations.delete', 'domains.registrations.deleteTagBinding', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'domains.registrations.setIamPolicy', 'domains.registrations.update', 'earthengine.assets.create', 'earthengine.assets.delete', 'earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.assets.setIamPolicy', 'earthengine.assets.update', 'earthengine.computations.create', 'earthengine.config.get', 'earthengine.config.update', 'earthengine.exports.create', 'earthengine.featureviews.create', 'earthengine.filmstripthumbnails.create', 'earthengine.filmstripthumbnails.get', 'earthengine.imports.create', 'earthengine.maps.create', 'earthengine.maps.get', 'earthengine.operations.delete', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.operations.update', 'earthengine.tables.create', 'earthengine.tables.get', 'earthengine.thumbnails.create', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.create', 'earthengine.videothumbnails.get', 'edgecontainer.clusters.create', 'edgecontainer.clusters.delete', 'edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.generateOfflineCredential', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.clusters.setIamPolicy', 'edgecontainer.clusters.update', 'edgecontainer.clusters.upgrade', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.create', 'edgecontainer.machines.delete', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.setIamPolicy', 'edgecontainer.machines.update', 'edgecontainer.machines.use', 'edgecontainer.nodePools.create', 'edgecontainer.nodePools.delete', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.nodePools.setIamPolicy', 'edgecontainer.nodePools.update', 'edgecontainer.operations.cancel', 'edgecontainer.operations.delete', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.vpnConnections.create', 'edgecontainer.vpnConnections.delete', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.vpnConnections.setIamPolicy', 'edgecontainer.vpnConnections.update', 'edgenetwork.interconnectAttachments.create', 'edgenetwork.interconnectAttachments.delete', 'edgenetwork.interconnectAttachments.get', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnectAttachments.setIamPolicy', 'edgenetwork.interconnectAttachments.update', 'edgenetwork.interconnects.get', 'edgenetwork.interconnects.getDiagnostics', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.interconnects.setIamPolicy', 'edgenetwork.locations.get', 'edgenetwork.locations.list', 'edgenetwork.networks.create', 'edgenetwork.networks.delete', 'edgenetwork.networks.get', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.getStatus', 'edgenetwork.networks.list', 'edgenetwork.networks.setIamPolicy', 'edgenetwork.networks.update', 'edgenetwork.operations.cancel', 'edgenetwork.operations.delete', 'edgenetwork.operations.get', 'edgenetwork.operations.list', 'edgenetwork.routers.create', 'edgenetwork.routers.delete', 'edgenetwork.routers.get', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.getRouterStatus', 'edgenetwork.routers.list', 'edgenetwork.routers.patch', 'edgenetwork.routers.setIamPolicy', 'edgenetwork.routers.update', 'edgenetwork.routes.create', 'edgenetwork.routes.delete', 'edgenetwork.routes.get', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.create', 'edgenetwork.subnetworks.delete', 'edgenetwork.subnetworks.get', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.getStatus', 'edgenetwork.subnetworks.list', 'edgenetwork.subnetworks.setIamPolicy', 'edgenetwork.subnetworks.update', 'edgenetwork.zones.get', 'edgenetwork.zones.initialize', 'edgenetwork.zones.list', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.cancel', 'enterpriseknowledgegraph.entityReconciliationJobs.create', 'enterpriseknowledgegraph.entityReconciliationJobs.delete', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'enterprisepurchasing.gcveCuds.create', 'enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.cancel', 'enterprisepurchasing.operations.delete', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.create', 'errorreporting.errorEvents.delete', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groupMetadata.update', 'errorreporting.groups.list', 'essentialcontacts.contacts.create', 'essentialcontacts.contacts.delete', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'essentialcontacts.contacts.send', 'essentialcontacts.contacts.update', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'fcmdata.deliverydata.list', 'file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update', 'financialservices.locations.get', 'financialservices.locations.list', 'financialservices.operations.cancel', 'financialservices.operations.delete', 'financialservices.operations.get', 'financialservices.operations.list', 'financialservices.v1backtests.create', 'financialservices.v1backtests.delete', 'financialservices.v1backtests.exportMetadata', 'financialservices.v1backtests.get', 'financialservices.v1backtests.list', 'financialservices.v1backtests.update', 'financialservices.v1datasets.create', 'financialservices.v1datasets.delete', 'financialservices.v1datasets.get', 'financialservices.v1datasets.list', 'financialservices.v1datasets.update', 'financialservices.v1engineconfigs.create', 'financialservices.v1engineconfigs.delete', 'financialservices.v1engineconfigs.exportMetadata', 'financialservices.v1engineconfigs.get', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineconfigs.update', 'financialservices.v1engineversions.get', 'financialservices.v1engineversions.list', 'financialservices.v1instances.create', 'financialservices.v1instances.delete', 'financialservices.v1instances.exportRegisteredParties', 'financialservices.v1instances.get', 'financialservices.v1instances.importRegisteredParties', 'financialservices.v1instances.list', 'financialservices.v1instances.update', 'financialservices.v1models.create', 'financialservices.v1models.delete', 'financialservices.v1models.exportMetadata', 'financialservices.v1models.get', 'financialservices.v1models.list', 'financialservices.v1models.update', 'financialservices.v1predictions.create', 'financialservices.v1predictions.delete', 'financialservices.v1predictions.exportMetadata', 'financialservices.v1predictions.get', 'financialservices.v1predictions.list', 'financialservices.v1predictions.update', 'firebase.billingPlans.get', 'firebase.billingPlans.update', 'firebase.clients.create', 'firebase.clients.delete', 'firebase.clients.get', 'firebase.clients.list', 'firebase.clients.undelete', 'firebase.clients.update', 'firebase.links.create', 'firebase.links.delete', 'firebase.links.list', 'firebase.links.update', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.playLinks.update', 'firebase.projects.delete', 'firebase.projects.get', 'firebase.projects.update', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.create', 'firebaseabt.experiments.delete', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.experiments.update', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsEdit', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.appAttestConfig.update', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.debugTokens.update', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.deviceCheckConfig.update', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.playIntegrityConfig.update', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.update', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.recaptchaV3Config.update', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.resourcePolicies.update', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.safetyNetConfig.update', 'firebaseappcheck.services.get', 'firebaseappcheck.services.update', 'firebaseappdistro.groups.list', 'firebaseappdistro.groups.update', 'firebaseappdistro.releases.list', 'firebaseappdistro.releases.update', 'firebaseappdistro.testers.list', 'firebaseappdistro.testers.update', 'firebaseauth.configs.create', 'firebaseauth.configs.get', 'firebaseauth.configs.getHashConfig', 'firebaseauth.configs.getSecret', 'firebaseauth.configs.update', 'firebaseauth.users.create', 'firebaseauth.users.createSession', 'firebaseauth.users.delete', 'firebaseauth.users.get', 'firebaseauth.users.sendEmail', 'firebaseauth.users.update', 'firebasecrash.issues.update', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.config.update', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.issues.update', 'firebasecrashlytics.sessions.get', 'firebasedatabase.instances.create', 'firebasedatabase.instances.delete', 'firebasedatabase.instances.disable', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedatabase.instances.reenable', 'firebasedatabase.instances.undelete', 'firebasedatabase.instances.update', 'firebasedataconnect.connectorRevisions.delete', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.create', 'firebasedataconnect.connectors.delete', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.connectors.update', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.cancel', 'firebasedataconnect.operations.delete', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.delete', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.create', 'firebasedataconnect.schemas.delete', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.schemas.update', 'firebasedataconnect.services.create', 'firebasedataconnect.services.delete', 'firebasedataconnect.services.executeGraphql', 'firebasedataconnect.services.executeGraphqlRead', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedataconnect.services.update', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.destinations.update', 'firebasedynamiclinks.domains.create', 'firebasedynamiclinks.domains.delete', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.domains.update', 'firebasedynamiclinks.links.create', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.links.update', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.create', 'firebaseextensions.configs.delete', 'firebaseextensions.configs.list', 'firebaseextensions.configs.update', 'firebaseextensionspublisher.extensions.create', 'firebaseextensionspublisher.extensions.delete', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.create', 'firebasehosting.sites.delete', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebasehosting.sites.update', 'firebaseinappmessaging.campaigns.create', 'firebaseinappmessaging.campaigns.delete', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebaseinappmessaging.campaigns.update', 'firebasemessagingcampaigns.campaigns.create', 'firebasemessagingcampaigns.campaigns.delete', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebasemessagingcampaigns.campaigns.start', 'firebasemessagingcampaigns.campaigns.stop', 'firebasemessagingcampaigns.campaigns.update', 'firebaseml.models.create', 'firebaseml.models.delete', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.models.update', 'firebaseml.modelversions.create', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebaseml.modelversions.update', 'firebasenotifications.messages.create', 'firebasenotifications.messages.delete', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebasenotifications.messages.update', 'firebaseperformance.config.update', 'firebaseperformance.data.get', 'firebaserules.releases.create', 'firebaserules.releases.delete', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.releases.update', 'firebaserules.rulesets.create', 'firebaserules.rulesets.delete', 'firebaserules.rulesets.get', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'firebasestorage.buckets.addFirebase', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.buckets.removeFirebase', 'firebasestorage.defaultBucket.create', 'firebasestorage.defaultBucket.delete', 'firebasestorage.defaultBucket.get', 'fleetengine.deliveryvehicles.allowAllActions', 'fleetengine.deliveryvehicles.create', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.deliveryvehicles.update', 'fleetengine.deliveryvehicles.updateLocation', 'fleetengine.deliveryvehicles.updateVehicleStops', 'fleetengine.tasks.allowAllActions', 'fleetengine.tasks.create', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasks.update', 'fleetengine.tasktrackinginfo.allowAllActions', 'fleetengine.tasktrackinginfo.get', 'fleetengine.trips.allowAllActions', 'fleetengine.trips.create', 'fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.trips.update', 'fleetengine.trips.updateState', 'fleetengine.vehicles.allowAllActions', 'fleetengine.vehicles.create', 'fleetengine.vehicles.get', 'fleetengine.vehicles.list', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed', 'fleetengine.vehicles.update', 'fleetengine.vehicles.updateLocation', 'gcp.redisenterprise.com/databases.create', 'gcp.redisenterprise.com/databases.delete', 'gcp.redisenterprise.com/databases.get', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/databases.update', 'gcp.redisenterprise.com/subscriptions.create', 'gcp.redisenterprise.com/subscriptions.delete', 'gcp.redisenterprise.com/subscriptions.get', 'gcp.redisenterprise.com/subscriptions.list', 'gcp.redisenterprise.com/subscriptions.update', 'gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.create', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.create', 'gdchardwaremanagement.hardware.delete', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardware.update', 'gdchardwaremanagement.hardwareGroups.create', 'gdchardwaremanagement.hardwareGroups.delete', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.hardwareGroups.update', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.cancel', 'gdchardwaremanagement.operations.delete', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.create', 'gdchardwaremanagement.orders.delete', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.orders.submit', 'gdchardwaremanagement.orders.update', 'gdchardwaremanagement.sites.create', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.sites.update', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.create', 'gdchardwaremanagement.zones.delete', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'gdchardwaremanagement.zones.update', 'genomics.datasets.create', 'genomics.datasets.delete', 'genomics.datasets.get', 'genomics.datasets.getIamPolicy', 'genomics.datasets.list', 'genomics.datasets.setIamPolicy', 'genomics.datasets.update', 'genomics.operations.cancel', 'genomics.operations.create', 'genomics.operations.get', 'genomics.operations.list', 'gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.cancel', 'gkebackup.operations.delete', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'gkehub.endpoints.connect', 'gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.gateway.stream', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.setIamPolicy', 'gkehub.scopes.update', 'gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.getAdminKubeconfig', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.getAdminKubeconfig', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.create', 'gkeonprem.bareMetalAdminClusters.enroll', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.queryVersionConfig', 'gkeonprem.bareMetalAdminClusters.setIamPolicy', 'gkeonprem.bareMetalAdminClusters.unenroll', 'gkeonprem.bareMetalAdminClusters.update', 'gkeonprem.bareMetalClusters.create', 'gkeonprem.bareMetalClusters.delete', 'gkeonprem.bareMetalClusters.enroll', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.queryVersionConfig', 'gkeonprem.bareMetalClusters.setIamPolicy', 'gkeonprem.bareMetalClusters.unenroll', 'gkeonprem.bareMetalClusters.update', 'gkeonprem.bareMetalNodePools.create', 'gkeonprem.bareMetalNodePools.delete', 'gkeonprem.bareMetalNodePools.enroll', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.bareMetalNodePools.setIamPolicy', 'gkeonprem.bareMetalNodePools.unenroll', 'gkeonprem.bareMetalNodePools.update', 'gkeonprem.locations.get', 'gkeonprem.locations.list', 'gkeonprem.operations.cancel', 'gkeonprem.operations.delete', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.enroll', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareAdminClusters.setIamPolicy', 'gkeonprem.vmwareAdminClusters.unenroll', 'gkeonprem.vmwareAdminClusters.update', 'gkeonprem.vmwareClusters.create', 'gkeonprem.vmwareClusters.delete', 'gkeonprem.vmwareClusters.enroll', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.queryVersionConfig', 'gkeonprem.vmwareClusters.setIamPolicy', 'gkeonprem.vmwareClusters.unenroll', 'gkeonprem.vmwareClusters.update', 'gkeonprem.vmwareNodePools.create', 'gkeonprem.vmwareNodePools.delete', 'gkeonprem.vmwareNodePools.enroll', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gkeonprem.vmwareNodePools.setIamPolicy', 'gkeonprem.vmwareNodePools.unenroll', 'gkeonprem.vmwareNodePools.update', 'gsuiteaddons.authorizations.get', 'gsuiteaddons.deployments.create', 'gsuiteaddons.deployments.delete', 'gsuiteaddons.deployments.execute', 'gsuiteaddons.deployments.get', 'gsuiteaddons.deployments.install', 'gsuiteaddons.deployments.installStatus', 'gsuiteaddons.deployments.list', 'gsuiteaddons.deployments.uninstall', 'gsuiteaddons.deployments.update', 'healthcare.annotationStores.create', 'healthcare.annotationStores.delete', 'healthcare.annotationStores.evaluate', 'healthcare.annotationStores.export', 'healthcare.annotationStores.get', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.import', 'healthcare.annotationStores.list', 'healthcare.annotationStores.setIamPolicy', 'healthcare.annotationStores.update', 'healthcare.annotations.create', 'healthcare.annotations.delete', 'healthcare.annotations.get', 'healthcare.annotations.list', 'healthcare.annotations.update', 'healthcare.attributeDefinitions.create', 'healthcare.attributeDefinitions.delete', 'healthcare.attributeDefinitions.get', 'healthcare.attributeDefinitions.list', 'healthcare.attributeDefinitions.update', 'healthcare.consentArtifacts.create', 'healthcare.consentArtifacts.delete', 'healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.create', 'healthcare.consentStores.delete', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consentStores.setIamPolicy', 'healthcare.consentStores.update', 'healthcare.consents.activate', 'healthcare.consents.create', 'healthcare.consents.delete', 'healthcare.consents.get', 'healthcare.consents.list', 'healthcare.consents.reject', 'healthcare.consents.revoke', 'healthcare.consents.update', 'healthcare.datasets.create', 'healthcare.datasets.deidentify', 'healthcare.datasets.delete', 'healthcare.datasets.get', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.datasets.setIamPolicy', 'healthcare.datasets.update', 'healthcare.dicomStores.create', 'healthcare.dicomStores.deidentify', 'healthcare.dicomStores.delete', 'healthcare.dicomStores.dicomWebDelete', 'healthcare.dicomStores.dicomWebRead', 'healthcare.dicomStores.dicomWebWrite', 'healthcare.dicomStores.export', 'healthcare.dicomStores.get', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.import', 'healthcare.dicomStores.list', 'healthcare.dicomStores.setIamPolicy', 'healthcare.dicomStores.update', 'healthcare.fhirResources.create', 'healthcare.fhirResources.delete', 'healthcare.fhirResources.get', 'healthcare.fhirResources.patch', 'healthcare.fhirResources.purge', 'healthcare.fhirResources.translateConceptMap', 'healthcare.fhirResources.update', 'healthcare.fhirStores.applyConsents', 'healthcare.fhirStores.configureSearch', 'healthcare.fhirStores.create', 'healthcare.fhirStores.deidentify', 'healthcare.fhirStores.delete', 'healthcare.fhirStores.executeBundle', 'healthcare.fhirStores.explainDataAccess', 'healthcare.fhirStores.export', 'healthcare.fhirStores.get', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.import', 'healthcare.fhirStores.list', 'healthcare.fhirStores.rollback', 'healthcare.fhirStores.searchResources', 'healthcare.fhirStores.setIamPolicy', 'healthcare.fhirStores.update', 'healthcare.hl7V2Messages.create', 'healthcare.hl7V2Messages.delete', 'healthcare.hl7V2Messages.get', 'healthcare.hl7V2Messages.ingest', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Messages.update', 'healthcare.hl7V2Stores.create', 'healthcare.hl7V2Stores.delete', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.import', 'healthcare.hl7V2Stores.list', 'healthcare.hl7V2Stores.rollback', 'healthcare.hl7V2Stores.setIamPolicy', 'healthcare.hl7V2Stores.update', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.nlpservice.analyzeEntities', 'healthcare.operations.cancel', 'healthcare.operations.get', 'healthcare.operations.list', 'healthcare.userDataMappings.archive', 'healthcare.userDataMappings.create', 'healthcare.userDataMappings.delete', 'healthcare.userDataMappings.get', 'healthcare.userDataMappings.list', 'healthcare.userDataMappings.update', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.googleapis.com/oauthClientCredentials.create', 'iam.googleapis.com/oauthClientCredentials.delete', 'iam.googleapis.com/oauthClientCredentials.get', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClientCredentials.update', 'iam.googleapis.com/oauthClients.create', 'iam.googleapis.com/oauthClients.delete', 'iam.googleapis.com/oauthClients.get', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/oauthClients.undelete', 'iam.googleapis.com/oauthClients.update', 'iam.googleapis.com/workforcePoolProviderKeys.create', 'iam.googleapis.com/workforcePoolProviderKeys.delete', 'iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviderKeys.undelete', 'iam.googleapis.com/workforcePoolProviders.create', 'iam.googleapis.com/workforcePoolProviders.delete', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePoolProviders.undelete', 'iam.googleapis.com/workforcePoolProviders.update', 'iam.googleapis.com/workforcePoolSubjects.delete', 'iam.googleapis.com/workforcePoolSubjects.undelete', 'iam.googleapis.com/workforcePools.create', 'iam.googleapis.com/workforcePools.createPolicyBinding', 'iam.googleapis.com/workforcePools.delete', 'iam.googleapis.com/workforcePools.deletePolicyBinding', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.searchPolicyBindings', 'iam.googleapis.com/workforcePools.setIamPolicy', 'iam.googleapis.com/workforcePools.undelete', 'iam.googleapis.com/workforcePools.update', 'iam.googleapis.com/workforcePools.updatePolicyBinding', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.create', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.delete', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.get', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.undelete', 'iam.googleapis.com/workloadIdentityPoolProviders.create', 'iam.googleapis.com/workloadIdentityPoolProviders.delete', 'iam.googleapis.com/workloadIdentityPoolProviders.get', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPoolProviders.undelete', 'iam.googleapis.com/workloadIdentityPoolProviders.update', 'iam.googleapis.com/workloadIdentityPools.create', 'iam.googleapis.com/workloadIdentityPools.delete', 'iam.googleapis.com/workloadIdentityPools.get', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.googleapis.com/workloadIdentityPools.undelete', 'iam.googleapis.com/workloadIdentityPools.update', 'iam.googleapis.com/workspacePools.createPolicyBinding', 'iam.googleapis.com/workspacePools.deletePolicyBinding', 'iam.googleapis.com/workspacePools.searchPolicyBindings', 'iam.googleapis.com/workspacePools.updatePolicyBinding', 'iam.operations.get', 'iam.policybindings.get', 'iam.policybindings.list', 'iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.searchPolicyBindings', 'iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.undelete', 'iam.roles.update', 'iam.serviceAccountKeys.create', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.disable', 'iam.serviceAccountKeys.enable', 'iam.serviceAccountKeys.get', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.createTagBinding', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.deleteTagBinding', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.enable', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'iam.serviceAccounts.setIamPolicy', 'iam.serviceAccounts.undelete', 'iam.serviceAccounts.update', 'iam.workloadIdentityPools.createPolicyBinding', 'iam.workloadIdentityPools.deletePolicyBinding', 'iam.workloadIdentityPools.searchPolicyBindings', 'iam.workloadIdentityPools.updatePolicyBinding', 'iap.projects.getSettings', 'iap.projects.updateSettings', 'iap.tunnel.getIamPolicy', 'iap.tunnel.setIamPolicy', 'iap.tunnelDestGroups.accessViaIAP', 'iap.tunnelDestGroups.create', 'iap.tunnelDestGroups.delete', 'iap.tunnelDestGroups.get', 'iap.tunnelDestGroups.getIamPolicy', 'iap.tunnelDestGroups.list', 'iap.tunnelDestGroups.remediate', 'iap.tunnelDestGroups.setIamPolicy', 'iap.tunnelDestGroups.update', 'iap.tunnelInstances.accessViaIAP', 'iap.tunnelInstances.getIamPolicy', 'iap.tunnelInstances.setIamPolicy', 'iap.tunnelLocations.getIamPolicy', 'iap.tunnelLocations.setIamPolicy', 'iap.tunnelZones.getIamPolicy', 'iap.tunnelZones.setIamPolicy', 'iap.tunnelinstances.remediate', 'iap.web.getIamPolicy', 'iap.web.getSettings', 'iap.web.setIamPolicy', 'iap.web.updateSettings', 'iap.webServiceVersions.getIamPolicy', 'iap.webServiceVersions.getSettings', 'iap.webServiceVersions.remediate', 'iap.webServiceVersions.setIamPolicy', 'iap.webServiceVersions.updateSettings', 'iap.webServices.getIamPolicy', 'iap.webServices.getSettings', 'iap.webServices.setIamPolicy', 'iap.webServices.updateSettings', 'iap.webTypes.getIamPolicy', 'iap.webTypes.getSettings', 'iap.webTypes.setIamPolicy', 'iap.webTypes.updateSettings', 'identitytoolkit.tenants.create', 'identitytoolkit.tenants.delete', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.setIamPolicy', 'identitytoolkit.tenants.update', 'ids.endpoints.create', 'ids.endpoints.delete', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.setIamPolicy', 'ids.endpoints.update', 'ids.locations.get', 'ids.locations.list', 'ids.operations.cancel', 'ids.operations.delete', 'ids.operations.get', 'ids.operations.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.securityAuthConfigs.create', 'integrations.securityAuthConfigs.delete', 'integrations.securityAuthConfigs.get', 'integrations.securityAuthConfigs.list', 'integrations.securityAuthConfigs.update', 'integrations.securityExecutions.cancel', 'integrations.securityExecutions.get', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.create', 'integrations.securityIntegTempVers.get', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.create', 'integrations.securityIntegrationVers.delete', 'integrations.securityIntegrationVers.deploy', 'integrations.securityIntegrationVers.get', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrationVers.update', 'integrations.securityIntegrations.invoke', 'integrations.securityIntegrations.list', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'issuerswitch.accountManagerTransactions.list', 'issuerswitch.accountManagerTransactions.update', 'issuerswitch.complaintTransactions.list', 'issuerswitch.complaints.create', 'issuerswitch.complaints.resolve', 'issuerswitch.disputes.create', 'issuerswitch.disputes.resolve', 'issuerswitch.financialTransactions.list', 'issuerswitch.issuerParticipants.get', 'issuerswitch.issuerParticipants.update', 'issuerswitch.managedAccounts.get', 'issuerswitch.managedAccounts.update', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.cancel', 'issuerswitch.operations.delete', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'issuerswitch.operations.wait', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.create', 'issuerswitch.ruleMetadataValues.delete', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'krmapihosting.krmApiHosts.create', 'krmapihosting.krmApiHosts.delete', 'krmapihosting.krmApiHosts.get', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.krmApiHosts.setIamPolicy', 'krmapihosting.krmApiHosts.update', 'krmapihosting.locations.get', 'krmapihosting.locations.list', 'krmapihosting.operations.cancel', 'krmapihosting.operations.delete', 'krmapihosting.operations.get', 'krmapihosting.operations.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run', 'livestream.assets.create', 'livestream.assets.delete', 'livestream.assets.get', 'livestream.assets.list', 'livestream.channels.create', 'livestream.channels.delete', 'livestream.channels.get', 'livestream.channels.list', 'livestream.channels.start', 'livestream.channels.stop', 'livestream.channels.update', 'livestream.clips.create', 'livestream.clips.delete', 'livestream.clips.get', 'livestream.clips.list', 'livestream.events.create', 'livestream.events.delete', 'livestream.events.get', 'livestream.events.list', 'livestream.inputs.create', 'livestream.inputs.delete', 'livestream.inputs.get', 'livestream.inputs.list', 'livestream.inputs.update', 'livestream.locations.get', 'livestream.locations.list', 'livestream.operations.cancel', 'livestream.operations.delete', 'livestream.operations.get', 'livestream.operations.list', 'livestream.pools.get', 'livestream.pools.update', 'logging.buckets.copyLogEntries', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.fields.access', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.delete', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.deleteShared', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.share', 'logging.queries.updateShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.usage.get', 'logging.views.access', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'logging.views.setIamPolicy', 'logging.views.update', 'looker.backups.create', 'looker.backups.delete', 'looker.backups.get', 'looker.backups.list', 'looker.instances.create', 'looker.instances.delete', 'looker.instances.export', 'looker.instances.get', 'looker.instances.import', 'looker.instances.list', 'looker.instances.login', 'looker.instances.update', 'looker.locations.get', 'looker.locations.list', 'looker.operations.cancel', 'looker.operations.delete', 'looker.operations.get', 'looker.operations.list', 'lookerstudio.pro.manage', 'managedflink.deployments.create', 'managedflink.deployments.delete', 'managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.deployments.update', 'managedflink.jobs.create', 'managedflink.jobs.delete', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.jobs.update', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.cancel', 'managedflink.operations.delete', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.create', 'managedflink.sessions.delete', 'managedflink.sessions.get', 'managedflink.sessions.list', 'managedflink.sessions.update', 'managedidentities.backups.create', 'managedidentities.backups.delete', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.setIamPolicy', 'managedidentities.backups.update', 'managedidentities.domains.attachTrust', 'managedidentities.domains.checkMigrationPermission', 'managedidentities.domains.create', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.delete', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.detachTrust', 'managedidentities.domains.disableMigration', 'managedidentities.domains.domainJoinMachine', 'managedidentities.domains.enableMigration', 'managedidentities.domains.extendSchema', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.domains.reconfigureTrust', 'managedidentities.domains.resetpassword', 'managedidentities.domains.restore', 'managedidentities.domains.setIamPolicy', 'managedidentities.domains.update', 'managedidentities.domains.updateLDAPSSettings', 'managedidentities.domains.validateTrust', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.cancel', 'managedidentities.operations.delete', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.create', 'managedidentities.peerings.delete', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.peerings.setIamPolicy', 'managedidentities.peerings.update', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'managedkafka.clusters.connect', 'managedkafka.clusters.create', 'managedkafka.clusters.delete', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.clusters.update', 'managedkafka.consumerGroups.delete', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.consumerGroups.update', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.cancel', 'managedkafka.operations.delete', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.create', 'managedkafka.topics.delete', 'managedkafka.topics.get', 'managedkafka.topics.list', 'managedkafka.topics.update', 'mandiant.genericAttackSurfaceManagements.create', 'mandiant.genericAttackSurfaceManagements.delete', 'mandiant.genericAttackSurfaceManagements.get', 'mandiant.genericAttackSurfaceManagements.update', 'mandiant.genericDigitalThreatMonitorings.create', 'mandiant.genericDigitalThreatMonitorings.get', 'mandiant.genericDigitalThreatMonitorings.update', 'mandiant.genericExpertiseOnDemands.create', 'mandiant.genericExpertiseOnDemands.delete', 'mandiant.genericExpertiseOnDemands.get', 'mandiant.genericExpertiseOnDemands.update', 'mandiant.genericPlatforms.create', 'mandiant.genericPlatforms.delete', 'mandiant.genericPlatforms.get', 'mandiant.genericPlatforms.update', 'mandiant.genericThreatIntels.create', 'mandiant.genericThreatIntels.delete', 'mandiant.genericThreatIntels.get', 'mandiant.genericThreatIntels.update', 'mandiant.genericValidations.create', 'mandiant.genericValidations.delete', 'mandiant.genericValidations.get', 'mandiant.genericValidations.update', 'mapsadmin.clientMaps.create', 'mapsadmin.clientMaps.delete', 'mapsadmin.clientMaps.get', 'mapsadmin.clientMaps.list', 'mapsadmin.clientMaps.update', 'mapsadmin.clientStyleActivationRules.update', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyleSheetSnapshots.update', 'mapsadmin.clientStyles.create', 'mapsadmin.clientStyles.delete', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.clientStyles.update', 'mapsadmin.styleEditorConfigs.get', 'mapsadmin.styleSnapshots.list', 'mapsadmin.styleSnapshots.update', 'mapsanalytics.metricData.query', 'mapsanalytics.metricData.queryMobilitySolutionsOverageData', 'mapsanalytics.metricMetadata.list', 'mapsplatformdatasets.datasets.create', 'mapsplatformdatasets.datasets.delete', 'mapsplatformdatasets.datasets.export', 'mapsplatformdatasets.datasets.get', 'mapsplatformdatasets.datasets.import', 'mapsplatformdatasets.datasets.list', 'mapsplatformdatasets.datasets.update', 'marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.cancel', 'marketplacesolutions.operations.delete', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.applyPowerAction', 'marketplacesolutions.powerInstances.create', 'marketplacesolutions.powerInstances.delete', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerInstances.reset', 'marketplacesolutions.powerInstances.update', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'memcache.instances.applyParameters', 'memcache.instances.applySoftwareUpdate', 'memcache.instances.create', 'memcache.instances.delete', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.rescheduleMaintenance', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.instances.upgrade', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'memorystore.instances.connect', 'memorystore.instances.create', 'memorystore.instances.delete', 'memorystore.instances.get', 'memorystore.instances.list', 'memorystore.instances.update', 'memorystore.locations.get', 'memorystore.locations.list', 'memorystore.operations.cancel', 'memorystore.operations.delete', 'memorystore.operations.get', 'memorystore.operations.list', 'meshconfig.projects.init', 'metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.setIamPolicy', 'metastore.backups.use', 'metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.setIamPolicy', 'metastore.databases.update', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.federations.setIamPolicy', 'metastore.federations.update', 'metastore.federations.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.mutateMetadata', 'metastore.services.queryMetadata', 'metastore.services.restore', 'metastore.services.setIamPolicy', 'metastore.services.update', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.setIamPolicy', 'metastore.tables.update', 'migrationcenter.assets.create', 'migrationcenter.assets.delete', 'migrationcenter.assets.get', 'migrationcenter.assets.list', 'migrationcenter.assets.reportFrames', 'migrationcenter.assets.update', 'migrationcenter.discoveryClients.create', 'migrationcenter.discoveryClients.delete', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.list', 'migrationcenter.discoveryClients.sendHeartbeat', 'migrationcenter.discoveryClients.update', 'migrationcenter.errorFrames.get', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.create', 'migrationcenter.groups.delete', 'migrationcenter.groups.get', 'migrationcenter.groups.list', 'migrationcenter.groups.update', 'migrationcenter.importDataFiles.create', 'migrationcenter.importDataFiles.delete', 'migrationcenter.importDataFiles.get', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.create', 'migrationcenter.importJobs.delete', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.importJobs.update', 'migrationcenter.locations.get', 'migrationcenter.locations.list', 'migrationcenter.operations.cancel', 'migrationcenter.operations.delete', 'migrationcenter.operations.get', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.create', 'migrationcenter.preferenceSets.delete', 'migrationcenter.preferenceSets.get', 'migrationcenter.preferenceSets.list', 'migrationcenter.preferenceSets.update', 'migrationcenter.relations.get', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.create', 'migrationcenter.reportConfigs.delete', 'migrationcenter.reportConfigs.get', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.create', 'migrationcenter.reports.delete', 'migrationcenter.reports.get', 'migrationcenter.reports.list', 'migrationcenter.settings.get', 'migrationcenter.settings.update', 'migrationcenter.sources.create', 'migrationcenter.sources.delete', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'migrationcenter.sources.update', 'ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.metricsScopes.link', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.getVerificationCode', 'monitoring.notificationChannels.list', 'monitoring.notificationChannels.sendVerificationCode', 'monitoring.notificationChannels.update', 'monitoring.notificationChannels.verify', 'monitoring.services.create', 'monitoring.services.delete', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.services.update', 'monitoring.slos.create', 'monitoring.slos.delete', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.slos.update', 'monitoring.snoozes.create', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.snoozes.update', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'monitoring.uptimeCheckConfigs.update', 'nestconsole.smarthomePreviews.update', 'nestconsole.smarthomeProjects.create', 'nestconsole.smarthomeProjects.delete', 'nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeProjects.update', 'nestconsole.smarthomeVersions.create', 'nestconsole.smarthomeVersions.get', 'nestconsole.smarthomeVersions.submit', 'netapp.activeDirectories.create', 'netapp.activeDirectories.delete', 'netapp.activeDirectories.get', 'netapp.activeDirectories.list', 'netapp.activeDirectories.update', 'netapp.backupPolicies.create', 'netapp.backupPolicies.delete', 'netapp.backupPolicies.get', 'netapp.backupPolicies.list', 'netapp.backupPolicies.update', 'netapp.backupVaults.create', 'netapp.backupVaults.delete', 'netapp.backupVaults.get', 'netapp.backupVaults.list', 'netapp.backupVaults.update', 'netapp.backups.create', 'netapp.backups.delete', 'netapp.backups.get', 'netapp.backups.list', 'netapp.backups.update', 'netapp.kmsConfigs.create', 'netapp.kmsConfigs.delete', 'netapp.kmsConfigs.encrypt', 'netapp.kmsConfigs.get', 'netapp.kmsConfigs.list', 'netapp.kmsConfigs.update', 'netapp.kmsConfigs.verify', 'netapp.locations.get', 'netapp.locations.list', 'netapp.operations.cancel', 'netapp.operations.delete', 'netapp.operations.get', 'netapp.operations.list', 'netapp.replications.create', 'netapp.replications.delete', 'netapp.replications.establishPeering', 'netapp.replications.get', 'netapp.replications.list', 'netapp.replications.resume', 'netapp.replications.reverse', 'netapp.replications.stop', 'netapp.replications.sync', 'netapp.replications.update', 'netapp.snapshots.create', 'netapp.snapshots.delete', 'netapp.snapshots.get', 'netapp.snapshots.list', 'netapp.snapshots.update', 'netapp.storagePools.create', 'netapp.storagePools.delete', 'netapp.storagePools.get', 'netapp.storagePools.list', 'netapp.storagePools.switch', 'netapp.storagePools.update', 'netapp.volumes.create', 'netapp.volumes.delete', 'netapp.volumes.get', 'netapp.volumes.list', 'netapp.volumes.revert', 'netapp.volumes.update', 'networkconnectivity.groups.acceptSpoke', 'networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.groups.rejectSpoke', 'networkconnectivity.groups.setIamPolicy', 'networkconnectivity.groups.use', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRouteTables.setIamPolicy', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubRoutes.setIamPolicy', 'networkconnectivity.hubs.create', 'networkconnectivity.hubs.delete', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.hubs.setIamPolicy', 'networkconnectivity.hubs.update', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkconnectivity.spokes.update', 'networkmanagement.connectivitytests.create', 'networkmanagement.connectivitytests.delete', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.connectivitytests.rerun', 'networkmanagement.connectivitytests.setIamPolicy', 'networkmanagement.connectivitytests.update', 'networkmanagement.locations.get', 'networkmanagement.locations.list', 'networkmanagement.operations.cancel', 'networkmanagement.operations.delete', 'networkmanagement.operations.get', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.create', 'networkmanagement.vpcflowlogsconfigs.delete', 'networkmanagement.vpcflowlogsconfigs.get', 'networkmanagement.vpcflowlogsconfigs.list', 'networkmanagement.vpcflowlogsconfigs.update', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.mirroringDeploymentGroups.create', 'networksecurity.mirroringDeploymentGroups.delete', 'networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeploymentGroups.update', 'networksecurity.mirroringDeploymentGroups.use', 'networksecurity.mirroringDeployments.create', 'networksecurity.mirroringDeployments.delete', 'networksecurity.mirroringDeployments.get', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringDeployments.update', 'networksecurity.mirroringEndpointGroupAssociations.create', 'networksecurity.mirroringEndpointGroupAssociations.delete', 'networksecurity.mirroringEndpointGroupAssociations.get', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroupAssociations.update', 'networksecurity.mirroringEndpointGroups.create', 'networksecurity.mirroringEndpointGroups.delete', 'networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.mirroringEndpointGroups.update', 'networksecurity.mirroringEndpointGroups.use', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'oauthconfig.clientpolicy.get', 'oauthconfig.testusers.get', 'oauthconfig.testusers.update', 'oauthconfig.verification.get', 'oauthconfig.verification.submit', 'oauthconfig.verification.update', 'observability.scopes.get', 'observability.scopes.update', 'ondemandscanning.operations.cancel', 'ondemandscanning.operations.delete', 'ondemandscanning.operations.get', 'ondemandscanning.operations.list', 'ondemandscanning.operations.wait', 'ondemandscanning.scans.analyzePackages', 'ondemandscanning.scans.listVulnerabilities', 'ondemandscanning.scans.scan', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'oracledatabase.autonomousDatabaseBackups.create', 'oracledatabase.autonomousDatabaseBackups.delete', 'oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.create', 'oracledatabase.autonomousDatabases.delete', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDatabases.restore', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.create', 'oracledatabase.cloudExadataInfrastructures.delete', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudExadataInfrastructures.update', 'oracledatabase.cloudExadataInfrastructures.use', 'oracledatabase.cloudVmClusters.create', 'oracledatabase.cloudVmClusters.delete', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.cloudVmClusters.update', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.cancel', 'oracledatabase.operations.delete', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'orgpolicy.constraints.list', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'osconfig.guestPolicies.create', 'osconfig.guestPolicies.delete', 'osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.guestPolicies.update', 'osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.get', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'osconfig.osPolicyAssignments.create', 'osconfig.osPolicyAssignments.delete', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.osPolicyAssignments.update', 'osconfig.patchDeployments.create', 'osconfig.patchDeployments.delete', 'osconfig.patchDeployments.execute', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchDeployments.pause', 'osconfig.patchDeployments.resume', 'osconfig.patchDeployments.update', 'osconfig.patchJobs.exec', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list', 'paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'paymentsresellersubscription.subscriptions.cancel', 'paymentsresellersubscription.subscriptions.extend', 'paymentsresellersubscription.subscriptions.get', 'paymentsresellersubscription.subscriptions.provision', 'paymentsresellersubscription.subscriptions.undoCancel', 'policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query', 'policyremediatormanager.locations.get', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.cancel', 'policyremediatormanager.operations.delete', 'policyremediatormanager.operations.get', 'policyremediatormanager.operations.list', 'policyremediatormanager.remediatorServices.disable', 'policyremediatormanager.remediatorServices.enable', 'policyremediatormanager.remediatorServices.get', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.create', 'policysimulator.orgPolicyViolationsPreviews.get', 'policysimulator.orgPolicyViolationsPreviews.list', 'policysimulator.replayResults.list', 'policysimulator.replays.create', 'policysimulator.replays.get', 'policysimulator.replays.list', 'policysimulator.replays.run', 'privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privateca.reusableConfigs.update', 'privilegedaccessmanager.entitlements.create', 'privilegedaccessmanager.entitlements.delete', 'privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.entitlements.setIamPolicy', 'privilegedaccessmanager.entitlements.update', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.grants.revoke', 'privilegedaccessmanager.locations.checkOnboardingStatus', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.delete', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'proximitybeacon.attachments.create', 'proximitybeacon.attachments.delete', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.attach', 'proximitybeacon.beacons.create', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.getIamPolicy', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.setIamPolicy', 'proximitybeacon.beacons.update', 'proximitybeacon.namespaces.create', 'proximitybeacon.namespaces.delete', 'proximitybeacon.namespaces.get', 'proximitybeacon.namespaces.getIamPolicy', 'proximitybeacon.namespaces.list', 'proximitybeacon.namespaces.setIamPolicy', 'proximitybeacon.namespaces.update', 'publicca.externalAccountKeys.create', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.attachTopic', 'pubsublite.reservations.create', 'pubsublite.reservations.delete', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.reservations.update', 'pubsublite.subscriptions.create', 'pubsublite.subscriptions.delete', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.subscriptions.seek', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.subscriptions.update', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.create', 'pubsublite.topics.delete', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions', 'pubsublite.topics.publish', 'pubsublite.topics.subscribe', 'pubsublite.topics.update', 'readerrevenuesubscriptionlinking.readerEntitlements.get', 'readerrevenuesubscriptionlinking.readerEntitlements.update', 'readerrevenuesubscriptionlinking.readers.delete', 'readerrevenuesubscriptionlinking.readers.get', 'recaptchaenterprise.assessments.annotate', 'recaptchaenterprise.assessments.create', 'recaptchaenterprise.firewallpolicies.create', 'recaptchaenterprise.firewallpolicies.delete', 'recaptchaenterprise.firewallpolicies.get', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.firewallpolicies.update', 'recaptchaenterprise.keys.create', 'recaptchaenterprise.keys.delete', 'recaptchaenterprise.keys.get', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.keys.retrievelegacysecretkey', 'recaptchaenterprise.keys.update', 'recaptchaenterprise.metrics.get', 'recaptchaenterprise.projectmetadata.get', 'recaptchaenterprise.projectmetadata.update', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewInsights.update', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryMaterializedViewRecommendations.update', 'recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.update', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.bigqueryTableStatsInsights.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralInsights.update', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudCostGeneralRecommendations.update', 'recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralInsights.update', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralRecommendations.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralInsights.update', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudManageabilityGeneralRecommendations.update', 'recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralInsights.update', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralRecommendations.update', 'recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeInsights.update', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudRecentChangeRecommendations.update', 'recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudRecentChangeRecommenderConfig.update', 'recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralInsights.update', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudReliabilityGeneralRecommendations.update', 'recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralInsights.update', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralRecommendations.update', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeAddressIdleResourceRecommendations.update', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceInsights.update', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.update', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsightTypeConfigs.update', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.computeFirewallInsights.update', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceInsights.update', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.update', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsageInsights.update', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.update', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.update', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.update', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.update', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.update', 'recommender.computeInstanceIdleResourceRecommenderConfig.get', 'recommender.computeInstanceIdleResourceRecommenderConfig.update', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.update', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsageInsights.update', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.update', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.update', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingInsights.update', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.errorReportingRecommendations.update', 'recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityInsights.update', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.firestoreDatabaseReliabilityRecommendations.update', 'recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceInsights.update', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpGuidedExperienceRecommendations.update', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementInsights.update', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectManagementRecommendations.update', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsInsights.update', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.gmpProjectProductSuggestionsRecommendations.update', 'recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskInsights.update', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyChangeRiskRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyLateralMovementInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamPolicyRecommenderConfig.update', 'recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskInsights.update', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountChangeRiskRecommendations.update', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.iamServiceAccountInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerInsights.update', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.loggingProductSuggestionContainerRecommendations.update', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeInsights.update', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.monitoringProductSuggestionComputeRecommendations.update', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerCloudSqlInsights.update', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.update', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.update', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerIpAddressInsights.update', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.update', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.update', 'recommender.resourcemanagerProjectChangeRiskInsights.get', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.update', 'recommender.resourcemanagerProjectChangeRiskRecommendations.get', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.update', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationInsights.update', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.update', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update', 'recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitInsights.update', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.resourcemanagerServiceLimitRecommendations.update', 'recommender.resources.export', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'redis.clusters.connect', 'redis.clusters.create', 'redis.clusters.delete', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.create', 'redis.instances.createTagBinding', 'redis.instances.delete', 'redis.instances.deleteTagBinding', 'redis.instances.export', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.getAuthString', 'redis.instances.import', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.instances.rescheduleMaintenance', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.instances.upgrade', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'remotebuildexecution.actions.create', 'remotebuildexecution.actions.delete', 'remotebuildexecution.actions.get', 'remotebuildexecution.actions.update', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.botsessions.create', 'remotebuildexecution.botsessions.update', 'remotebuildexecution.instances.create', 'remotebuildexecution.instances.delete', 'remotebuildexecution.instances.get', 'remotebuildexecution.instances.list', 'remotebuildexecution.instances.update', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.get', 'remotebuildexecution.logstreams.update', 'remotebuildexecution.workerpools.create', 'remotebuildexecution.workerpools.delete', 'remotebuildexecution.workerpools.get', 'remotebuildexecution.workerpools.list', 'remotebuildexecution.workerpools.update', 'resourcemanager.folders.createPolicyBinding', 'resourcemanager.folders.deletePolicyBinding', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.folders.updatePolicyBinding', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.createPolicyBinding', 'resourcemanager.organizations.deletePolicyBinding', 'resourcemanager.organizations.searchPolicyBindings', 'resourcemanager.organizations.updatePolicyBinding', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.createPolicyBinding', 'resourcemanager.projects.delete', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.deletePolicyBinding', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.projects.undelete', 'resourcemanager.projects.update', 'resourcemanager.projects.updateLiens', 'resourcemanager.projects.updatePolicyBinding', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.create', 'resourcemanager.tagKeys.delete', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.setIamPolicy', 'resourcemanager.tagKeys.update', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.create', 'resourcemanager.tagValues.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.setIamPolicy', 'resourcemanager.tagValues.update', 'resourcesettings.settings.get', 'resourcesettings.settings.list', 'retail.alertConfigs.get', 'retail.alertConfigs.update', 'retail.attributesConfigs.addCatalogAttribute', 'retail.attributesConfigs.batchRemoveCatalogAttributes', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.attributesConfigs.importCatalogAttributes', 'retail.attributesConfigs.removeCatalogAttribute', 'retail.attributesConfigs.replaceCatalogAttribute', 'retail.attributesConfigs.update', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.import', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.controls.create', 'retail.controls.delete', 'retail.controls.export', 'retail.controls.get', 'retail.controls.import', 'retail.controls.list', 'retail.controls.update', 'retail.experiments.create', 'retail.experiments.delete', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.experiments.update', 'retail.models.create', 'retail.models.delete', 'retail.models.get', 'retail.models.list', 'retail.models.pause', 'retail.models.resume', 'retail.models.tune', 'retail.models.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.purge', 'retail.products.setSponsorship', 'retail.products.update', 'retail.retailProjects.get', 'retail.servingConfigs.create', 'retail.servingConfigs.delete', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search', 'retail.servingConfigs.update', 'retail.userEvents.create', 'retail.userEvents.import', 'retail.userEvents.purge', 'retail.userEvents.rejoin', 'riscconfigurationservice.riscconfigs.createOrUpdate', 'riscconfigurationservice.riscconfigs.delete', 'riscconfigurationservice.riscconfigs.get', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.delete', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.create', 'riskmanager.reports.delete', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.reports.review', 'riskmanager.reports.share', 'riskmanager.serviceAccount.create', 'riskmanager.settings.get', 'riskmanager.settings.update', 'rma.annotations.create', 'rma.annotations.get', 'rma.collectors.create', 'rma.collectors.delete', 'rma.collectors.get', 'rma.collectors.list', 'rma.collectors.update', 'rma.locations.get', 'rma.locations.list', 'rma.operations.cancel', 'rma.operations.delete', 'rma.operations.get', 'rma.operations.list', 'routeoptimization.locations.use', 'routeoptimization.operations.create', 'routeoptimization.operations.get', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'runapps.applications.create', 'runapps.applications.delete', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.applications.update', 'runapps.deployments.create', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.getIamPolicy', 'runtimeconfig.configs.list', 'runtimeconfig.configs.setIamPolicy', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.getIamPolicy', 'runtimeconfig.variables.list', 'runtimeconfig.variables.setIamPolicy', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.getIamPolicy', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.setIamPolicy', 'runtimeconfig.waiters.update', 'secretmanager.locations.get', 'secretmanager.locations.list', 'secretmanager.secrets.create', 'secretmanager.secrets.createTagBinding', 'secretmanager.secrets.delete', 'secretmanager.secrets.deleteTagBinding', 'secretmanager.secrets.get', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'secretmanager.secrets.setIamPolicy', 'secretmanager.secrets.update', 'secretmanager.versions.access', 'secretmanager.versions.add', 'secretmanager.versions.destroy', 'secretmanager.versions.disable', 'secretmanager.versions.enable', 'secretmanager.versions.get', 'secretmanager.versions.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.activate', 'securedlandingzone.overwatches.create', 'securedlandingzone.overwatches.delete', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list', 'securedlandingzone.overwatches.suspend', 'securedlandingzone.overwatches.update', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.assets.runDiscovery', 'securitycenter.assetsecuritymarks.update', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.billingtier.update', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.containerthreatdetectionsettings.update', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.eventthreatdetectionsettings.update', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.setWorkflowState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.integratedvulnerabilityscannersettings.update', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.update', 'securitycenter.resourcevalueconfigs.create', 'securitycenter.resourcevalueconfigs.delete', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.resourcevalueconfigs.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycenter.securityhealthanalyticscustommodules.create', 'securitycenter.securityhealthanalyticscustommodules.delete', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticscustommodules.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.sources.setIamPolicy', 'securitycenter.sources.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.virtualmachinethreatdetectionsettings.update', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycenter.websecurityscannersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'securityposture.locations.get', 'securityposture.locations.list', 'securityposture.operations.delete', 'securityposture.operations.get', 'securityposture.operations.list', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureDeployments.update', 'securityposture.postureTemplates.get', 'securityposture.postureTemplates.list', 'securityposture.postures.create', 'securityposture.postures.delete', 'securityposture.postures.extract', 'securityposture.postures.get', 'securityposture.postures.list', 'securityposture.postures.update', 'securityposture.reports.create', 'securityposture.reports.get', 'securityposture.reports.list', 'servicebroker.bindingoperations.get', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.create', 'servicebroker.bindings.delete', 'servicebroker.bindings.get', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.bindings.setIamPolicy', 'servicebroker.catalogs.create', 'servicebroker.catalogs.delete', 'servicebroker.catalogs.get', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.catalogs.setIamPolicy', 'servicebroker.catalogs.validate', 'servicebroker.instanceoperations.get', 'servicebroker.instanceoperations.list', 'servicebroker.instances.create', 'servicebroker.instances.delete', 'servicebroker.instances.get', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'servicebroker.instances.setIamPolicy', 'servicebroker.instances.update', 'serviceconsumermanagement.consumers.get', 'serviceconsumermanagement.quota.get', 'serviceconsumermanagement.quota.update', 'serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource', 'servicedirectory.endpoints.create', 'servicedirectory.endpoints.delete', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.setIamPolicy', 'servicedirectory.endpoints.update', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.setIamPolicy', 'servicedirectory.namespaces.update', 'servicedirectory.networks.attach', 'servicedirectory.services.bind', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicedirectory.services.setIamPolicy', 'servicedirectory.services.update', 'servicehealth.events.get', 'servicehealth.events.list', 'servicehealth.locations.get', 'servicehealth.locations.list', 'servicehealth.organizationEvents.get', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.get', 'servicehealth.organizationImpacts.list', 'servicehealth.statuses.get', 'servicemanagement.services.bind', 'servicemanagement.services.check', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.getIamPolicy', 'servicemanagement.services.list', 'servicemanagement.services.quota', 'servicemanagement.services.report', 'servicemanagement.services.setIamPolicy', 'servicemanagement.services.update', 'servicenetworking.operations.cancel', 'servicenetworking.operations.delete', 'servicenetworking.operations.get', 'servicenetworking.operations.list', 'servicenetworking.services.addDnsRecordSet', 'servicenetworking.services.addDnsZone', 'servicenetworking.services.addPeering', 'servicenetworking.services.addSubnetwork', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.getConsumerConfig', 'servicenetworking.services.listPeeredDnsDomains', 'servicenetworking.services.removeDnsRecordSet', 'servicenetworking.services.removeDnsZone', 'servicenetworking.services.updateConsumerConfig', 'servicenetworking.services.updateDnsRecordSet', 'servicenetworking.services.use', 'servicesecurityinsights.clusterSecurityInfo.get', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.policies.get', 'servicesecurityinsights.projectStates.get', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.securityViews.get', 'servicesecurityinsights.workloadPolicies.list', 'servicesecurityinsights.workloadSecurityInfo.get', 'serviceusage.apiKeys.regenerate', 'serviceusage.apiKeys.revert', 'serviceusage.quotas.get', 'serviceusage.quotas.update', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'source.repos.create', 'source.repos.delete', 'source.repos.get', 'source.repos.getIamPolicy', 'source.repos.getProjectConfig', 'source.repos.list', 'source.repos.setIamPolicy', 'source.repos.update', 'source.repos.updateProjectConfig', 'source.repos.updateRepoConfig', 'spanner.backupOperations.cancel', 'spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.create', 'spanner.backupSchedules.delete', 'spanner.backupSchedules.get', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backupSchedules.setIamPolicy', 'spanner.backupSchedules.update', 'spanner.backups.copy', 'spanner.backups.create', 'spanner.backups.delete', 'spanner.backups.get', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.backups.restoreDatabase', 'spanner.backups.setIamPolicy', 'spanner.backups.update', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databaseRoles.use', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.create', 'spanner.databases.createBackup', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.getDdl', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.setIamPolicy', 'spanner.databases.update', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.useDataBoost', 'spanner.databases.useRoleBasedAccess', 'spanner.databases.write', 'spanner.instanceConfigOperations.cancel', 'spanner.instanceConfigOperations.delete', 'spanner.instanceConfigOperations.get', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.create', 'spanner.instanceConfigs.delete', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instanceConfigs.update', 'spanner.instanceOperations.cancel', 'spanner.instanceOperations.delete', 'spanner.instanceOperations.get', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.cancel', 'spanner.instancePartitionOperations.delete', 'spanner.instancePartitionOperations.get', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.create', 'spanner.instancePartitions.delete', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instancePartitions.update', 'spanner.instances.create', 'spanner.instances.createTagBinding', 'spanner.instances.delete', 'spanner.instances.deleteTagBinding', 'spanner.instances.get', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.instances.setIamPolicy', 'spanner.instances.update', 'spanner.instances.updateTag', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'speakerid.phrases.create', 'speakerid.phrases.delete', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.settings.get', 'speakerid.settings.update', 'speakerid.speakers.create', 'speakerid.speakers.delete', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify', 'speech.adaptations.execute', 'speech.config.get', 'speech.config.update', 'speech.customClasses.create', 'speech.customClasses.delete', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.customClasses.undelete', 'speech.customClasses.update', 'speech.locations.get', 'speech.locations.list', 'speech.operations.cancel', 'speech.operations.delete', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.create', 'speech.phraseSets.delete', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.phraseSets.undelete', 'speech.phraseSets.update', 'speech.recognizers.create', 'speech.recognizers.delete', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize', 'speech.recognizers.undelete', 'speech.recognizers.update', 'stackdriver.projects.edit', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'stackdriver.resourceMetadata.write', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.hmacKeys.create', 'storage.hmacKeys.delete', 'storage.hmacKeys.get', 'storage.hmacKeys.list', 'storage.hmacKeys.update', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storageinsights.datasetConfigs.create', 'storageinsights.datasetConfigs.delete', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.linkDataset', 'storageinsights.datasetConfigs.list', 'storageinsights.datasetConfigs.unlinkDataset', 'storageinsights.datasetConfigs.update', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.cancel', 'storageinsights.operations.delete', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.create', 'storageinsights.reportConfigs.delete', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportConfigs.update', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list', 'storagetransfer.agentpools.create', 'storagetransfer.agentpools.delete', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.agentpools.report', 'storagetransfer.agentpools.update', 'storagetransfer.jobs.create', 'storagetransfer.jobs.delete', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.jobs.run', 'storagetransfer.jobs.update', 'storagetransfer.operations.assign', 'storagetransfer.operations.cancel', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.operations.pause', 'storagetransfer.operations.report', 'storagetransfer.operations.resume', 'storagetransfer.projects.getServiceAccount', 'stream.locations.get', 'stream.locations.list', 'stream.operations.cancel', 'stream.operations.delete', 'stream.operations.get', 'stream.operations.list', 'stream.streamContents.build', 'stream.streamContents.create', 'stream.streamContents.delete', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamContents.update', 'stream.streamInstances.create', 'stream.streamInstances.delete', 'stream.streamInstances.get', 'stream.streamInstances.list', 'stream.streamInstances.rollout', 'stream.streamInstances.update', 'subscribewithgoogledeveloper.tools.get', 'telcoautomation.blueprints.approve', 'telcoautomation.blueprints.create', 'telcoautomation.blueprints.delete', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.blueprints.propose', 'telcoautomation.blueprints.update', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.edgeSlms.create', 'telcoautomation.edgeSlms.delete', 'telcoautomation.edgeSlms.get', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.locations.get', 'telcoautomation.locations.list', 'telcoautomation.operations.cancel', 'telcoautomation.operations.delete', 'telcoautomation.operations.get', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.create', 'telcoautomation.orchestrationClusters.delete', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.get', 'telcoautomation.publicBlueprints.list', 'timeseriesinsights.datasets.create', 'timeseriesinsights.datasets.delete', 'timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.datasets.update', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list', 'tpu.acceleratortypes.get', 'tpu.acceleratortypes.list', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.create', 'tpu.nodes.delete', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.nodes.reimage', 'tpu.nodes.reset', 'tpu.nodes.simulateMaintenanceEvent', 'tpu.nodes.start', 'tpu.nodes.stop', 'tpu.nodes.update', 'tpu.operations.get', 'tpu.operations.list', 'tpu.runtimeversions.get', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.get', 'tpu.tensorflowversions.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics', 'transcoder.jobTemplates.create', 'transcoder.jobTemplates.delete', 'transcoder.jobTemplates.get', 'transcoder.jobTemplates.list', 'transcoder.jobs.create', 'transcoder.jobs.delete', 'transcoder.jobs.get', 'transcoder.jobs.list', 'transferappliance.appliances.create', 'transferappliance.appliances.delete', 'transferappliance.appliances.get', 'transferappliance.appliances.list', 'transferappliance.appliances.update', 'transferappliance.credentials.get', 'transferappliance.locations.get', 'transferappliance.locations.list', 'transferappliance.operations.cancel', 'transferappliance.operations.delete', 'transferappliance.operations.get', 'transferappliance.operations.list', 'transferappliance.orders.create', 'transferappliance.orders.delete', 'transferappliance.orders.get', 'transferappliance.orders.list', 'transferappliance.orders.update', 'transferappliance.savedAddresses.create', 'transferappliance.savedAddresses.delete', 'transferappliance.savedAddresses.get', 'transferappliance.savedAddresses.list', 'transferappliance.savedAddresses.update', 'translationhub.portals.create', 'translationhub.portals.delete', 'translationhub.portals.get', 'translationhub.portals.list', 'translationhub.portals.update', 'videostitcher.cdnKeys.create', 'videostitcher.cdnKeys.delete', 'videostitcher.cdnKeys.get', 'videostitcher.cdnKeys.list', 'videostitcher.cdnKeys.update', 'videostitcher.liveAdTagDetails.get', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.create', 'videostitcher.liveConfigs.delete', 'videostitcher.liveConfigs.get', 'videostitcher.liveConfigs.list', 'videostitcher.liveSessions.create', 'videostitcher.liveSessions.get', 'videostitcher.operations.cancel', 'videostitcher.operations.delete', 'videostitcher.operations.get', 'videostitcher.operations.list', 'videostitcher.slates.create', 'videostitcher.slates.delete', 'videostitcher.slates.get', 'videostitcher.slates.list', 'videostitcher.slates.update', 'videostitcher.vodAdTagDetails.get', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.create', 'videostitcher.vodConfigs.delete', 'videostitcher.vodConfigs.get', 'videostitcher.vodConfigs.list', 'videostitcher.vodConfigs.update', 'videostitcher.vodSessions.create', 'videostitcher.vodSessions.get', 'videostitcher.vodStitchDetails.get', 'videostitcher.vodStitchDetails.list', 'visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.analyses.setIamPolicy', 'visionai.analyses.update', 'visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.setIamPolicy', 'visionai.clusters.update', 'visionai.clusters.watch', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.events.setIamPolicy', 'visionai.events.update', 'visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.cancel', 'visionai.operations.delete', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operations.wait', 'visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.operators.setIamPolicy', 'visionai.operators.update', 'visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.processors.update', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.setIamPolicy', 'visionai.series.update', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.setIamPolicy', 'visionai.streams.update', 'visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list', 'visualinspection.annotationSets.create', 'visualinspection.annotationSets.delete', 'visualinspection.annotationSets.get', 'visualinspection.annotationSets.list', 'visualinspection.annotationSets.update', 'visualinspection.annotationSpecs.create', 'visualinspection.annotationSpecs.delete', 'visualinspection.annotationSpecs.get', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.create', 'visualinspection.annotations.delete', 'visualinspection.annotations.get', 'visualinspection.annotations.list', 'visualinspection.annotations.update', 'visualinspection.datasets.create', 'visualinspection.datasets.delete', 'visualinspection.datasets.export', 'visualinspection.datasets.get', 'visualinspection.datasets.import', 'visualinspection.datasets.list', 'visualinspection.datasets.update', 'visualinspection.images.delete', 'visualinspection.images.get', 'visualinspection.images.list', 'visualinspection.images.update', 'visualinspection.locations.get', 'visualinspection.locations.list', 'visualinspection.locations.reportUsageMetrics', 'visualinspection.modelEvaluations.get', 'visualinspection.modelEvaluations.list', 'visualinspection.models.create', 'visualinspection.models.delete', 'visualinspection.models.get', 'visualinspection.models.list', 'visualinspection.models.update', 'visualinspection.models.writePrediction', 'visualinspection.modules.create', 'visualinspection.modules.delete', 'visualinspection.modules.get', 'visualinspection.modules.list', 'visualinspection.modules.update', 'visualinspection.operations.get', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.create', 'visualinspection.solutionArtifacts.delete', 'visualinspection.solutionArtifacts.get', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutionArtifacts.predict', 'visualinspection.solutionArtifacts.update', 'visualinspection.solutions.create', 'visualinspection.solutions.delete', 'visualinspection.solutions.get', 'visualinspection.solutions.list', 'vmmigration.cloneJobs.create', 'vmmigration.cloneJobs.get', 'vmmigration.cloneJobs.list', 'vmmigration.cloneJobs.update', 'vmmigration.cutoverJobs.create', 'vmmigration.cutoverJobs.get', 'vmmigration.cutoverJobs.list', 'vmmigration.cutoverJobs.update', 'vmmigration.datacenterConnectors.create', 'vmmigration.datacenterConnectors.delete', 'vmmigration.datacenterConnectors.get', 'vmmigration.datacenterConnectors.list', 'vmmigration.datacenterConnectors.update', 'vmmigration.deployments.create', 'vmmigration.deployments.get', 'vmmigration.deployments.list', 'vmmigration.groups.create', 'vmmigration.groups.delete', 'vmmigration.groups.get', 'vmmigration.groups.list', 'vmmigration.groups.update', 'vmmigration.locations.get', 'vmmigration.locations.list', 'vmmigration.migratingVms.create', 'vmmigration.migratingVms.delete', 'vmmigration.migratingVms.get', 'vmmigration.migratingVms.list', 'vmmigration.migratingVms.update', 'vmmigration.operations.cancel', 'vmmigration.operations.delete', 'vmmigration.operations.get', 'vmmigration.operations.list', 'vmmigration.replicationCycles.get', 'vmmigration.replicationCycles.list', 'vmmigration.sources.create', 'vmmigration.sources.delete', 'vmmigration.sources.get', 'vmmigration.sources.list', 'vmmigration.sources.update', 'vmmigration.targets.create', 'vmmigration.targets.delete', 'vmmigration.targets.get', 'vmmigration.targets.list', 'vmmigration.targets.update', 'vmmigration.utilizationReports.create', 'vmmigration.utilizationReports.delete', 'vmmigration.utilizationReports.get', 'vmmigration.utilizationReports.list', 'vmwareengine.clusters.create', 'vmwareengine.clusters.delete', 'vmwareengine.clusters.get', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.clusters.setIamPolicy', 'vmwareengine.clusters.update', 'vmwareengine.dnsBindPermission.get', 'vmwareengine.dnsBindPermission.grant', 'vmwareengine.dnsBindPermission.revoke', 'vmwareengine.dnsForwarding.get', 'vmwareengine.dnsForwarding.update', 'vmwareengine.externalAccessRules.create', 'vmwareengine.externalAccessRules.delete', 'vmwareengine.externalAccessRules.get', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAccessRules.update', 'vmwareengine.externalAddresses.create', 'vmwareengine.externalAddresses.delete', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.externalAddresses.update', 'vmwareengine.hcxActivationKeys.create', 'vmwareengine.hcxActivationKeys.get', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.hcxActivationKeys.setIamPolicy', 'vmwareengine.locations.get', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.create', 'vmwareengine.loggingServers.delete', 'vmwareengine.loggingServers.get', 'vmwareengine.loggingServers.list', 'vmwareengine.loggingServers.update', 'vmwareengine.managementDnsZoneBindings.create', 'vmwareengine.managementDnsZoneBindings.delete', 'vmwareengine.managementDnsZoneBindings.get', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.managementDnsZoneBindings.repair', 'vmwareengine.managementDnsZoneBindings.update', 'vmwareengine.networkPeerings.create', 'vmwareengine.networkPeerings.delete', 'vmwareengine.networkPeerings.get', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPeerings.listPeeringRoutes', 'vmwareengine.networkPeerings.update', 'vmwareengine.networkPolicies.create', 'vmwareengine.networkPolicies.delete', 'vmwareengine.networkPolicies.fetchExternalAddresses', 'vmwareengine.networkPolicies.get', 'vmwareengine.networkPolicies.list', 'vmwareengine.networkPolicies.update', 'vmwareengine.nodeTypes.get', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list', 'vmwareengine.operations.delete', 'vmwareengine.operations.get', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.create', 'vmwareengine.privateClouds.delete', 'vmwareengine.privateClouds.get', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateClouds.resetNsxCredentials', 'vmwareengine.privateClouds.resetVcenterCredentials', 'vmwareengine.privateClouds.setIamPolicy', 'vmwareengine.privateClouds.showNsxCredentials', 'vmwareengine.privateClouds.showVcenterCredentials', 'vmwareengine.privateClouds.undelete', 'vmwareengine.privateClouds.update', 'vmwareengine.privateConnections.create', 'vmwareengine.privateConnections.delete', 'vmwareengine.privateConnections.get', 'vmwareengine.privateConnections.list', 'vmwareengine.privateConnections.listPeeringRoutes', 'vmwareengine.privateConnections.update', 'vmwareengine.projectState.get', 'vmwareengine.services.use', 'vmwareengine.services.view', 'vmwareengine.subnets.get', 'vmwareengine.subnets.list', 'vmwareengine.subnets.update', 'vmwareengine.vmwareEngineNetworks.create', 'vmwareengine.vmwareEngineNetworks.delete', 'vmwareengine.vmwareEngineNetworks.get', 'vmwareengine.vmwareEngineNetworks.list', 'vmwareengine.vmwareEngineNetworks.update', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.connectors.update', 'vpcaccess.connectors.use', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list', 'workflows.callbacks.list', 'workflows.callbacks.send', 'workflows.executions.cancel', 'workflows.executions.create', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.cancel', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision', 'workflows.workflows.update', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.cancel', 'workloadcertificate.operations.delete', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadCertificateFeature.update', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.delete', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list', 'workloadcertificate.workloadRegistrations.update', 'workloadmanager.actuations.create', 'workloadmanager.actuations.delete', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.create', 'workloadmanager.deployments.delete', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.insights.export', 'workloadmanager.insights.listSapSystems', 'workloadmanager.insights.write', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.cancel', 'workloadmanager.operations.delete', 'workloadmanager.operations.get', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list', 'workstations.operations.get', 'workstations.workstationClusters.create', 'workstations.workstationClusters.delete', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationClusters.update', 'workstations.workstationConfigs.create', 'workstations.workstationConfigs.delete', 'workstations.workstationConfigs.get', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstationConfigs.setIamPolicy', 'workstations.workstationConfigs.update', 'workstations.workstations.create', 'workstations.workstations.delete', 'workstations.workstations.get', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list', 'workstations.workstations.setIamPolicy', 'workstations.workstations.start', 'workstations.workstations.stop', 'workstations.workstations.update']
Copy Permissions GA
roles/parallelstore.serviceAgent
Gives the Parallelstore service agent ability to access customer resources.
Parallelstore Service Agent
['resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.patchJobExecutor
Access to execute Patch Jobs.
Patch Job Executor
['osconfig.patchJobs.exec', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.patchJobViewer
Get and list Patch Jobs.
Patch Job Viewer
['osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.patchDeploymentAdmin
Full admin access to PatchDeployments
PatchDeployment Admin
['osconfig.patchDeployments.create', 'osconfig.patchDeployments.delete', 'osconfig.patchDeployments.execute', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchDeployments.pause', 'osconfig.patchDeployments.resume', 'osconfig.patchDeployments.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.patchDeploymentViewer
Viewer of PatchDeployment resources
PatchDeployment Viewer
['osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/paymentsresellersubscription.partnerAdmin
Full access to all Payments Reseller resources, including subscriptions, products and promotions
Payments Reseller Admin
['paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'paymentsresellersubscription.subscriptions.cancel', 'paymentsresellersubscription.subscriptions.extend', 'paymentsresellersubscription.subscriptions.get', 'paymentsresellersubscription.subscriptions.provision', 'paymentsresellersubscription.subscriptions.undoCancel', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/paymentsresellersubscription.productViewer
Read access to Payments Reseller Product resource
Payments Reseller Products Viewer
['paymentsresellersubscription.products.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/paymentsresellersubscription.promotionViewer
Read access to Payments Reseller Promotion resource
Payments Reseller Promotions Viewer
['paymentsresellersubscription.promotions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/paymentsresellersubscription.subscriptionEditor
Write access to Payments Reseller Subscription resource
Payments Reseller Subscriptions Editor
['paymentsresellersubscription.subscriptions.cancel', 'paymentsresellersubscription.subscriptions.extend', 'paymentsresellersubscription.subscriptions.get', 'paymentsresellersubscription.subscriptions.provision', 'paymentsresellersubscription.subscriptions.undoCancel', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/paymentsresellersubscription.subscriptionViewer
Read access to Payments Reseller Subscription resource
Payments Reseller Subscriptions Viewer
['paymentsresellersubscription.subscriptions.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/paymentsresellersubscription.partnerViewer
Read access to all Payments Reseller resources, including subscriptions, products and promotions
Payments Reseller Viewer
['paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'paymentsresellersubscription.subscriptions.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/servicehealth.viewer
Readonly access to Personalized Service Health resources.
Personalized Service Health Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicehealth.events.get', 'servicehealth.events.list', 'servicehealth.locations.get', 'servicehealth.locations.list', 'servicehealth.organizationEvents.get', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.get', 'servicehealth.organizationImpacts.list', 'servicehealth.statuses.get']
Copy Permissions GA
roles/policyremediatormanager.policyRemediatorAdmin
Grants the ability to enable and disable the usage of the policy remediator for the organization
Policy Remediator Admin
['policyremediatormanager.locations.get', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.cancel', 'policyremediatormanager.operations.delete', 'policyremediatormanager.operations.get', 'policyremediatormanager.operations.list', 'policyremediatormanager.remediatorServices.disable', 'policyremediatormanager.remediatorServices.enable', 'policyremediatormanager.remediatorServices.get']
Copy Permissions BETA
roles/policyremediatormanager.policyRemediatorReader
Grants the ability to read/view the state of the policy remediator for the organization
Policy Remediator Reader
['policyremediatormanager.locations.get', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.get', 'policyremediatormanager.operations.list', 'policyremediatormanager.remediatorServices.get']
Copy Permissions BETA
roles/datacatalog.categoryAdmin
Manage taxonomies
Policy Tag Admin
['datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'datacatalog.taxonomies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.principalAccessBoundaryAdmin
Principal Access Boundary admin role, with permissions to read and modify principal access boundary policies, and to bind and unbind principal access boundary policies to targets. Also includes permissions to read principal authorization activities analysis and permissions to list assets from Cloud Asset Inventory
Principal Access Boundary Policy Admin
['cloudasset.assets.listResource', 'iam.principalaccessboundarypolicies.bind', 'iam.principalaccessboundarypolicies.create', 'iam.principalaccessboundarypolicies.delete', 'iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.searchPolicyBindings', 'iam.principalaccessboundarypolicies.unbind', 'iam.principalaccessboundarypolicies.update']
Copy Permissions BETA
roles/iam.principalAccessBoundaryUser
Principal Access Boundary Policies user role, with permissions to view principal access boundary policies, and to bind and unbind principal access boundary policies to targets
Principal Access Boundary Policy User
['iam.principalaccessboundarypolicies.bind', 'iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.unbind']
Copy Permissions BETA
roles/iam.principalAccessBoundaryViewer
Principal Access Boundary Reviewer role, with permissions to read principal access boundary policies and view associated policy bindings
Principal Access Boundary Policy Viewer
['iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.searchPolicyBindings']
Copy Permissions BETA
roles/logging.privateLogViewer
Access to view all logs, including logs with private contents.
Private Logs Viewer
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.access', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get']
Copy Permissions GA
roles/servicedirectory.pscAuthorizedService
Gives access to VPC Networks via Service Directory
Private Service Connect Authorized Service
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.networks.access']
Copy Permissions GA
roles/privilegedaccessmanager.admin
Full access to Privileged Access Manager resources.
Privileged Access Manager Admin
['privilegedaccessmanager.entitlements.create', 'privilegedaccessmanager.entitlements.delete', 'privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.entitlements.setIamPolicy', 'privilegedaccessmanager.entitlements.update', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.grants.revoke', 'privilegedaccessmanager.locations.checkOnboardingStatus', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.delete', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/privilegedaccessmanager.approver
Access to Approve/Deny Privileged Access Manager Grants.
Privileged Access Manager Approver
['privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.grants.approve', 'privilegedaccessmanager.grants.deny', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list']
Copy Permissions ALPHA
roles/privilegedaccessmanager.folderServiceAgent
Gives privileged access manager service account access to modify IAM policies on GCP folders
Privileged Access Manager Folder Service Agent
['resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.setIamPolicy']
Copy Permissions GA
roles/privilegedaccessmanager.organizationServiceAgent
Gives privileged access manager service account access to modify IAM policies on GCP organizations
Privileged Access Manager Organization Service Agent
['resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.setIamPolicy']
Copy Permissions GA
roles/privilegedaccessmanager.projectServiceAgent
Gives privileged access manager service account access to modify IAM policies on GCP projects
Privileged Access Manager Project Service Agent
['resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy']
Copy Permissions GA
roles/privilegedaccessmanager.requester
Access to request Privileged Access Manager Grants.
Privileged Access Manager Requester
['privilegedaccessmanager.grants.create']
Copy Permissions BETA
roles/privilegedaccessmanager.serviceAgent
Gives privileged access manager service account access to modify IAM policies on GCP resources
Privileged Access Manager Service Agent
['resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy']
Copy Permissions GA
roles/privilegedaccessmanager.viewer
Readonly access to Privileged Access Manager resources.
Privileged Access Manager Viewer
['privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/recommender.productSuggestionAdmin
Admin of all Product Suggestion insights and recommendations.
Product Suggestion Recommenders Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerInsights.update', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.loggingProductSuggestionContainerRecommendations.update', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeInsights.update', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.monitoringProductSuggestionComputeRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.productSuggestionViewer
Viewer of all Product Suggestion insights and recommendations.
Product Suggestion Recommenders Viewer
['recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/progressiverollout.serviceAgent
Gives Progressive Rollout the ability to roll out a customer change.
Progressive Rollout Service Agent
['cloudasset.assets.searchAllResources']
Copy Permissions GA
roles/billing.projectManager
Can assign a project's billing account or disable its billing.
Project Billing Manager
['resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.deleteBillingAssignment']
Copy Permissions GA
roles/resourcemanager.projectCreator
Access to create new GCP projects.
Project Creator
['resourcemanager.organizations.get', 'resourcemanager.projects.create']
Copy Permissions GA
roles/resourcemanager.projectDeleter
Access to delete GCP projects.
Project Deleter
['resourcemanager.projects.delete']
Copy Permissions GA
roles/osconfig.projectFeatureSettingsEditor
Read/write access to project feature settings
Project Feature Settings Editor
['osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/osconfig.projectFeatureSettingsViewer
Read access to project feature settings
Project Feature Settings Viewer
['osconfig.projectFeatureSettings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/resourcemanager.projectIamAdmin
Access and administer a project IAM policies.
Project IAM Admin
['iam.policybindings.get', 'iam.policybindings.list', 'resourcemanager.projects.createPolicyBinding', 'resourcemanager.projects.deletePolicyBinding', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.projects.updatePolicyBinding']
Copy Permissions GA
roles/resourcemanager.lienModifier
Access to modify Liens on projects.
Project Lien Modifier
['resourcemanager.projects.updateLiens']
Copy Permissions GA
roles/resourcemanager.projectMover
Access to update and move a project
Project Mover
['resourcemanager.projects.get', 'resourcemanager.projects.move', 'resourcemanager.projects.update']
Copy Permissions GA
roles/recommender.projectCudAdmin
Admin of Project Usage Commitment Recommender.
Project Usage Commitment Recommender Admin
['recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.projectCudViewer
Viewer of Project Usage Commitment Recommender.
Project Usage Commitment Recommender Viewer
['recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.projectUtilAdmin
Admin of Project Utilization insights and recommendations.
Project Utilization Recommender Admin
['recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationInsights.update', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.update', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.projectUtilViewer
Viewer of Project Utilization insights and recommendations.
Project Utilization Recommender Viewer
['recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/pubsub.admin
Full access to topics, subscriptions, and snapshots.
Pub/Sub Admin
['pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/pubsub.editor
Modify topics and subscriptions, publish and consume messages.
Pub/Sub Editor
['pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/pubsublite.admin
Full access to topics, subscriptions and reservations.
Pub/Sub Lite Admin
['pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.attachTopic', 'pubsublite.reservations.create', 'pubsublite.reservations.delete', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.reservations.update', 'pubsublite.subscriptions.create', 'pubsublite.subscriptions.delete', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.subscriptions.seek', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.subscriptions.update', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.create', 'pubsublite.topics.delete', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions', 'pubsublite.topics.publish', 'pubsublite.topics.subscribe', 'pubsublite.topics.update']
Copy Permissions GA
roles/pubsublite.editor
Modify topics, subscriptions and reservations, publish and consume messages.
Pub/Sub Lite Editor
['pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.attachTopic', 'pubsublite.reservations.create', 'pubsublite.reservations.delete', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.reservations.update', 'pubsublite.subscriptions.create', 'pubsublite.subscriptions.delete', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.subscriptions.seek', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.subscriptions.update', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.create', 'pubsublite.topics.delete', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions', 'pubsublite.topics.publish', 'pubsublite.topics.subscribe', 'pubsublite.topics.update']
Copy Permissions GA
roles/pubsublite.publisher
Publish messages to a topic.
Pub/Sub Lite Publisher
['pubsublite.locations.openKafkaStream', 'pubsublite.topics.getPartitions', 'pubsublite.topics.publish']
Copy Permissions GA
roles/pubsublite.serviceAgent
Grants Pub/Sub Lite Service Agent access to project resources.
Pub/Sub Lite Service Agent
['pubsub.topics.publish', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.getPartitions', 'pubsublite.topics.publish', 'pubsublite.topics.subscribe']
Copy Permissions GA
roles/pubsublite.subscriber
Subscribe to and read messages from a topic.
Pub/Sub Lite Subscriber
['pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.seek', 'pubsublite.subscriptions.setCursor', 'pubsublite.subscriptions.subscribe', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.getPartitions', 'pubsublite.topics.subscribe']
Copy Permissions GA
roles/pubsublite.viewer
View topics, subscriptions and reservations.
Pub/Sub Lite Viewer
['pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions']
Copy Permissions GA
roles/pubsub.publisher
Publish messages to a topic.
Pub/Sub Publisher
['pubsub.topics.publish']
Copy Permissions GA
roles/pubsub.subscriber
Consume messages from a subscription, attach subscriptions to a topic, and seek to a snapshot.
Pub/Sub Subscriber
['pubsub.snapshots.seek', 'pubsub.subscriptions.consume', 'pubsub.topics.attachSubscription']
Copy Permissions GA
roles/pubsub.viewer
View topics, subscriptions, and snapshots.
Pub/Sub Viewer
['pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/servicemanagement.quotaAdmin
Access to administer service quotas.
Quota Administrator
['cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.timeSeries.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.quotas.update', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/servicemanagement.quotaViewer
Access to view service quotas.
Quota Viewer
['cloudquotas.quotas.get', 'monitoring.timeSeries.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/rma.admin
Full access to Rapid Migration Assessment all resources.
Rapid Migration Assessment Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'rma.annotations.create', 'rma.annotations.get', 'rma.collectors.create', 'rma.collectors.delete', 'rma.collectors.get', 'rma.collectors.list', 'rma.collectors.update', 'rma.locations.get', 'rma.locations.list', 'rma.operations.cancel', 'rma.operations.delete', 'rma.operations.get', 'rma.operations.list']
Copy Permissions GA
roles/rma.runner
Update and Read access to Rapid Migration Assessment all resources.
Rapid Migration Assessment Runner
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'rma.annotations.get', 'rma.collectors.get', 'rma.collectors.list', 'rma.collectors.update', 'rma.locations.get', 'rma.locations.list', 'rma.operations.get', 'rma.operations.list']
Copy Permissions GA
roles/rma.viewer
Read-only access to Rapid Migration Assessment all resources.
Rapid Migration Assessment Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'rma.annotations.get', 'rma.collectors.get', 'rma.collectors.list', 'rma.locations.get', 'rma.locations.list', 'rma.operations.get', 'rma.operations.list']
Copy Permissions GA
roles/bigquerydatapolicy.rawDataReader
Raw read access to sub-resources associated with a data policy, for example, BigQuery columns
Raw Data Reader
['bigquery.dataPolicies.getRawData']
Copy Permissions BETA
roles/recaptchaenterprise.admin
Access to view and modify reCAPTCHA Enterprise keys
reCAPTCHA Enterprise Admin
['monitoring.timeSeries.list', 'recaptchaenterprise.firewallpolicies.create', 'recaptchaenterprise.firewallpolicies.delete', 'recaptchaenterprise.firewallpolicies.get', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.firewallpolicies.update', 'recaptchaenterprise.keys.create', 'recaptchaenterprise.keys.delete', 'recaptchaenterprise.keys.get', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.keys.retrievelegacysecretkey', 'recaptchaenterprise.keys.update', 'recaptchaenterprise.metrics.get', 'recaptchaenterprise.projectmetadata.get', 'recaptchaenterprise.projectmetadata.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recaptchaenterprise.agent
Access to create and annotate reCAPTCHA Enterprise assessments
reCAPTCHA Enterprise Agent
['recaptchaenterprise.assessments.annotate', 'recaptchaenterprise.assessments.create', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recaptchaenterprise.viewer
Access to view reCAPTCHA Enterprise keys and metrics
reCAPTCHA Enterprise Viewer
['monitoring.timeSeries.list', 'recaptchaenterprise.firewallpolicies.get', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.keys.get', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.metrics.get', 'recaptchaenterprise.projectmetadata.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.recentchangeriskAdmin
Admin of Recent Change Risk Insights and Recommendations.
Recent Change Risk Recommender Admin
['recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeInsights.update', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudRecentChangeRecommendations.update', 'recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudRecentChangeRecommenderConfig.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.recentchangeriskViewer
Viewer of Recent Change Risk Insights and Recommendations.
Recent Change Risk Recommender Viewer
['recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.recentChangeConfigAdmin
Admin of RecentChange RecommenderConfigs.
RecentChange RecommenderConfig Admin
['recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudRecentChangeRecommenderConfig.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/automlrecommendations.admin
Full access to all Recommendations AI resources.
Recommendations AI Admin
['automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.delete', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.catalogs.update', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.create', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.events.purge', 'automlrecommendations.events.rejoin', 'automlrecommendations.placements.create', 'automlrecommendations.placements.delete', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.delete', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.purge', 'retail.products.update', 'retail.retailProjects.get', 'retail.userEvents.create', 'retail.userEvents.import', 'retail.userEvents.purge', 'retail.userEvents.rejoin', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/automlrecommendations.adminViewer
Viewer of all Recommendations AI resources.
Recommendations AI Admin Viewer
['automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'retail.catalogs.list', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.export', 'retail.products.get', 'retail.products.list', 'retail.retailProjects.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/automlrecommendations.editor
Editor of all Recommendations AI resources.
Recommendations AI Editor
['automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.create', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.placements.create', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.update', 'retail.retailProjects.get', 'retail.userEvents.create', 'retail.userEvents.import', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/automlrecommendations.serviceAgent
Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.
Recommendations AI Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.update', 'bigquery.tables.updateData', 'cloudnotifications.activities.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/automlrecommendations.viewer
Viewer of all Recommendations AI resources except automlrecommendations.apiKeys. To have all read access use Recommendations AI Admin Viewer role instead.
Recommendations AI Viewer
['automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'retail.catalogs.list', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.export', 'retail.products.get', 'retail.products.list', 'retail.retailProjects.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions BETA
roles/recommender.exporter
Exporter of Recommendations
Recommendations Exporter
['recommender.resources.export']
Copy Permissions GA
roles/recommender.viewer
Enables Get and List operations.
Recommender Viewer
['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceIdleResourceRecommenderConfig.get', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.get', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.get', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'resourcemanager.projects.get']
Copy Permissions GA
roles/redisenterprisecloud.admin
This role is managed by Redis Labs, not Google.
Redis Enterprise Cloud Admin
['gcp.redisenterprise.com/databases.create', 'gcp.redisenterprise.com/databases.delete', 'gcp.redisenterprise.com/databases.get', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/databases.update', 'gcp.redisenterprise.com/subscriptions.create', 'gcp.redisenterprise.com/subscriptions.delete', 'gcp.redisenterprise.com/subscriptions.get', 'gcp.redisenterprise.com/subscriptions.list', 'gcp.redisenterprise.com/subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/redisenterprisecloud.viewer
This role is managed by Redis Labs, not Google.
Redis Enterprise Cloud Viewer
['gcp.redisenterprise.com/databases.get', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/subscriptions.get', 'gcp.redisenterprise.com/subscriptions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/networkconnectivity.regionalEndpointAdmin
Full access to all Regional Endpoint resources.
Regional Endpoint Admin
['networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.regionalEndpointViewer
Read-only access to all Regional Endpoint resources.
Regional Endpoint Viewer
['networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/remotebuildexecution.actionCacheWriter
Remote Build Execution Action Cache Writer
Remote Build Execution Action Cache Writer
['remotebuildexecution.actions.set', 'remotebuildexecution.blobs.create']
Copy Permissions BETA
roles/remotebuildexecution.artifactAdmin
Remote Build Execution Artifact Admin
Remote Build Execution Artifact Admin
['remotebuildexecution.actions.create', 'remotebuildexecution.actions.delete', 'remotebuildexecution.actions.get', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.get', 'remotebuildexecution.logstreams.update']
Copy Permissions BETA
roles/remotebuildexecution.artifactCreator
Remote Build Execution Artifact Creator
Remote Build Execution Artifact Creator
['remotebuildexecution.actions.create', 'remotebuildexecution.actions.get', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.get', 'remotebuildexecution.logstreams.update']
Copy Permissions BETA
roles/remotebuildexecution.artifactViewer
Remote Build Execution Artifact Viewer
Remote Build Execution Artifact Viewer
['remotebuildexecution.actions.get', 'remotebuildexecution.blobs.get', 'remotebuildexecution.logstreams.get']
Copy Permissions BETA
roles/remotebuildexecution.configurationAdmin
Remote Build Execution Configuration Admin
Remote Build Execution Configuration Admin
['remotebuildexecution.instances.create', 'remotebuildexecution.instances.delete', 'remotebuildexecution.instances.get', 'remotebuildexecution.instances.list', 'remotebuildexecution.instances.update', 'remotebuildexecution.workerpools.create', 'remotebuildexecution.workerpools.delete', 'remotebuildexecution.workerpools.get', 'remotebuildexecution.workerpools.list', 'remotebuildexecution.workerpools.update']
Copy Permissions BETA
roles/remotebuildexecution.configurationViewer
Remote Build Execution Configuration Viewer
Remote Build Execution Configuration Viewer
['remotebuildexecution.instances.get', 'remotebuildexecution.instances.list', 'remotebuildexecution.workerpools.get', 'remotebuildexecution.workerpools.list']
Copy Permissions BETA
roles/remotebuildexecution.logstreamWriter
Remote Build Execution Logstream Writer
Remote Build Execution Logstream Writer
['remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.update']
Copy Permissions BETA
roles/remotebuildexecution.reservationAdmin
Remote Build Execution Reservation Admin
Remote Build Execution Reservation Admin
['remotebuildexecution.actions.create', 'remotebuildexecution.actions.delete', 'remotebuildexecution.actions.get']
Copy Permissions BETA
roles/remotebuildexecution.serviceAgent
Gives Remote Build Execution service account access to managed resources.
Remote Build Execution Service Agent
['remotebuildexecution.actions.update', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.botsessions.create', 'remotebuildexecution.botsessions.update', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.update']
Copy Permissions GA
roles/remotebuildexecution.worker
Remote Build Execution Worker
Remote Build Execution Worker
['remotebuildexecution.actions.update', 'remotebuildexecution.blobs.create', 'remotebuildexecution.blobs.get', 'remotebuildexecution.botsessions.create', 'remotebuildexecution.botsessions.update', 'remotebuildexecution.logstreams.create', 'remotebuildexecution.logstreams.update']
Copy Permissions BETA
roles/remotingcloud.serviceAgent
Grants Chrome Remote Desktop Service Agent access to Google Compute Engine metadata.
Remoting Cloud Service Agent
['compute.projects.get']
Copy Permissions GA
roles/cloudaicompanion.repositoryGroupsUser
Grants Read/Use access to the Code Repository Indexes Repository Group.
Repository Groups User
['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.use']
Copy Permissions BETA
roles/resourcesettings.admin
Provides admin capabilities to set Resource Setting Values on resources.
Resource Settings Administrator
['resourcesettings.settings.get', 'resourcesettings.settings.list', 'resourcesettings.settings.update']
Copy Permissions GA
roles/resourcesettings.viewer
Provides capabilities to view Resource Settings and Resource Setting Values on resources.
Resource Settings Viewer
['resourcesettings.settings.get', 'resourcesettings.settings.list']
Copy Permissions GA
roles/retail.admin
Full access to Retail api resources.
Retail Admin
['automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.delete', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.catalogs.update', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.events.create', 'automlrecommendations.events.list', 'automlrecommendations.events.purge', 'automlrecommendations.events.rejoin', 'automlrecommendations.placements.create', 'automlrecommendations.placements.delete', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.delete', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'retail.alertConfigs.get', 'retail.alertConfigs.update', 'retail.attributesConfigs.addCatalogAttribute', 'retail.attributesConfigs.batchRemoveCatalogAttributes', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.attributesConfigs.importCatalogAttributes', 'retail.attributesConfigs.removeCatalogAttribute', 'retail.attributesConfigs.replaceCatalogAttribute', 'retail.attributesConfigs.update', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.import', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.controls.create', 'retail.controls.delete', 'retail.controls.export', 'retail.controls.get', 'retail.controls.import', 'retail.controls.list', 'retail.controls.update', 'retail.experiments.create', 'retail.experiments.delete', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.experiments.update', 'retail.models.create', 'retail.models.delete', 'retail.models.get', 'retail.models.list', 'retail.models.pause', 'retail.models.resume', 'retail.models.tune', 'retail.models.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.purge', 'retail.products.setSponsorship', 'retail.products.update', 'retail.retailProjects.get', 'retail.servingConfigs.create', 'retail.servingConfigs.delete', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search', 'retail.servingConfigs.update', 'retail.userEvents.create', 'retail.userEvents.import', 'retail.userEvents.purge', 'retail.userEvents.rejoin']
Copy Permissions GA
roles/retail.editor
Full access to Retail api resources except purge, rejoin, and setSponsorship.
Retail Editor
['automlrecommendations.apiKeys.create', 'automlrecommendations.apiKeys.delete', 'automlrecommendations.catalogItems.create', 'automlrecommendations.catalogItems.delete', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogItems.update', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.catalogs.update', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.events.create', 'automlrecommendations.events.list', 'automlrecommendations.placements.create', 'automlrecommendations.placements.delete', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.create', 'automlrecommendations.recommendations.delete', 'automlrecommendations.recommendations.list', 'automlrecommendations.recommendations.pause', 'automlrecommendations.recommendations.resume', 'automlrecommendations.recommendations.update', 'retail.alertConfigs.get', 'retail.alertConfigs.update', 'retail.attributesConfigs.addCatalogAttribute', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.attributesConfigs.importCatalogAttributes', 'retail.attributesConfigs.replaceCatalogAttribute', 'retail.attributesConfigs.update', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.import', 'retail.catalogs.list', 'retail.catalogs.update', 'retail.controls.create', 'retail.controls.delete', 'retail.controls.export', 'retail.controls.get', 'retail.controls.import', 'retail.controls.list', 'retail.controls.update', 'retail.experiments.create', 'retail.experiments.delete', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.experiments.update', 'retail.models.create', 'retail.models.delete', 'retail.models.get', 'retail.models.list', 'retail.models.pause', 'retail.models.resume', 'retail.models.tune', 'retail.models.update', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.create', 'retail.products.delete', 'retail.products.export', 'retail.products.get', 'retail.products.import', 'retail.products.list', 'retail.products.update', 'retail.retailProjects.get', 'retail.servingConfigs.create', 'retail.servingConfigs.delete', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search', 'retail.servingConfigs.update', 'retail.userEvents.create', 'retail.userEvents.import']
Copy Permissions GA
roles/retail.serviceAgent
Retail service uploads product feeds and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.
Retail Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.update', 'bigquery.tables.updateData', 'cloudnotifications.activities.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/retail.viewer
Grants access to read all resources in Retail.
Retail Viewer
['automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.events.list', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'retail.alertConfigs.get', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.list', 'retail.controls.export', 'retail.controls.get', 'retail.controls.list', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.models.get', 'retail.models.list', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.export', 'retail.products.get', 'retail.products.list', 'retail.retailProjects.get', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search']
Copy Permissions GA
roles/riscconfigs.admin
Read/write access to RISC config resources.
RISC Configuration Admin
['clientauthconfig.clients.list', 'riscconfigurationservice.riscconfigs.createOrUpdate', 'riscconfigurationservice.riscconfigs.delete', 'riscconfigurationservice.riscconfigs.get']
Copy Permissions BETA
roles/riscconfigs.viewer
Read-only access to RISC config resources.
RISC Configuration Viewer
['clientauthconfig.clients.list', 'riscconfigurationservice.riscconfigs.get']
Copy Permissions BETA
roles/riskmanager.admin
Grants all Risk Manager permissions
Risk Manager Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.delete', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.create', 'riskmanager.reports.delete', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.reports.review', 'riskmanager.reports.share', 'riskmanager.serviceAccount.create', 'riskmanager.settings.get', 'riskmanager.settings.update']
Copy Permissions BETA
roles/riskmanager.editor
Access to edit Risk Manager resources
Risk Manager Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.delete', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.create', 'riskmanager.reports.delete', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.serviceAccount.create', 'riskmanager.settings.get', 'riskmanager.settings.update']
Copy Permissions BETA
roles/riskmanager.reviewer
Access to review Risk Manager reports
Risk Manager Report Reviewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.reports.review']
Copy Permissions BETA
roles/riskmanager.serviceAgent
Service agent that grants Risk Manager service access to fetch findings for generating Reports
Risk Manager Service Agent
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.findingexplanations.get', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.organizationsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.securitycentersettings.get', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/riskmanager.viewer
Access to view Risk Manager resources
Risk Manager Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.settings.get']
Copy Permissions BETA
roles/rapidmigrationassessment.serviceAgent
Gives RMA service account access to MC resources.
RMA Service Agent
['autoscaling.sites.writeMetrics', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'logging.logEntries.create', 'migrationcenter.assets.list', 'migrationcenter.assets.reportFrames', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.sources.create', 'migrationcenter.sources.delete', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'migrationcenter.sources.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get']
Copy Permissions GA
roles/iam.roleAdmin
Access to administer all custom roles in the project.
Role Administrator
['iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.undelete', 'iam.roles.update', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions GA
roles/iam.roleViewer
Read access to all custom roles in the project.
Role Viewer
['iam.roles.get', 'iam.roles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy']
Copy Permissions GA
roles/routeoptimization.editor
This role can create long-running operations via BatchOptimizeTours.
Route Optimization Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'routeoptimization.locations.use', 'routeoptimization.operations.create', 'routeoptimization.operations.get']
Copy Permissions GA
roles/routeoptimization.serviceAgent
Grants Route Optimization Service Account access to read and write GCS objects in the host project.
Route Optimization Service Agent
['storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/routeoptimization.viewer
This role can view any long-running Operations.
Route Optimization Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'routeoptimization.operations.get']
Copy Permissions GA
roles/seclm.serviceAgent
Service agent used by SecLM to access resources used by SecLM Workbenches.
SecLM Service Agent
['aiplatform.endpoints.predict', 'aiplatform.locations.get', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.servingConfigs.search']
Copy Permissions GA
roles/secretmanager.admin
Full access to administer Secret Manager resources.
Secret Manager Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.locations.get', 'secretmanager.locations.list', 'secretmanager.secrets.create', 'secretmanager.secrets.createTagBinding', 'secretmanager.secrets.delete', 'secretmanager.secrets.deleteTagBinding', 'secretmanager.secrets.get', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'secretmanager.secrets.setIamPolicy', 'secretmanager.secrets.update', 'secretmanager.versions.access', 'secretmanager.versions.add', 'secretmanager.versions.destroy', 'secretmanager.versions.disable', 'secretmanager.versions.enable', 'secretmanager.versions.get', 'secretmanager.versions.list']
Copy Permissions GA
roles/secretmanager.secretAccessor
Allows accessing the payload of secrets.
Secret Manager Secret Accessor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.versions.access']
Copy Permissions GA
roles/secretmanager.secretVersionAdder
Allows adding versions to existing secrets.
Secret Manager Secret Version Adder
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.versions.add']
Copy Permissions GA
roles/secretmanager.secretVersionManager
Allows creating and managing versions of existing secrets.
Secret Manager Secret Version Manager
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.versions.add', 'secretmanager.versions.destroy', 'secretmanager.versions.disable', 'secretmanager.versions.enable', 'secretmanager.versions.get', 'secretmanager.versions.list']
Copy Permissions GA
roles/secretmanager.viewer
Allows viewing metadata of all Secret Manager resources
Secret Manager Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'secretmanager.locations.get', 'secretmanager.locations.list', 'secretmanager.secrets.get', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'secretmanager.versions.get', 'secretmanager.versions.list']
Copy Permissions GA
roles/securesourcemanager.admin
Full access to all Secure Source Manager resources.
Secure Source Manager Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions BETA
roles/securesourcemanager.instanceAccessor
An instance accessor can access an instance, but not necessarily create resources in the instance.
Secure Source Manager Instance Accessor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions BETA
roles/securesourcemanager.instanceManager
Read-write access to all Secure Source Manager resources (full control except for the ability to modify permissions).
Secure Source Manager Instance Manager
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.list', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions BETA
roles/securesourcemanager.instanceOwner
Full control over Secure Source Manager instances, including listing, creating, and deleting them. Also enables instance user management.
Secure Source Manager Instance Owner
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.create', 'securesourcemanager.instances.createRepository', 'securesourcemanager.instances.delete', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.cancel', 'securesourcemanager.operations.delete', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.createAny', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.deleteAny', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny']
Copy Permissions BETA
roles/securesourcemanager.instanceRepositoryCreator
An instance repository creator can connect to a Cloud Git instance via IAP (HTTPS) and create repositories in the instance.
Secure Source Manager Instance Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.createRepository', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions BETA
roles/securesourcemanager.repoAdmin
A repoAdmin has the ability to CRUD a repository and its children as well as assign users to a repository. They can also set, get, or check IAM policies on the repository.
Secure Source Manager Repository Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.create', 'securesourcemanager.branchRules.delete', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.branchRules.update', 'securesourcemanager.repositories.create', 'securesourcemanager.repositories.delete', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.repositories.update', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions BETA
roles/securesourcemanager.repoCreator
A repoCreator has access to create repostiory in a project, the creator will then become the repoAdmin on this repository.
Secure Source Manager Repository Creator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.repositories.create']
Copy Permissions BETA
roles/securesourcemanager.repoPullRequestApprover
An pull request approver can approve pull requests in a repository.
Secure Source Manager Repository Pull Request Approver
['resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/securesourcemanager.repoReader
A repoReader has read access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Reader
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests']
Copy Permissions BETA
roles/securesourcemanager.repoWriter
A repoWriter has read/write access to a particular repository, including its child components. They cannot create repositories, and do not manage IAM policies on the repository.
Secure Source Manager Repository Writer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.push', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.repositories.writeIssues', 'securesourcemanager.repositories.writePullRequests']
Copy Permissions BETA
roles/securesourcemanager.serviceAgent
Gives Secure Source Manager service account access to managed resources.
Secure Source Manager Service Agent
['iam.serviceAccounts.signJwt', 'securesourcemanager.instances.access', 'serviceusage.services.use']
Copy Permissions GA
roles/securesourcemanager.sshKeyUser
An sshKeyUser can create SSH keys for themselves and list/delete SSH keys they own.
Secure Source Manager SSH Key User
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'securesourcemanager.sshkeys.create', 'securesourcemanager.sshkeys.delete', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list']
Copy Permissions BETA
roles/securedlandingzone.serviceAgent
Grants Secured Landing Zone service account permissions to manage resources in the customer project
Secured Landing Zone Service Agent
['cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.update', 'logging.logEntries.list', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.getIamPolicy', 'pubsub.topics.setIamPolicy', 'resourcemanager.projects.get', 'securitycenter.assetsecuritymarks.update', 'securitycenter.findings.list', 'securitycenter.findings.update', 'securitycenter.sources.list', 'securitycenter.sources.update', 'serviceusage.services.use']
Copy Permissions GA
roles/iam.securityAdmin
Security admin role, with permissions to get and set any IAM policy.
Security Admin
['accessapproval.requests.list', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.setIamPolicy', 'accesscontextmanager.servicePerimeters.list', 'actions.agentVersions.list', 'advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'aiplatform.agentExamples.list', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.list', 'aiplatform.apps.list', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cachedContents.list', 'aiplatform.contexts.list', 'aiplatform.customJobs.list', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.list', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.setIamPolicy', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.executions.list', 'aiplatform.extensions.list', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.setIamPolicy', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.setIamPolicy', 'aiplatform.features.list', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.list', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.humanInTheLoops.list', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.list', 'aiplatform.indexes.list', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.list', 'aiplatform.models.list', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.list', 'aiplatform.schedules.list', 'aiplatform.sessions.list', 'aiplatform.specialistPools.list', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.list', 'aiplatform.tuningJobs.list', 'alloydb.backups.list', 'alloydb.clusters.list', 'alloydb.databases.list', 'alloydb.instances.list', 'alloydb.locations.list', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.list', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.setIamPolicy', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.subscriptions.list', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.setIamPolicy', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.setIamPolicy', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.setIamPolicy', 'apigateway.locations.list', 'apigateway.operations.list', 'apigee.apiproductattributes.list', 'apigee.apiproducts.list', 'apigee.appgroupapps.list', 'apigee.appgroups.list', 'apigee.apps.list', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.datacollectors.list', 'apigee.datastores.list', 'apigee.deployments.getIamPolicy', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.developerappattributes.list', 'apigee.developerapps.list', 'apigee.developerattributes.list', 'apigee.developers.list', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.list', 'apigee.envgroupattachments.list', 'apigee.envgroups.list', 'apigee.environments.getIamPolicy', 'apigee.environments.list', 'apigee.environments.setIamPolicy', 'apigee.exports.list', 'apigee.flowhooks.list', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.list', 'apigee.instanceattachments.list', 'apigee.instances.list', 'apigee.keystorealiases.list', 'apigee.keystores.list', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.nataddresses.list', 'apigee.operations.list', 'apigee.organizations.list', 'apigee.portals.list', 'apigee.proxies.list', 'apigee.proxyrevisions.list', 'apigee.queries.list', 'apigee.rateplans.list', 'apigee.references.list', 'apigee.reports.list', 'apigee.resourcefiles.list', 'apigee.securityActions.list', 'apigee.securityFeedback.list', 'apigee.securityIncidents.list', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.list', 'apigee.securityreports.list', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.list', 'apigee.targetservers.list', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.list', 'apigeeconnect.connections.list', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.setIamPolicy', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.setIamPolicy', 'apigeeregistry.deployments.list', 'apigeeregistry.locations.list', 'apigeeregistry.operations.list', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.setIamPolicy', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.setIamPolicy', 'apihub.apiHubInstances.list', 'apihub.apiOperations.list', 'apihub.apis.list', 'apihub.attributes.list', 'apihub.definitions.list', 'apihub.dependencies.list', 'apihub.deployments.list', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.list', 'apihub.operations.list', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.list', 'apihub.versions.list', 'apikeys.keys.list', 'apim.apiObservations.list', 'apim.apiOperations.list', 'apim.locations.list', 'apim.observationJobs.list', 'apim.observationSources.list', 'apim.operations.list', 'appengine.instances.list', 'appengine.memcache.list', 'appengine.operations.list', 'appengine.services.list', 'appengine.versions.list', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.setIamPolicy', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.list', 'apphub.locations.list', 'apphub.operations.list', 'apphub.serviceProjectAttachments.list', 'apphub.services.list', 'apphub.workloads.list', 'applianceactivation.rttCommands.list', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.list', 'artifactregistry.files.list', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.list', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.rules.list', 'artifactregistry.tags.list', 'artifactregistry.versions.list', 'assuredoss.locations.list', 'assuredoss.metadata.list', 'assuredoss.operations.list', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.list', 'assuredworkloads.workload.list', 'auditmanager.auditReports.list', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.list', 'auditmanager.locations.list', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.list', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.list', 'automl.datasets.getIamPolicy', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.list', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.list', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.setIamPolicy', 'automl.operations.list', 'automl.tableSpecs.list', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.list', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'autoscaling.sites.getIamPolicy', 'autoscaling.sites.setIamPolicy', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.list', 'backupdr.backupVaults.list', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.list', 'backupdr.locations.list', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.setIamPolicy', 'backupdr.operations.list', 'baremetalsolution.instancequotas.list', 'baremetalsolution.instances.list', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.list', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.list', 'batch.jobs.list', 'batch.locations.list', 'batch.operations.list', 'batch.resourceAllowances.list', 'batch.tasks.list', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.setIamPolicy', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.setIamPolicy', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.setIamPolicy', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'beyondcorp.locations.list', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.list', 'beyondcorp.subscriptions.list', 'biglake.catalogs.list', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.list', 'bigquery.capacityCommitments.list', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.setIamPolicy', 'bigquery.jobs.list', 'bigquery.models.list', 'bigquery.reservationAssignments.list', 'bigquery.reservations.list', 'bigquery.routines.list', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.savedqueries.list', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.setIamPolicy', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.list', 'bigquerymigration.workflows.list', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.setIamPolicy', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.setIamPolicy', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.setIamPolicy', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.setIamPolicy', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.list', 'billing.budgets.list', 'billing.credits.list', 'billing.resourceAssociations.list', 'billing.subscriptions.list', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.setIamPolicy', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.setIamPolicy', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.setIamPolicy', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.list', 'capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'carestudio.patients.list', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.list', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.list', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.list', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.collectors.list', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.list', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessScopes.list', 'chronicle.dataTableRows.list', 'chronicle.dataTables.list', 'chronicle.dataTaps.list', 'chronicle.entities.list', 'chronicle.errorNotificationConfigs.list', 'chronicle.extensionValidationReports.list', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.list', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.list', 'chronicle.forwarders.list', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.list', 'chronicle.iocMatches.list', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.list', 'chronicle.messages.list', 'chronicle.nativeDashboards.list', 'chronicle.operations.list', 'chronicle.parserExtensions.list', 'chronicle.parsers.list', 'chronicle.parsingErrors.list', 'chronicle.referenceLists.list', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.list', 'chronicle.searchQueries.list', 'chronicle.validationErrors.list', 'chronicle.watchlists.list', 'clientauthconfig.brands.list', 'clientauthconfig.clients.list', 'cloud.locations.list', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.setIamPolicy', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.list', 'cloudasset.savedqueries.list', 'cloudbuild.builds.list', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.integrations.list', 'cloudbuild.operations.list', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.list', 'cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.list', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.list', 'clouddeploy.operations.list', 'clouddeploy.releases.list', 'clouddeploy.rollouts.list', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.setIamPolicy', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.locations.list', 'cloudfunctions.operations.list', 'cloudjobdiscovery.companies.list', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.list', 'cloudnotifications.activities.list', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprofiler.profiles.list', 'cloudscheduler.jobs.list', 'cloudscheduler.locations.list', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scans.list', 'cloudsql.backupRuns.list', 'cloudsql.databases.list', 'cloudsql.instances.list', 'cloudsql.sslCerts.list', 'cloudsql.users.list', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.list', 'cloudsupport.accounts.setIamPolicy', 'cloudsupport.techCases.list', 'cloudtasks.locations.list', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.tasks.list', 'cloudtestservice.devicesession.list', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.list', 'cloudtoolresults.steps.list', 'cloudtrace.insights.list', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.list', 'cloudtrace.traces.list', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.list', 'cloudtranslate.datasets.list', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.locations.list', 'cloudtranslate.operations.list', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.documents.list', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerRestrictions.list', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.list', 'commerceorggovernance.collectionRequestApprovals.list', 'commerceorggovernance.collections.list', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.services.list', 'commerceprice.events.list', 'commerceprice.privateoffers.list', 'composer.dags.list', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.list', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.list', 'compute.acceleratorTypes.list', 'compute.addresses.list', 'compute.autoscalers.list', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.setIamPolicy', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.setIamPolicy', 'compute.commitments.list', 'compute.diskTypes.list', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.setIamPolicy', 'compute.externalVpnGateways.list', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.setIamPolicy', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.futureReservations.setIamPolicy', 'compute.globalAddresses.list', 'compute.globalForwardingRules.list', 'compute.globalNetworkEndpointGroups.list', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalOperations.setIamPolicy', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.list', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.list', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.setIamPolicy', 'compute.instanceGroupManagers.list', 'compute.instanceGroups.list', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instances.getIamPolicy', 'compute.instances.list', 'compute.instances.setIamPolicy', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.interconnectAttachments.list', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.list', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineTypes.list', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.setIamPolicy', 'compute.networkEdgeSecurityServices.list', 'compute.networkEndpointGroups.list', 'compute.networks.list', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeGroups.setIamPolicy', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTemplates.setIamPolicy', 'compute.nodeTypes.list', 'compute.packetMirrorings.list', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.list', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.setIamPolicy', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.list', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionOperations.setIamPolicy', 'compute.regionSecurityPolicies.list', 'compute.regionSslCertificates.list', 'compute.regionSslPolicies.list', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetTcpProxies.list', 'compute.regionUrlMaps.list', 'compute.regions.list', 'compute.reservations.list', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.routers.list', 'compute.routes.list', 'compute.securityPolicies.list', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.setIamPolicy', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.setIamPolicy', 'compute.sslCertificates.list', 'compute.sslPolicies.list', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.setIamPolicy', 'compute.targetGrpcProxies.list', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.list', 'compute.targetInstances.list', 'compute.targetPools.list', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.vpnTunnels.list', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zoneOperations.setIamPolicy', 'compute.zones.list', 'confidentialcomputing.locations.list', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.deployments.setIamPolicy', 'config.locations.list', 'config.operations.list', 'config.previews.list', 'config.resources.list', 'config.revisions.list', 'config.terraformversions.list', 'configdelivery.fleetPackages.list', 'configdelivery.locations.list', 'configdelivery.operations.list', 'configdelivery.releases.list', 'configdelivery.resourceBundles.list', 'configdelivery.rollouts.list', 'connectors.actions.list', 'connectors.connections.getIamPolicy', 'connectors.connections.list', 'connectors.connections.setIamPolicy', 'connectors.connectors.list', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectorVersions.setIamPolicy', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.customConnectors.setIamPolicy', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.endpointAttachments.setIamPolicy', 'connectors.entities.list', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.list', 'connectors.eventtypes.list', 'connectors.locations.list', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.managedZones.setIamPolicy', 'connectors.operations.list', 'connectors.providers.list', 'connectors.versions.list', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.list', 'consumerprocurement.entitlements.list', 'consumerprocurement.events.list', 'consumerprocurement.freeTrials.list', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.list', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.list', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.conversations.list', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issues.list', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.views.list', 'container.apiServices.list', 'container.auditSinks.list', 'container.backendConfigs.list', 'container.bindings.list', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.list', 'container.clusterRoles.list', 'container.clusters.list', 'container.componentStatuses.list', 'container.configMaps.list', 'container.controllerRevisions.list', 'container.cronJobs.list', 'container.csiDrivers.list', 'container.csiNodeInfos.list', 'container.csiNodes.list', 'container.customResourceDefinitions.list', 'container.daemonSets.list', 'container.deployments.list', 'container.endpointSlices.list', 'container.endpoints.list', 'container.events.list', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.list', 'container.ingresses.list', 'container.initializerConfigurations.list', 'container.jobs.list', 'container.leases.list', 'container.limitRanges.list', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.list', 'container.networkPolicies.list', 'container.nodes.list', 'container.operations.list', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.list', 'container.petSets.list', 'container.podDisruptionBudgets.list', 'container.podPresets.list', 'container.podSecurityPolicies.list', 'container.podTemplates.list', 'container.pods.list', 'container.priorityClasses.list', 'container.replicaSets.list', 'container.replicationControllers.list', 'container.resourceQuotas.list', 'container.roleBindings.list', 'container.roles.list', 'container.runtimeClasses.list', 'container.scheduledJobs.list', 'container.selfSubjectAccessReviews.list', 'container.serviceAccounts.list', 'container.services.list', 'container.statefulSets.list', 'container.storageClasses.list', 'container.storageStates.list', 'container.storageVersionMigrations.list', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.list', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.list', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.notes.setIamPolicy', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.setIamPolicy', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.list', 'contentwarehouse.corpora.list', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.documents.setIamPolicy', 'contentwarehouse.ruleSets.list', 'contentwarehouse.synonymSets.list', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'databaseinsights.locations.list', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.operations.list', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.connectors.setIamPolicy', 'dataconnectors.locations.list', 'dataconnectors.operations.list', 'dataflow.jobs.list', 'dataflow.messages.list', 'dataflow.snapshots.list', 'dataform.compilationResults.list', 'dataform.locations.list', 'dataform.releaseConfigs.list', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.setIamPolicy', 'dataform.workflowConfigs.list', 'dataform.workflowInvocations.list', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.list', 'dataform.workspaces.setIamPolicy', 'datafusion.artifacts.list', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.setIamPolicy', 'datafusion.locations.list', 'datafusion.operations.list', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.list', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.list', 'datalabeling.datasets.list', 'datalabeling.examples.list', 'datalabeling.instructions.list', 'datalabeling.operations.list', 'datalineage.events.list', 'datalineage.processes.list', 'datalineage.runs.list', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.connectionprofiles.setIamPolicy', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.conversionworkspaces.setIamPolicy', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.mappingrules.setIamPolicy', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.migrationjobs.setIamPolicy', 'datamigration.objects.list', 'datamigration.operations.list', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datamigration.privateconnections.setIamPolicy', 'datapipelines.jobs.list', 'datapipelines.pipelines.list', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.setIamPolicy', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.setIamPolicy', 'dataplex.entities.list', 'dataplex.entries.list', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.setIamPolicy', 'dataplex.lakeActions.list', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.setIamPolicy', 'dataplex.locations.list', 'dataplex.metadataJobs.list', 'dataplex.operations.list', 'dataplex.partitions.list', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.setIamPolicy', 'dataplex.zoneActions.list', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.setIamPolicy', 'dataproc.agents.list', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.setIamPolicy', 'dataproc.batches.list', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.clusters.setIamPolicy', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.jobs.setIamPolicy', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.operations.setIamPolicy', 'dataproc.sessionTemplates.list', 'dataproc.sessions.list', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.setIamPolicy', 'dataprocessing.datasources.list', 'dataprocessing.featurecontrols.list', 'dataprocessing.groupcontrols.list', 'dataprocrm.locations.list', 'dataprocrm.nodePools.list', 'dataprocrm.nodes.list', 'dataprocrm.operations.list', 'dataprocrm.workloads.list', 'datastore.backupSchedules.list', 'datastore.backups.list', 'datastore.databases.list', 'datastore.entities.list', 'datastore.indexes.list', 'datastore.keyVisualizerScans.list', 'datastore.locations.list', 'datastore.namespaces.list', 'datastore.operations.list', 'datastore.statistics.list', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.setIamPolicy', 'datastream.locations.list', 'datastream.objects.list', 'datastream.operations.list', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.setIamPolicy', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.routes.setIamPolicy', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.setIamPolicy', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.setIamPolicy', 'datastudio.reports.getIamPolicy', 'datastudio.reports.setIamPolicy', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.setIamPolicy', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.deployments.getIamPolicy', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.setIamPolicy', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.list', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.list', 'deploymentmanager.types.list', 'developerconnect.connections.list', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.list', 'developerconnect.operations.list', 'dialogflow.agents.list', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.list', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.list', 'dialogflow.deployments.list', 'dialogflow.documents.list', 'dialogflow.entityTypes.list', 'dialogflow.environments.list', 'dialogflow.examples.list', 'dialogflow.experiments.list', 'dialogflow.flows.list', 'dialogflow.generators.list', 'dialogflow.integrations.list', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.list', 'dialogflow.pages.list', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.list', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.list', 'dialogflow.webhooks.list', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.list', 'discoveryengine.collections.list', 'discoveryengine.controls.list', 'discoveryengine.conversations.list', 'discoveryengine.dataStores.list', 'discoveryengine.documents.list', 'discoveryengine.engines.list', 'discoveryengine.evaluations.list', 'discoveryengine.models.list', 'discoveryengine.operations.list', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.schemas.list', 'discoveryengine.servingConfigs.list', 'discoveryengine.sessions.list', 'discoveryengine.targetSites.list', 'dlp.analyzeRiskTemplates.list', 'dlp.columnDataProfiles.list', 'dlp.connections.list', 'dlp.deidentifyTemplates.list', 'dlp.estimates.list', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.list', 'dlp.jobTriggers.list', 'dlp.jobs.list', 'dlp.locations.list', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.list', 'dlp.subscriptions.list', 'dlp.tableDataProfiles.list', 'dns.changes.list', 'dns.dnsKeys.list', 'dns.managedZoneOperations.list', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.setIamPolicy', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.setIamPolicy', 'dns.resourceRecordSets.list', 'dns.responsePolicies.list', 'dns.responsePolicyRules.list', 'documentai.dataLabelingJobs.list', 'documentai.evaluations.list', 'documentai.labelerPools.list', 'documentai.locations.list', 'documentai.processorTypes.list', 'documentai.processorVersions.list', 'documentai.processors.list', 'domains.locations.list', 'domains.operations.list', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.setIamPolicy', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.assets.setIamPolicy', 'earthengine.operations.list', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.clusters.setIamPolicy', 'edgecontainer.locations.list', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.machines.setIamPolicy', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.nodePools.setIamPolicy', 'edgecontainer.operations.list', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgecontainer.vpnConnections.setIamPolicy', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnectAttachments.setIamPolicy', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.interconnects.setIamPolicy', 'edgenetwork.locations.list', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.list', 'edgenetwork.networks.setIamPolicy', 'edgenetwork.operations.list', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.list', 'edgenetwork.routers.setIamPolicy', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.list', 'edgenetwork.subnetworks.setIamPolicy', 'edgenetwork.zones.list', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.list', 'errorreporting.groups.list', 'essentialcontacts.contacts.list', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.setIamPolicy', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.locations.list', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.setIamPolicy', 'eventarc.operations.list', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.providers.list', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'fcmdata.deliverydata.list', 'file.backups.list', 'file.instances.list', 'file.locations.list', 'file.operations.list', 'file.snapshots.list', 'financialservices.locations.list', 'financialservices.operations.list', 'financialservices.v1backtests.list', 'financialservices.v1datasets.list', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineversions.list', 'financialservices.v1instances.list', 'financialservices.v1models.list', 'financialservices.v1predictions.list', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.list', 'firebaseabt.experiments.list', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'firebasecrashlytics.issues.list', 'firebasedatabase.instances.list', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.list', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.list', 'firebaseextensions.configs.list', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.list', 'firebaseinappmessaging.campaigns.list', 'firebasemessagingcampaigns.campaigns.list', 'firebaseml.models.list', 'firebaseml.modelversions.list', 'firebasenotifications.messages.list', 'firebaserules.releases.list', 'firebaserules.rulesets.list', 'firebasestorage.buckets.list', 'fleetengine.deliveryvehicles.list', 'fleetengine.tasks.list', 'fleetengine.vehicles.list', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/subscriptions.list', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.list', 'genomics.datasets.getIamPolicy', 'genomics.datasets.list', 'genomics.datasets.setIamPolicy', 'genomics.operations.list', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backups.list', 'gkebackup.locations.list', 'gkebackup.operations.list', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restores.list', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.list', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.locations.list', 'gkehub.membershipbindings.list', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.namespaces.list', 'gkehub.operations.list', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.setIamPolicy', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.operations.list', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.setIamPolicy', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.setIamPolicy', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.bareMetalNodePools.setIamPolicy', 'gkeonprem.locations.list', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareAdminClusters.setIamPolicy', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.setIamPolicy', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gkeonprem.vmwareNodePools.setIamPolicy', 'gsuiteaddons.deployments.list', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.list', 'healthcare.annotationStores.setIamPolicy', 'healthcare.annotations.list', 'healthcare.attributeDefinitions.list', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consentStores.setIamPolicy', 'healthcare.consents.list', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.datasets.setIamPolicy', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.list', 'healthcare.dicomStores.setIamPolicy', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.list', 'healthcare.fhirStores.setIamPolicy', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.list', 'healthcare.hl7V2Stores.setIamPolicy', 'healthcare.locations.list', 'healthcare.operations.list', 'healthcare.userDataMappings.list', 'iam.denypolicies.list', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.setIamPolicy', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.policybindings.list', 'iam.principalaccessboundarypolicies.list', 'iam.roles.get', 'iam.roles.list', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.setIamPolicy', 'iap.tunnel.getIamPolicy', 'iap.tunnel.setIamPolicy', 'iap.tunnelDestGroups.getIamPolicy', 'iap.tunnelDestGroups.list', 'iap.tunnelDestGroups.setIamPolicy', 'iap.tunnelInstances.getIamPolicy', 'iap.tunnelInstances.setIamPolicy', 'iap.tunnelLocations.getIamPolicy', 'iap.tunnelLocations.setIamPolicy', 'iap.tunnelZones.getIamPolicy', 'iap.tunnelZones.setIamPolicy', 'iap.web.getIamPolicy', 'iap.web.setIamPolicy', 'iap.webServiceVersions.getIamPolicy', 'iap.webServiceVersions.setIamPolicy', 'iap.webServices.getIamPolicy', 'iap.webServices.setIamPolicy', 'iap.webTypes.getIamPolicy', 'iap.webTypes.setIamPolicy', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'identitytoolkit.tenants.setIamPolicy', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.setIamPolicy', 'ids.locations.list', 'ids.operations.list', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSuspensions.list', 'integrations.authConfigs.list', 'integrations.certificates.list', 'integrations.executions.list', 'integrations.integrationVersions.list', 'integrations.integrations.list', 'integrations.securityAuthConfigs.list', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'integrations.suspensions.list', 'integrations.testCases.list', 'issuerswitch.accountManagerTransactions.list', 'issuerswitch.complaintTransactions.list', 'issuerswitch.financialTransactions.list', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.list', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.krmApiHosts.setIamPolicy', 'krmapihosting.locations.list', 'krmapihosting.operations.list', 'lifesciences.operations.list', 'livestream.assets.list', 'livestream.channels.list', 'livestream.clips.list', 'livestream.events.list', 'livestream.inputs.list', 'livestream.locations.list', 'livestream.operations.list', 'logging.buckets.list', 'logging.exclusions.list', 'logging.links.list', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.list', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.usePrivate', 'logging.sinks.list', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.setIamPolicy', 'looker.backups.list', 'looker.instances.list', 'looker.locations.list', 'looker.operations.list', 'managedflink.deployments.list', 'managedflink.jobs.list', 'managedflink.locations.list', 'managedflink.operations.list', 'managedflink.sessions.list', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.backups.setIamPolicy', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.setIamPolicy', 'managedidentities.locations.list', 'managedidentities.operations.list', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.peerings.setIamPolicy', 'managedidentities.sqlintegrations.list', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.list', 'managedkafka.locations.list', 'managedkafka.operations.list', 'managedkafka.topics.list', 'mapsadmin.clientMaps.list', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyles.list', 'mapsadmin.styleSnapshots.list', 'mapsanalytics.metricMetadata.list', 'mapsplatformdatasets.datasets.list', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.list', 'memcache.instances.list', 'memcache.locations.list', 'memcache.operations.list', 'memorystore.instances.list', 'memorystore.locations.list', 'memorystore.operations.list', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.setIamPolicy', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.setIamPolicy', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.federations.setIamPolicy', 'metastore.imports.list', 'metastore.locations.list', 'metastore.migrations.list', 'metastore.operations.list', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.setIamPolicy', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.setIamPolicy', 'migrationcenter.assets.list', 'migrationcenter.discoveryClients.list', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.list', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.list', 'migrationcenter.locations.list', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.list', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.list', 'migrationcenter.sources.list', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.locations.list', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.setIamPolicy', 'ml.operations.list', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.list', 'ml.versions.list', 'monitoring.alertPolicies.list', 'monitoring.dashboards.list', 'monitoring.groups.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.list', 'monitoring.services.list', 'monitoring.slos.list', 'monitoring.snoozes.list', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.list', 'netapp.activeDirectories.list', 'netapp.backupPolicies.list', 'netapp.backupVaults.list', 'netapp.backups.list', 'netapp.kmsConfigs.list', 'netapp.locations.list', 'netapp.operations.list', 'netapp.replications.list', 'netapp.snapshots.list', 'netapp.storagePools.list', 'netapp.volumes.list', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.groups.setIamPolicy', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRouteTables.setIamPolicy', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubRoutes.setIamPolicy', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.setIamPolicy', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.locations.list', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.connectivitytests.setIamPolicy', 'networkmanagement.locations.list', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.list', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.list', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.list', 'networkservices.gateways.list', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.list', 'networkservices.meshes.list', 'networkservices.operations.list', 'networkservices.route_views.list', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.list', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.setIamPolicy', 'notebooks.locations.list', 'notebooks.operations.list', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.setIamPolicy', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'ondemandscanning.operations.list', 'opsconfigmonitoring.resourceMetadata.list', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.list', 'oracledatabase.operations.list', 'orgpolicy.constraints.list', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'osconfig.guestPolicies.list', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignments.list', 'osconfig.patchDeployments.list', 'osconfig.patchJobs.list', 'osconfig.upgradeReports.list', 'osconfig.vulnerabilityReports.list', 'paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.list', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.list', 'policysimulator.replayResults.list', 'policysimulator.replays.create', 'policysimulator.replays.get', 'policysimulator.replays.list', 'policysimulator.replays.run', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.locations.list', 'privateca.operations.list', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.entitlements.setIamPolicy', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.list', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.getIamPolicy', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.setIamPolicy', 'proximitybeacon.namespaces.getIamPolicy', 'proximitybeacon.namespaces.list', 'proximitybeacon.namespaces.setIamPolicy', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.setIamPolicy', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.setIamPolicy', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.setIamPolicy', 'pubsublite.operations.list', 'pubsublite.reservations.list', 'pubsublite.subscriptions.list', 'pubsublite.topics.list', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.list', 'recommender.cloudAssetInsights.list', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.list', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeFirewallInsights.list', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.list', 'recommender.costInsights.list', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.errorReportingInsights.list', 'recommender.errorReportingRecommendations.list', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyRecommendations.list', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountInsights.list', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.list', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.usageCommitmentRecommendations.list', 'redis.clusters.list', 'redis.instances.list', 'redis.locations.list', 'redis.operations.list', 'remotebuildexecution.instances.list', 'remotebuildexecution.workerpools.list', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.setIamPolicy', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.organizations.setIamPolicy', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.setIamPolicy', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.setIamPolicy', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.setIamPolicy', 'resourcesettings.settings.list', 'retail.branches.list', 'retail.catalogs.list', 'retail.controls.list', 'retail.experiments.list', 'retail.models.list', 'retail.operations.list', 'retail.products.list', 'retail.servingConfigs.list', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.list', 'riskmanager.policies.list', 'riskmanager.reports.list', 'rma.collectors.list', 'rma.locations.list', 'rma.operations.list', 'run.configurations.list', 'run.executions.list', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.setIamPolicy', 'run.locations.list', 'run.operations.list', 'run.revisions.list', 'run.routes.list', 'run.services.getIamPolicy', 'run.services.list', 'run.services.setIamPolicy', 'run.tasks.list', 'runapps.applications.list', 'runapps.deployments.list', 'runapps.locations.list', 'runapps.operations.list', 'runtimeconfig.configs.getIamPolicy', 'runtimeconfig.configs.list', 'runtimeconfig.configs.setIamPolicy', 'runtimeconfig.operations.list', 'runtimeconfig.variables.getIamPolicy', 'runtimeconfig.variables.list', 'runtimeconfig.variables.setIamPolicy', 'runtimeconfig.waiters.getIamPolicy', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.setIamPolicy', 'secretmanager.locations.list', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.setIamPolicy', 'secretmanager.versions.list', 'securedlandingzone.overwatches.list', 'securesourcemanager.branchRules.list', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.instances.setIamPolicy', 'securesourcemanager.locations.list', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.setIamPolicy', 'securesourcemanager.sshkeys.list', 'securitycenter.assets.list', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.list', 'securitycenter.compliancesnapshots.list', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.findings.list', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.list', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.sources.setIamPolicy', 'securitycenter.valuedresources.list', 'securitycenter.vulnerabilitysnapshots.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securityposture.locations.list', 'securityposture.operations.list', 'securityposture.postureDeployments.list', 'securityposture.postureTemplates.list', 'securityposture.postures.list', 'securityposture.reports.list', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.bindings.setIamPolicy', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.catalogs.setIamPolicy', 'servicebroker.instanceoperations.list', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'servicebroker.instances.setIamPolicy', 'serviceconsumermanagement.tenancyu.list', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.setIamPolicy', 'servicedirectory.locations.list', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.setIamPolicy', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.setIamPolicy', 'servicehealth.events.list', 'servicehealth.locations.list', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.list', 'servicemanagement.services.getIamPolicy', 'servicemanagement.services.list', 'servicemanagement.services.setIamPolicy', 'servicenetworking.operations.list', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.workloadPolicies.list', 'serviceusage.services.list', 'source.repos.getIamPolicy', 'source.repos.list', 'source.repos.setIamPolicy', 'spanner.backupOperations.list', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backupSchedules.setIamPolicy', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.backups.setIamPolicy', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.setIamPolicy', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.list', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.list', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.setIamPolicy', 'spanner.sessions.list', 'speakerid.phrases.list', 'speakerid.speakers.list', 'speech.customClasses.list', 'speech.locations.list', 'speech.operations.list', 'speech.phraseSets.list', 'speech.recognizers.list', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.list', 'storage.bucketOperations.list', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.setIamPolicy', 'storage.folders.list', 'storage.hmacKeys.list', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.multipartUploads.list', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.setIamPolicy', 'storageinsights.datasetConfigs.list', 'storageinsights.locations.list', 'storageinsights.operations.list', 'storageinsights.reportConfigs.list', 'storageinsights.reportDetails.list', 'storagetransfer.agentpools.list', 'storagetransfer.jobs.list', 'storagetransfer.operations.list', 'stream.locations.list', 'stream.operations.list', 'stream.streamContents.list', 'stream.streamInstances.list', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.list', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.locations.list', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.list', 'timeseriesinsights.datasets.list', 'timeseriesinsights.locations.list', 'tpu.acceleratortypes.list', 'tpu.locations.list', 'tpu.nodes.list', 'tpu.operations.list', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.list', 'transcoder.jobTemplates.list', 'transcoder.jobs.list', 'transferappliance.appliances.list', 'transferappliance.locations.list', 'transferappliance.operations.list', 'transferappliance.orders.list', 'transferappliance.savedAddresses.list', 'translationhub.portals.list', 'videostitcher.cdnKeys.list', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.list', 'videostitcher.operations.list', 'videostitcher.slates.list', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.list', 'videostitcher.vodStitchDetails.list', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.analyses.setIamPolicy', 'visionai.annotations.list', 'visionai.applications.list', 'visionai.assets.list', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.setIamPolicy', 'visionai.corpora.list', 'visionai.dataSchemas.list', 'visionai.drafts.list', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.events.setIamPolicy', 'visionai.indexEndpoints.list', 'visionai.indexes.list', 'visionai.instances.list', 'visionai.locations.list', 'visionai.operations.list', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.operators.setIamPolicy', 'visionai.processors.list', 'visionai.searchConfigs.list', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.setIamPolicy', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.setIamPolicy', 'visionai.uistreams.list', 'visualinspection.annotationSets.list', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.list', 'visualinspection.datasets.list', 'visualinspection.images.list', 'visualinspection.locations.list', 'visualinspection.modelEvaluations.list', 'visualinspection.models.list', 'visualinspection.modules.list', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutions.list', 'vmmigration.cloneJobs.list', 'vmmigration.cutoverJobs.list', 'vmmigration.datacenterConnectors.list', 'vmmigration.deployments.list', 'vmmigration.groups.list', 'vmmigration.locations.list', 'vmmigration.migratingVms.list', 'vmmigration.operations.list', 'vmmigration.replicationCycles.list', 'vmmigration.sources.list', 'vmmigration.targets.list', 'vmmigration.utilizationReports.list', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.clusters.setIamPolicy', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAddresses.list', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.hcxActivationKeys.setIamPolicy', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.list', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPolicies.list', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.list', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateClouds.setIamPolicy', 'vmwareengine.privateConnections.list', 'vmwareengine.subnets.list', 'vmwareengine.vmwareEngineNetworks.list', 'vpcaccess.connectors.list', 'vpcaccess.locations.list', 'vpcaccess.operations.list', 'workflows.callbacks.list', 'workflows.executions.list', 'workflows.locations.list', 'workflows.operations.list', 'workflows.stepEntries.list', 'workflows.workflows.list', 'workloadcertificate.locations.list', 'workloadcertificate.operations.list', 'workloadcertificate.workloadRegistrations.list', 'workloadmanager.actuations.list', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.list', 'workloadmanager.executions.list', 'workloadmanager.locations.list', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list', 'workstations.workstationClusters.list', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstationConfigs.setIamPolicy', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list', 'workstations.workstations.setIamPolicy']
Copy Permissions GA
roles/securitycenter.admin
Admin(super user) access to security center
Security Center Admin
['appengine.applications.get', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'compute.addresses.list', 'iam.serviceAccountKeys.create', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.create', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.tagValues.get', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.assets.runDiscovery', 'securitycenter.assetsecuritymarks.update', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.billingtier.update', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.containerthreatdetectionsettings.update', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.eventthreatdetectionsettings.update', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.setWorkflowState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.integratedvulnerabilityscannersettings.update', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.update', 'securitycenter.resourcevalueconfigs.create', 'securitycenter.resourcevalueconfigs.delete', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.resourcevalueconfigs.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycenter.securityhealthanalyticscustommodules.create', 'securitycenter.securityhealthanalyticscustommodules.delete', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticscustommodules.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.sources.setIamPolicy', 'securitycenter.sources.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.virtualmachinethreatdetectionsettings.update', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycenter.websecurityscannersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/securitycenter.adminEditor
Admin Read-write access to security center
Security Center Admin Editor
['appengine.applications.get', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'compute.addresses.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.tagValues.get', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.assets.runDiscovery', 'securitycenter.assetsecuritymarks.update', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.setWorkflowState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.resourcevalueconfigs.create', 'securitycenter.resourcevalueconfigs.delete', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.resourcevalueconfigs.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.sources.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/securitycenter.adminViewer
Admin Read access to security center
Security Center Admin Viewer
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.tagValues.get', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.organizationsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.securitycentersettings.get', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/securitycenter.assetSecurityMarksWriter
Write access to asset security marks
Security Center Asset Security Marks Writer
['securitycenter.assetsecuritymarks.update', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.assetsDiscoveryRunner
Run asset discovery access to assets
Security Center Assets Discovery Runner
['securitycenter.assets.runDiscovery', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.assetsViewer
Read access to assets
Security Center Assets Viewer
['cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.attackPathsViewer
Read access to security center attack paths
Security Center Attack Paths Reader
['securitycenter.attackpaths.list']
Copy Permissions GA
roles/securitycenter.automationServiceAgent
Security Center automation service agent can configure GCP resources to enable security scanning.
Security Center Automation Service Agent
['cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.services.enable', 'serviceusage.services.get']
Copy Permissions GA
roles/securitycenter.bigQueryExportsEditor
Read-Write access to security center BigQuery Exports
Security Center BigQuery Exports Editor
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update']
Copy Permissions GA
roles/securitycenter.bigQueryExportsViewer
Read access to security center BigQuery Exports
Security Center BigQuery Exports Viewer
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list']
Copy Permissions GA
roles/securitycenter.complianceReportsViewer
Read access to security center compliance reports
Security Center Compliance Reports Viewer
['securitycenter.complianceReports.aggregate']
Copy Permissions BETA
roles/securitycenter.complianceSnapshotsViewer
Read access to security center compliance snapshots
Security Center Compliance Snapshots Viewer
['securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list']
Copy Permissions BETA
roles/securitycenter.controlServiceAgent
Security Center Control service agent can monitor and configure GCP resources and import security findings.
Security Center Control Service Agent
['bigquery.datasets.get', 'binaryauthorization.policy.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudsql.instances.connect', 'cloudsql.users.list', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.list', 'compute.networkEndpointGroups.get', 'compute.projects.get', 'container.clusters.get', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.list', 'logging.logEntries.list', 'monitoring.alertPolicies.list', 'monitoring.timeSeries.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.tagValues.get', 'securitycenter.assets.list', 'securitycenter.assetsecuritymarks.update', 'securitycenter.findings.list', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.sources.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list']
Copy Permissions GA
roles/securitycenter.externalSystemsEditor
Write access to security center external systems
Security Center External Systems Editor
['securitycenter.findingexternalsystems.update']
Copy Permissions GA
roles/securitycenter.findingSecurityMarksWriter
Write access to finding security marks
Security Center Finding Security Marks Writer
['securitycenter.findingsecuritymarks.update', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.findingsBulkMuteEditor
Ability to mute findings in bulk
Security Center Findings Bulk Mute Editor
['securitycenter.findings.bulkMuteUpdate']
Copy Permissions GA
roles/securitycenter.findingsEditor
Read-write access to findings
Security Center Findings Editor
['resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.findingexplanations.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.userinterfacemetadata.get', 'securitycenter.vulnerabilitysnapshots.list']
Copy Permissions GA
roles/securitycenter.findingsMuteSetter
Set mute access to findings
Security Center Findings Mute Setter
['securitycenter.findings.setMute']
Copy Permissions GA
roles/securitycenter.findingsStateSetter
Set state access to findings
Security Center Findings State Setter
['securitycenter.findings.setState', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.findingsViewer
Read access to findings
Security Center Findings Viewer
['resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.findingexplanations.get', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.userinterfacemetadata.get', 'securitycenter.vulnerabilitysnapshots.list']
Copy Permissions GA
roles/securitycenter.findingsWorkflowStateSetter
Set workflow state access to findings
Security Center Findings Workflow State Setter
['securitycenter.findings.setWorkflowState', 'securitycenter.userinterfacemetadata.get']
Copy Permissions BETA
roles/securitycenter.integrationExecutorServiceAgent
Gives Security Center access to execute Integrations.
Security Center Integration Executor Service Agent
['integrations.securityExecutions.cancel', 'integrations.securityExecutions.list', 'integrations.securityIntegrations.invoke']
Copy Permissions GA
roles/securitycentermanagement.admin
Full access to manage Cloud Security Command Center services and custom modules configuration.
Security Center Management Admin
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycentermanagement.etdCustomModulesEditor
Full access to manage Cloud Security Command Center ETD custom modules.
Security Center Management Custom ETD Modules Editor
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list']
Copy Permissions GA
roles/securitycentermanagement.customModulesEditor
Full access to manage Cloud Security Command Center custom modules.
Security Center Management Custom Modules Editor
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycentermanagement.customModulesViewer
Readonly access to Cloud Security Command Center custom modules.
Security Center Management Custom Modules Viewer
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycentermanagement.etdCustomModulesViewer
Readonly access to Cloud Security Command Center ETD custom modules.
Security Center Management ETD Custom Modules Viewer
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list']
Copy Permissions GA
roles/securitycentermanagement.securityCenterServicesEditor
Full access to manage Cloud Security Command Center services configuration.
Security Center Management Services Editor
['securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update']
Copy Permissions GA
roles/securitycentermanagement.securityCenterServicesViewer
Readonly access to Cloud Security Command Center services configuration.
Security Center Management Services Viewer
['securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list']
Copy Permissions GA
roles/securitycentermanagement.settingsEditor
Full access to manage Cloud Security Command Center settings
Security Center Management Settings Editor
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycentermanagement.settingsViewer
Readonly access to Cloud Security Command Center settings
Security Center Management Settings Viewer
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.organizationsettings.get', 'securitycenter.securitycentersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycentermanagement.shaCustomModulesEditor
Full access to manage Cloud Security Command Center SHA custom modules.
Security Center Management SHA Custom Modules Editor
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycentermanagement.shaCustomModulesViewer
Readonly access to Cloud Security Command Center SHA custom modules.
Security Center Management SHA Custom Modules Viewer
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycentermanagement.viewer
Readonly access to Cloud Security Command Center services and custom modules configuration.
Security Center Management Viewer
['resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.organizationsettings.get', 'securitycenter.securitycentersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycenter.muteConfigsEditor
Read-Write access to security center mute configurations
Security Center Mute Configurations Editor
['securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update']
Copy Permissions GA
roles/securitycenter.muteConfigsViewer
Read access to security center mute configurations
Security Center Mute Configurations Viewer
['securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list']
Copy Permissions GA
roles/securitycenter.notificationConfigEditor
Write access to notification configurations
Security Center Notification Configurations Editor
['securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.notificationConfigViewer
Read access to notification configurations
Security Center Notification Configurations Viewer
['securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.notificationServiceAgent
Security Center service agent can publish notifications to Pub/Sub topics.
Security Center Notification Service Agent
['pubsub.topics.publish']
Copy Permissions GA
roles/securitycenter.resourceValueConfigsEditor
Read-Write access to security center resource value configurations
Security Center Resource Value Configurations Editor
['resourcemanager.tagValues.get', 'securitycenter.resourcevalueconfigs.create', 'securitycenter.resourcevalueconfigs.delete', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.resourcevalueconfigs.update']
Copy Permissions GA
roles/securitycenter.resourceValueConfigsViewer
Read access to security center resource value configurations
Security Center Resource Value Configurations Viewer
['resourcemanager.tagValues.get', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list']
Copy Permissions GA
roles/securitycenter.serviceAgent
Security Center service agent can scan GCP resources and import security scans.
Security Center Service Agent
['bigquery.datasets.get', 'binaryauthorization.policy.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudsql.instances.connect', 'cloudsql.users.list', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.list', 'compute.networkEndpointGroups.get', 'compute.projects.get', 'container.clusters.get', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.list', 'logging.logEntries.list', 'monitoring.alertPolicies.list', 'monitoring.timeSeries.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.tagValues.get', 'securitycenter.assets.list', 'securitycenter.assetsecuritymarks.update', 'securitycenter.findings.list', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.sources.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list']
Copy Permissions GA
roles/securitycenter.settingsAdmin
Admin(super user) access to security center settings
Security Center Settings Admin
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.billingtier.update', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.containerthreatdetectionsettings.update', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.eventthreatdetectionsettings.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.integratedvulnerabilityscannersettings.update', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycenter.securityhealthanalyticscustommodules.create', 'securitycenter.securityhealthanalyticscustommodules.delete', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.virtualmachinethreatdetectionsettings.update', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycenter.websecurityscannersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycenter.settingsEditor
Read-Write access to security center settings
Security Center Settings Editor
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.bigQueryExports.create', 'securitycenter.bigQueryExports.delete', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.bigQueryExports.update', 'securitycenter.billingtier.update', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.containerthreatdetectionsettings.update', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.eventthreatdetectionsettings.update', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.integratedvulnerabilityscannersettings.update', 'securitycenter.muteconfigs.create', 'securitycenter.muteconfigs.delete', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.muteconfigs.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.notificationconfig.update', 'securitycenter.organizationsettings.get', 'securitycenter.organizationsettings.update', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.update', 'securitycenter.securitycentersettings.get', 'securitycenter.securitycentersettings.update', 'securitycenter.securityhealthanalyticscustommodules.create', 'securitycenter.securityhealthanalyticscustommodules.delete', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.update', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.virtualmachinethreatdetectionsettings.update', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycenter.websecurityscannersettings.update', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.create', 'securitycentermanagement.eventThreatDetectionCustomModules.delete', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.update', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCenterServices.update', 'securitycentermanagement.securityCommandCenter.activate', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.generateServiceAccounts', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityCommandCenter.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update']
Copy Permissions GA
roles/securitycenter.settingsViewer
Read access to security center settings
Security Center Settings Viewer
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.organizationsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.securitycentersettings.get', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycenter.simulationsViewer
Read access to security center simulations
Security Center Simulations Reader
['securitycenter.simulations.get']
Copy Permissions GA
roles/securitycenter.sourcesAdmin
Admin access to sources
Security Center Sources Admin
['resourcemanager.organizations.get', 'securitycenter.sources.get', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.sources.setIamPolicy', 'securitycenter.sources.update', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.sourcesEditor
Read-write access to sources
Security Center Sources Editor
['resourcemanager.organizations.get', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.sources.update', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.sourcesViewer
Read access to sources
Security Center Sources Viewer
['resourcemanager.organizations.get', 'securitycenter.sources.get', 'securitycenter.sources.list', 'securitycenter.userinterfacemetadata.get']
Copy Permissions GA
roles/securitycenter.valuedResourcesViewer
Read access to security center valued resources
Security Center Valued Resources Reader
['securitycenter.valuedresources.list']
Copy Permissions GA
roles/securitycenter.securityHealthAnalyticsCustomModulesTester
Test access to Security Health Analytics Custom Modules
Security Health Analytics Custom Modules Tester
['securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test']
Copy Permissions GA
roles/securitycenter.securityHealthAnalyticsServiceAgent
Security Health Analytics service agent can scan GCP resource metadata to find security vulnerabilities.
Security Health Analytics Service Agent
['bigquery.datasets.get', 'binaryauthorization.policy.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudsql.instances.connect', 'cloudsql.users.list', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.list', 'compute.networkEndpointGroups.get', 'compute.projects.get', 'container.clusters.get', 'monitoring.alertPolicies.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.organizationsettings.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get']
Copy Permissions GA
roles/servicesecurityinsights.securityInsightsViewer
Read-only access to Security Insights resources
Security Insights Viewer
['servicesecurityinsights.clusterSecurityInfo.get', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.policies.get', 'servicesecurityinsights.projectStates.get', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.securityViews.get', 'servicesecurityinsights.workloadPolicies.list', 'servicesecurityinsights.workloadSecurityInfo.get']
Copy Permissions BETA
roles/integrations.securityIntegrationAdmin
A user that has full access to all Security integrations.
Security Integration Admin
['integrations.securityAuthConfigs.create', 'integrations.securityAuthConfigs.delete', 'integrations.securityAuthConfigs.get', 'integrations.securityAuthConfigs.list', 'integrations.securityAuthConfigs.update', 'integrations.securityExecutions.cancel', 'integrations.securityExecutions.get', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.create', 'integrations.securityIntegTempVers.get', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.create', 'integrations.securityIntegrationVers.delete', 'integrations.securityIntegrationVers.deploy', 'integrations.securityIntegrationVers.get', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrationVers.update', 'integrations.securityIntegrations.invoke', 'integrations.securityIntegrations.list']
Copy Permissions BETA
roles/securityposture.admin
Full access to Security Posture service APIs.
Security Posture Admin
['orgpolicy.constraints.list', 'orgpolicy.customConstraints.create', 'orgpolicy.customConstraints.delete', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.customConstraints.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.organizations.get', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'securityposture.locations.get', 'securityposture.locations.list', 'securityposture.operations.delete', 'securityposture.operations.get', 'securityposture.operations.list', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureDeployments.update', 'securityposture.postureTemplates.get', 'securityposture.postureTemplates.list', 'securityposture.postures.create', 'securityposture.postures.delete', 'securityposture.postures.extract', 'securityposture.postures.get', 'securityposture.postures.list', 'securityposture.postures.update', 'securityposture.reports.create', 'securityposture.reports.get', 'securityposture.reports.list']
Copy Permissions GA
roles/securityposture.postureDeployer
Mutate and read permissions to the Posture Deployment resource.
Security Posture Deployer
['orgpolicy.constraints.list', 'orgpolicy.customConstraints.create', 'orgpolicy.customConstraints.delete', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.customConstraints.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.organizations.get', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.securityhealthanalyticssettings.update', 'securitycentermanagement.securityHealthAnalyticsCustomModules.create', 'securitycentermanagement.securityHealthAnalyticsCustomModules.delete', 'securitycentermanagement.securityHealthAnalyticsCustomModules.update', 'securityposture.operations.get', 'securityposture.postureDeployments.create', 'securityposture.postureDeployments.delete', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureDeployments.update']
Copy Permissions GA
roles/securityposture.postureDeploymentsViewer
Read only access to the Posture Deployment resource.
Security Posture Deployments Viewer
['resourcemanager.organizations.get', 'securityposture.operations.get', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list']
Copy Permissions GA
roles/securityposture.postureEditor
Mutate and read permissions to the Posture resource.
Security Posture Resource Editor
['securityposture.operations.get', 'securityposture.postures.create', 'securityposture.postures.delete', 'securityposture.postures.extract', 'securityposture.postures.get', 'securityposture.postures.list', 'securityposture.postures.update']
Copy Permissions GA
roles/securityposture.postureViewer
Read only access to the Posture resource.
Security Posture Resource Viewer
['resourcemanager.organizations.get', 'securityposture.operations.get', 'securityposture.postures.get', 'securityposture.postures.list']
Copy Permissions GA
roles/securityposture.reportCreator
Create access for Reports, e.g. IaC Validation Report.
Security Posture Shift-Left Validator
['securityposture.operations.get', 'securityposture.reports.create', 'securityposture.reports.get', 'securityposture.reports.list']
Copy Permissions GA
roles/securityposture.viewer
Read only access to all the SecurityPosture Service resources.
Security Posture Viewer
['resourcemanager.organizations.get', 'securityposture.operations.get', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureTemplates.get', 'securityposture.postureTemplates.list', 'securityposture.postures.get', 'securityposture.postures.list']
Copy Permissions GA
roles/iam.securityReviewer
Security reviewer role, with permissions to get any IAM policy.
Security Reviewer
['accessapproval.requests.list', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.list', 'actions.agentVersions.list', 'advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'aiplatform.agentExamples.list', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.list', 'aiplatform.apps.list', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cachedContents.list', 'aiplatform.contexts.list', 'aiplatform.customJobs.list', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.list', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.list', 'aiplatform.executions.list', 'aiplatform.extensions.list', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.features.list', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.list', 'aiplatform.humanInTheLoops.list', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.list', 'aiplatform.indexes.list', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.list', 'aiplatform.models.list', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.list', 'aiplatform.schedules.list', 'aiplatform.sessions.list', 'aiplatform.specialistPools.list', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.list', 'aiplatform.tuningJobs.list', 'alloydb.backups.list', 'alloydb.clusters.list', 'alloydb.databases.list', 'alloydb.instances.list', 'alloydb.locations.list', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.list', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.subscriptions.list', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.locations.list', 'apigateway.operations.list', 'apigee.apiproductattributes.list', 'apigee.apiproducts.list', 'apigee.appgroupapps.list', 'apigee.appgroups.list', 'apigee.apps.list', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.datacollectors.list', 'apigee.datastores.list', 'apigee.deployments.getIamPolicy', 'apigee.deployments.list', 'apigee.developerappattributes.list', 'apigee.developerapps.list', 'apigee.developerattributes.list', 'apigee.developers.list', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.list', 'apigee.envgroupattachments.list', 'apigee.envgroups.list', 'apigee.environments.getIamPolicy', 'apigee.environments.list', 'apigee.exports.list', 'apigee.flowhooks.list', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.list', 'apigee.instanceattachments.list', 'apigee.instances.list', 'apigee.keystorealiases.list', 'apigee.keystores.list', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.nataddresses.list', 'apigee.operations.list', 'apigee.organizations.list', 'apigee.portals.list', 'apigee.proxies.list', 'apigee.proxyrevisions.list', 'apigee.queries.list', 'apigee.rateplans.list', 'apigee.references.list', 'apigee.reports.list', 'apigee.resourcefiles.list', 'apigee.securityActions.list', 'apigee.securityFeedback.list', 'apigee.securityIncidents.list', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.list', 'apigee.securityreports.list', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.list', 'apigee.targetservers.list', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.list', 'apigeeconnect.connections.list', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.deployments.list', 'apigeeregistry.locations.list', 'apigeeregistry.operations.list', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apihub.apiHubInstances.list', 'apihub.apiOperations.list', 'apihub.apis.list', 'apihub.attributes.list', 'apihub.definitions.list', 'apihub.dependencies.list', 'apihub.deployments.list', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.list', 'apihub.operations.list', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.list', 'apihub.versions.list', 'apikeys.keys.list', 'apim.apiObservations.list', 'apim.apiOperations.list', 'apim.locations.list', 'apim.observationJobs.list', 'apim.observationSources.list', 'apim.operations.list', 'appengine.instances.list', 'appengine.memcache.list', 'appengine.operations.list', 'appengine.services.list', 'appengine.versions.list', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.list', 'apphub.locations.list', 'apphub.operations.list', 'apphub.serviceProjectAttachments.list', 'apphub.services.list', 'apphub.workloads.list', 'applianceactivation.rttCommands.list', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.list', 'artifactregistry.files.list', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.list', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.rules.list', 'artifactregistry.tags.list', 'artifactregistry.versions.list', 'assuredoss.locations.list', 'assuredoss.metadata.list', 'assuredoss.operations.list', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.list', 'assuredworkloads.workload.list', 'auditmanager.auditReports.list', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.list', 'auditmanager.locations.list', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.list', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.list', 'automl.datasets.getIamPolicy', 'automl.datasets.list', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.list', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.modelEvaluations.list', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.operations.list', 'automl.tableSpecs.list', 'automlrecommendations.apiKeys.list', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.list', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'autoscaling.sites.getIamPolicy', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.list', 'backupdr.backupVaults.list', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.list', 'backupdr.locations.list', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.operations.list', 'baremetalsolution.instancequotas.list', 'baremetalsolution.instances.list', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.list', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.list', 'batch.jobs.list', 'batch.locations.list', 'batch.operations.list', 'batch.resourceAllowances.list', 'batch.tasks.list', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.list', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.list', 'beyondcorp.subscriptions.list', 'biglake.catalogs.list', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.list', 'bigquery.capacityCommitments.list', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.datasets.getIamPolicy', 'bigquery.jobs.list', 'bigquery.models.list', 'bigquery.reservationAssignments.list', 'bigquery.reservations.list', 'bigquery.routines.list', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.savedqueries.list', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.list', 'bigquerymigration.workflows.list', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.list', 'billing.budgets.list', 'billing.credits.list', 'billing.resourceAssociations.list', 'billing.subscriptions.list', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.getIamPolicy', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.list', 'capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'carestudio.patients.list', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.list', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.list', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.list', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.collectors.list', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.list', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessScopes.list', 'chronicle.dataTableRows.list', 'chronicle.dataTables.list', 'chronicle.dataTaps.list', 'chronicle.entities.list', 'chronicle.errorNotificationConfigs.list', 'chronicle.extensionValidationReports.list', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.list', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.list', 'chronicle.forwarders.list', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.list', 'chronicle.iocMatches.list', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.list', 'chronicle.messages.list', 'chronicle.nativeDashboards.list', 'chronicle.operations.list', 'chronicle.parserExtensions.list', 'chronicle.parsers.list', 'chronicle.parsingErrors.list', 'chronicle.referenceLists.list', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.list', 'chronicle.searchQueries.list', 'chronicle.validationErrors.list', 'chronicle.watchlists.list', 'clientauthconfig.brands.list', 'clientauthconfig.clients.list', 'cloud.locations.list', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudasset.feeds.list', 'cloudasset.savedqueries.list', 'cloudbuild.builds.list', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.integrations.list', 'cloudbuild.operations.list', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.list', 'cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.list', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.list', 'clouddeploy.operations.list', 'clouddeploy.releases.list', 'clouddeploy.rollouts.list', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.list', 'cloudjobdiscovery.companies.list', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.locations.list', 'cloudnotifications.activities.list', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprofiler.profiles.list', 'cloudscheduler.jobs.list', 'cloudscheduler.locations.list', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scans.list', 'cloudsql.backupRuns.list', 'cloudsql.databases.list', 'cloudsql.instances.list', 'cloudsql.sslCerts.list', 'cloudsql.users.list', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.list', 'cloudsupport.techCases.list', 'cloudtasks.locations.list', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.tasks.list', 'cloudtestservice.devicesession.list', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.list', 'cloudtoolresults.steps.list', 'cloudtrace.insights.list', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.list', 'cloudtrace.traces.list', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.list', 'cloudtranslate.datasets.list', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.locations.list', 'cloudtranslate.operations.list', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.documents.list', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerRestrictions.list', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.list', 'commerceorggovernance.collectionRequestApprovals.list', 'commerceorggovernance.collections.list', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.services.list', 'commerceprice.events.list', 'commerceprice.privateoffers.list', 'composer.dags.list', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.list', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.list', 'compute.acceleratorTypes.list', 'compute.addresses.list', 'compute.autoscalers.list', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.commitments.list', 'compute.diskTypes.list', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.externalVpnGateways.list', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.list', 'compute.globalForwardingRules.list', 'compute.globalNetworkEndpointGroups.list', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.list', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.list', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.instanceGroupManagers.list', 'compute.instanceGroups.list', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instances.getIamPolicy', 'compute.instances.list', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.interconnectAttachments.list', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.list', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineTypes.list', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkEdgeSecurityServices.list', 'compute.networkEndpointGroups.list', 'compute.networks.list', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.list', 'compute.packetMirrorings.list', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.list', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.list', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.list', 'compute.regionSslCertificates.list', 'compute.regionSslPolicies.list', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetTcpProxies.list', 'compute.regionUrlMaps.list', 'compute.regions.list', 'compute.reservations.list', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.routers.list', 'compute.routes.list', 'compute.securityPolicies.list', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.sslCertificates.list', 'compute.sslPolicies.list', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.targetGrpcProxies.list', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.list', 'compute.targetInstances.list', 'compute.targetPools.list', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.vpnTunnels.list', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.list', 'confidentialcomputing.locations.list', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.list', 'config.operations.list', 'config.previews.list', 'config.resources.list', 'config.revisions.list', 'config.terraformversions.list', 'configdelivery.fleetPackages.list', 'configdelivery.locations.list', 'configdelivery.operations.list', 'configdelivery.releases.list', 'configdelivery.resourceBundles.list', 'configdelivery.rollouts.list', 'connectors.actions.list', 'connectors.connections.getIamPolicy', 'connectors.connections.list', 'connectors.connectors.list', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.entities.list', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.list', 'connectors.eventtypes.list', 'connectors.locations.list', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.operations.list', 'connectors.providers.list', 'connectors.versions.list', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.list', 'consumerprocurement.entitlements.list', 'consumerprocurement.events.list', 'consumerprocurement.freeTrials.list', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.list', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.list', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.conversations.list', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issues.list', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.views.list', 'container.apiServices.list', 'container.auditSinks.list', 'container.backendConfigs.list', 'container.bindings.list', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.list', 'container.clusterRoles.list', 'container.clusters.list', 'container.componentStatuses.list', 'container.configMaps.list', 'container.controllerRevisions.list', 'container.cronJobs.list', 'container.csiDrivers.list', 'container.csiNodeInfos.list', 'container.csiNodes.list', 'container.customResourceDefinitions.list', 'container.daemonSets.list', 'container.deployments.list', 'container.endpointSlices.list', 'container.endpoints.list', 'container.events.list', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.list', 'container.ingresses.list', 'container.initializerConfigurations.list', 'container.jobs.list', 'container.leases.list', 'container.limitRanges.list', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.list', 'container.networkPolicies.list', 'container.nodes.list', 'container.operations.list', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.list', 'container.petSets.list', 'container.podDisruptionBudgets.list', 'container.podPresets.list', 'container.podSecurityPolicies.list', 'container.podTemplates.list', 'container.pods.list', 'container.priorityClasses.list', 'container.replicaSets.list', 'container.replicationControllers.list', 'container.resourceQuotas.list', 'container.roleBindings.list', 'container.roles.list', 'container.runtimeClasses.list', 'container.scheduledJobs.list', 'container.selfSubjectAccessReviews.list', 'container.serviceAccounts.list', 'container.services.list', 'container.statefulSets.list', 'container.storageClasses.list', 'container.storageStates.list', 'container.storageVersionMigrations.list', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.list', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.list', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.list', 'contentwarehouse.corpora.list', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.ruleSets.list', 'contentwarehouse.synonymSets.list', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'databaseinsights.locations.list', 'datacatalog.categories.getIamPolicy', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.operations.list', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.locations.list', 'dataconnectors.operations.list', 'dataflow.jobs.list', 'dataflow.messages.list', 'dataflow.snapshots.list', 'dataform.compilationResults.list', 'dataform.locations.list', 'dataform.releaseConfigs.list', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.workflowConfigs.list', 'dataform.workflowInvocations.list', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.list', 'datafusion.artifacts.list', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.locations.list', 'datafusion.operations.list', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.list', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.list', 'datalabeling.datasets.list', 'datalabeling.examples.list', 'datalabeling.instructions.list', 'datalabeling.operations.list', 'datalineage.events.list', 'datalineage.processes.list', 'datalineage.runs.list', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.objects.list', 'datamigration.operations.list', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datapipelines.jobs.list', 'datapipelines.pipelines.list', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.assetActions.list', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.entities.list', 'dataplex.entries.list', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.lakeActions.list', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.locations.list', 'dataplex.metadataJobs.list', 'dataplex.operations.list', 'dataplex.partitions.list', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.zoneActions.list', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataproc.agents.list', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.batches.list', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.sessionTemplates.list', 'dataproc.sessions.list', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.list', 'dataprocessing.datasources.list', 'dataprocessing.featurecontrols.list', 'dataprocessing.groupcontrols.list', 'dataprocrm.locations.list', 'dataprocrm.nodePools.list', 'dataprocrm.nodes.list', 'dataprocrm.operations.list', 'dataprocrm.workloads.list', 'datastore.backupSchedules.list', 'datastore.backups.list', 'datastore.databases.list', 'datastore.entities.list', 'datastore.indexes.list', 'datastore.keyVisualizerScans.list', 'datastore.locations.list', 'datastore.namespaces.list', 'datastore.operations.list', 'datastore.statistics.list', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.locations.list', 'datastream.objects.list', 'datastream.operations.list', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastudio.datasources.getIamPolicy', 'datastudio.reports.getIamPolicy', 'datastudio.workspaces.getIamPolicy', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.deployments.getIamPolicy', 'deploymentmanager.deployments.list', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.list', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.list', 'deploymentmanager.types.list', 'developerconnect.connections.list', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.list', 'developerconnect.operations.list', 'dialogflow.agents.list', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.list', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.list', 'dialogflow.deployments.list', 'dialogflow.documents.list', 'dialogflow.entityTypes.list', 'dialogflow.environments.list', 'dialogflow.examples.list', 'dialogflow.experiments.list', 'dialogflow.flows.list', 'dialogflow.generators.list', 'dialogflow.integrations.list', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.list', 'dialogflow.pages.list', 'dialogflow.participants.list', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.list', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.list', 'dialogflow.webhooks.list', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.list', 'discoveryengine.collections.list', 'discoveryengine.controls.list', 'discoveryengine.conversations.list', 'discoveryengine.dataStores.list', 'discoveryengine.documents.list', 'discoveryengine.engines.list', 'discoveryengine.evaluations.list', 'discoveryengine.models.list', 'discoveryengine.operations.list', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.schemas.list', 'discoveryengine.servingConfigs.list', 'discoveryengine.sessions.list', 'discoveryengine.targetSites.list', 'dlp.analyzeRiskTemplates.list', 'dlp.columnDataProfiles.list', 'dlp.connections.list', 'dlp.deidentifyTemplates.list', 'dlp.estimates.list', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.list', 'dlp.jobTriggers.list', 'dlp.jobs.list', 'dlp.locations.list', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.list', 'dlp.subscriptions.list', 'dlp.tableDataProfiles.list', 'dns.changes.list', 'dns.dnsKeys.list', 'dns.managedZoneOperations.list', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.resourceRecordSets.list', 'dns.responsePolicies.list', 'dns.responsePolicyRules.list', 'documentai.dataLabelingJobs.list', 'documentai.evaluations.list', 'documentai.labelerPools.list', 'documentai.locations.list', 'documentai.processorTypes.list', 'documentai.processorVersions.list', 'documentai.processors.list', 'domains.locations.list', 'domains.operations.list', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.operations.list', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.locations.list', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.operations.list', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.locations.list', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.list', 'edgenetwork.operations.list', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.list', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.list', 'edgenetwork.zones.list', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.list', 'errorreporting.groups.list', 'essentialcontacts.contacts.list', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.locations.list', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.operations.list', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.list', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'fcmdata.deliverydata.list', 'file.backups.list', 'file.instances.list', 'file.locations.list', 'file.operations.list', 'file.snapshots.list', 'financialservices.locations.list', 'financialservices.operations.list', 'financialservices.v1backtests.list', 'financialservices.v1datasets.list', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineversions.list', 'financialservices.v1instances.list', 'financialservices.v1models.list', 'financialservices.v1predictions.list', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.list', 'firebaseabt.experiments.list', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'firebasecrashlytics.issues.list', 'firebasedatabase.instances.list', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.list', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.list', 'firebaseextensions.configs.list', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.list', 'firebaseinappmessaging.campaigns.list', 'firebasemessagingcampaigns.campaigns.list', 'firebaseml.models.list', 'firebaseml.modelversions.list', 'firebasenotifications.messages.list', 'firebaserules.releases.list', 'firebaserules.rulesets.list', 'firebasestorage.buckets.list', 'fleetengine.deliveryvehicles.list', 'fleetengine.tasks.list', 'fleetengine.vehicles.list', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/subscriptions.list', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.list', 'genomics.datasets.getIamPolicy', 'genomics.datasets.list', 'genomics.operations.list', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backups.list', 'gkebackup.locations.list', 'gkebackup.operations.list', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restores.list', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.list', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.locations.list', 'gkehub.membershipbindings.list', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.list', 'gkehub.operations.list', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.operations.list', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.locations.list', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gsuiteaddons.deployments.list', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.list', 'healthcare.annotations.list', 'healthcare.attributeDefinitions.list', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consents.list', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.list', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.list', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.list', 'healthcare.locations.list', 'healthcare.operations.list', 'healthcare.userDataMappings.list', 'iam.denypolicies.list', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.policybindings.list', 'iam.principalaccessboundarypolicies.list', 'iam.roles.get', 'iam.roles.list', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iap.tunnel.getIamPolicy', 'iap.tunnelDestGroups.getIamPolicy', 'iap.tunnelDestGroups.list', 'iap.tunnelInstances.getIamPolicy', 'iap.tunnelLocations.getIamPolicy', 'iap.tunnelZones.getIamPolicy', 'iap.web.getIamPolicy', 'iap.webServiceVersions.getIamPolicy', 'iap.webServices.getIamPolicy', 'iap.webTypes.getIamPolicy', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.locations.list', 'ids.operations.list', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSuspensions.list', 'integrations.authConfigs.list', 'integrations.certificates.list', 'integrations.executions.list', 'integrations.integrationVersions.list', 'integrations.integrations.list', 'integrations.securityAuthConfigs.list', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'integrations.suspensions.list', 'integrations.testCases.list', 'issuerswitch.accountManagerTransactions.list', 'issuerswitch.complaintTransactions.list', 'issuerswitch.financialTransactions.list', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.list', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.locations.list', 'krmapihosting.operations.list', 'lifesciences.operations.list', 'livestream.assets.list', 'livestream.channels.list', 'livestream.clips.list', 'livestream.events.list', 'livestream.inputs.list', 'livestream.locations.list', 'livestream.operations.list', 'logging.buckets.list', 'logging.exclusions.list', 'logging.links.list', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.list', 'logging.operations.list', 'logging.privateLogEntries.list', 'logging.queries.usePrivate', 'logging.sinks.list', 'logging.views.getIamPolicy', 'logging.views.list', 'looker.backups.list', 'looker.instances.list', 'looker.locations.list', 'looker.operations.list', 'managedflink.deployments.list', 'managedflink.jobs.list', 'managedflink.locations.list', 'managedflink.operations.list', 'managedflink.sessions.list', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.locations.list', 'managedidentities.operations.list', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.sqlintegrations.list', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.list', 'managedkafka.locations.list', 'managedkafka.operations.list', 'managedkafka.topics.list', 'mapsadmin.clientMaps.list', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyles.list', 'mapsadmin.styleSnapshots.list', 'mapsanalytics.metricMetadata.list', 'mapsplatformdatasets.datasets.list', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.list', 'memcache.instances.list', 'memcache.locations.list', 'memcache.operations.list', 'memorystore.instances.list', 'memorystore.locations.list', 'memorystore.operations.list', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.imports.list', 'metastore.locations.list', 'metastore.migrations.list', 'metastore.operations.list', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'migrationcenter.assets.list', 'migrationcenter.discoveryClients.list', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.list', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.list', 'migrationcenter.locations.list', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.list', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.list', 'migrationcenter.sources.list', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.list', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.operations.list', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.list', 'ml.versions.list', 'monitoring.alertPolicies.list', 'monitoring.dashboards.list', 'monitoring.groups.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.list', 'monitoring.services.list', 'monitoring.slos.list', 'monitoring.snoozes.list', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.list', 'netapp.activeDirectories.list', 'netapp.backupPolicies.list', 'netapp.backupVaults.list', 'netapp.backups.list', 'netapp.kmsConfigs.list', 'netapp.locations.list', 'netapp.operations.list', 'netapp.replications.list', 'netapp.snapshots.list', 'netapp.storagePools.list', 'netapp.volumes.list', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.list', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.locations.list', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.list', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.list', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.list', 'networkservices.gateways.list', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.list', 'networkservices.meshes.list', 'networkservices.operations.list', 'networkservices.route_views.list', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.list', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.locations.list', 'notebooks.operations.list', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'ondemandscanning.operations.list', 'opsconfigmonitoring.resourceMetadata.list', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.list', 'oracledatabase.operations.list', 'orgpolicy.constraints.list', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'osconfig.guestPolicies.list', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignments.list', 'osconfig.patchDeployments.list', 'osconfig.patchJobs.list', 'osconfig.upgradeReports.list', 'osconfig.vulnerabilityReports.list', 'paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.list', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.list', 'policysimulator.replayResults.list', 'policysimulator.replays.list', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.list', 'privateca.operations.list', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.list', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.getIamPolicy', 'proximitybeacon.beacons.list', 'proximitybeacon.namespaces.getIamPolicy', 'proximitybeacon.namespaces.list', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsublite.operations.list', 'pubsublite.reservations.list', 'pubsublite.subscriptions.list', 'pubsublite.topics.list', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.list', 'recommender.cloudAssetInsights.list', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.list', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeFirewallInsights.list', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.list', 'recommender.costInsights.list', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.errorReportingInsights.list', 'recommender.errorReportingRecommendations.list', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyRecommendations.list', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountInsights.list', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.list', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.usageCommitmentRecommendations.list', 'redis.clusters.list', 'redis.instances.list', 'redis.locations.list', 'redis.operations.list', 'remotebuildexecution.instances.list', 'remotebuildexecution.workerpools.list', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcesettings.settings.list', 'retail.branches.list', 'retail.catalogs.list', 'retail.controls.list', 'retail.experiments.list', 'retail.models.list', 'retail.operations.list', 'retail.products.list', 'retail.servingConfigs.list', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.list', 'riskmanager.policies.list', 'riskmanager.reports.list', 'rma.collectors.list', 'rma.locations.list', 'rma.operations.list', 'run.configurations.list', 'run.executions.list', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.locations.list', 'run.operations.list', 'run.revisions.list', 'run.routes.list', 'run.services.getIamPolicy', 'run.services.list', 'run.tasks.list', 'runapps.applications.list', 'runapps.deployments.list', 'runapps.locations.list', 'runapps.operations.list', 'runtimeconfig.configs.getIamPolicy', 'runtimeconfig.configs.list', 'runtimeconfig.operations.list', 'runtimeconfig.variables.getIamPolicy', 'runtimeconfig.variables.list', 'runtimeconfig.waiters.getIamPolicy', 'runtimeconfig.waiters.list', 'secretmanager.locations.list', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.versions.list', 'securedlandingzone.overwatches.list', 'securesourcemanager.branchRules.list', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.locations.list', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.sshkeys.list', 'securitycenter.assets.list', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.list', 'securitycenter.compliancesnapshots.list', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.findings.list', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.list', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.valuedresources.list', 'securitycenter.vulnerabilitysnapshots.list', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securityposture.locations.list', 'securityposture.operations.list', 'securityposture.postureDeployments.list', 'securityposture.postureTemplates.list', 'securityposture.postures.list', 'securityposture.reports.list', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.instanceoperations.list', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'serviceconsumermanagement.tenancyu.list', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.list', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicehealth.events.list', 'servicehealth.locations.list', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.list', 'servicemanagement.services.getIamPolicy', 'servicemanagement.services.list', 'servicenetworking.operations.list', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.workloadPolicies.list', 'serviceusage.services.list', 'source.repos.getIamPolicy', 'source.repos.list', 'spanner.backupOperations.list', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.list', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.list', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.sessions.list', 'speakerid.phrases.list', 'speakerid.speakers.list', 'speech.customClasses.list', 'speech.locations.list', 'speech.operations.list', 'speech.phraseSets.list', 'speech.recognizers.list', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.list', 'storage.bucketOperations.list', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.folders.list', 'storage.hmacKeys.list', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.multipartUploads.list', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storageinsights.datasetConfigs.list', 'storageinsights.locations.list', 'storageinsights.operations.list', 'storageinsights.reportConfigs.list', 'storageinsights.reportDetails.list', 'storagetransfer.agentpools.list', 'storagetransfer.jobs.list', 'storagetransfer.operations.list', 'stream.locations.list', 'stream.operations.list', 'stream.streamContents.list', 'stream.streamInstances.list', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.list', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.locations.list', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.list', 'timeseriesinsights.datasets.list', 'timeseriesinsights.locations.list', 'tpu.acceleratortypes.list', 'tpu.locations.list', 'tpu.nodes.list', 'tpu.operations.list', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.list', 'transcoder.jobTemplates.list', 'transcoder.jobs.list', 'transferappliance.appliances.list', 'transferappliance.locations.list', 'transferappliance.operations.list', 'transferappliance.orders.list', 'transferappliance.savedAddresses.list', 'translationhub.portals.list', 'videostitcher.cdnKeys.list', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.list', 'videostitcher.operations.list', 'videostitcher.slates.list', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.list', 'videostitcher.vodStitchDetails.list', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.annotations.list', 'visionai.applications.list', 'visionai.assets.list', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.corpora.list', 'visionai.dataSchemas.list', 'visionai.drafts.list', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.indexEndpoints.list', 'visionai.indexes.list', 'visionai.instances.list', 'visionai.locations.list', 'visionai.operations.list', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.processors.list', 'visionai.searchConfigs.list', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.uistreams.list', 'visualinspection.annotationSets.list', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.list', 'visualinspection.datasets.list', 'visualinspection.images.list', 'visualinspection.locations.list', 'visualinspection.modelEvaluations.list', 'visualinspection.models.list', 'visualinspection.modules.list', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutions.list', 'vmmigration.cloneJobs.list', 'vmmigration.cutoverJobs.list', 'vmmigration.datacenterConnectors.list', 'vmmigration.deployments.list', 'vmmigration.groups.list', 'vmmigration.locations.list', 'vmmigration.migratingVms.list', 'vmmigration.operations.list', 'vmmigration.replicationCycles.list', 'vmmigration.sources.list', 'vmmigration.targets.list', 'vmmigration.utilizationReports.list', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAddresses.list', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.list', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPolicies.list', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.list', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateConnections.list', 'vmwareengine.subnets.list', 'vmwareengine.vmwareEngineNetworks.list', 'vpcaccess.connectors.list', 'vpcaccess.locations.list', 'vpcaccess.operations.list', 'workflows.callbacks.list', 'workflows.executions.list', 'workflows.locations.list', 'workflows.operations.list', 'workflows.stepEntries.list', 'workflows.workflows.list', 'workloadcertificate.locations.list', 'workloadcertificate.operations.list', 'workloadcertificate.workloadRegistrations.list', 'workloadmanager.actuations.list', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.list', 'workloadmanager.executions.list', 'workloadmanager.locations.list', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list', 'workstations.workstationClusters.list', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list']
Copy Permissions GA
roles/runapps.developer
Access to create and change Serverless Integrations and their configuration.
Serverless Integrations Developer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.create', 'runapps.applications.delete', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.applications.update', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list']
Copy Permissions BETA
roles/runapps.operator
Access to deploy Serverless Integrations.
Serverless Integrations Operator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.deployments.create', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list']
Copy Permissions BETA
roles/runapps.serviceAgent
Gives Serverless Integrations Service Account access to customer project resources.
Serverless Integrations Service Agent
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudsql.databases.get', 'cloudsql.instances.get', 'cloudsql.users.get', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.networks.get', 'compute.networks.list', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.urlMaps.get', 'compute.urlMaps.list', 'firebasehosting.sites.get', 'iam.serviceAccounts.actAs', 'redis.instances.get', 'redis.instances.list', 'run.jobs.get', 'run.jobs.list', 'run.services.get', 'run.services.list', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list']
Copy Permissions GA
roles/runapps.viewer
Readonly access to Serverless Integrations resources.
Serverless Integrations Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.get', 'runapps.operations.list']
Copy Permissions BETA
roles/vpcaccess.admin
Full access to all Serverless VPC Access resources
Serverless VPC Access Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.connectors.update', 'vpcaccess.connectors.use', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list']
Copy Permissions GA
roles/vpcaccess.serviceAgent
Can create and manage resources to support serverless application to connect to virtual private cloud.
Serverless VPC Access Service Agent
['billing.accounts.get', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.disks.create', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.use', 'compute.machineTypes.get', 'compute.networks.get', 'compute.networks.use', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regions.get', 'compute.regions.list', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.get', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'resourcemanager.projects.get']
Copy Permissions GA
roles/vpcaccess.user
User of Serverless VPC Access connectors
Serverless VPC Access User
['compute.networks.access', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.connectors.use', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list']
Copy Permissions GA
roles/vpcaccess.viewer
Viewer of all Serverless VPC Access resources
Serverless VPC Access Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list']
Copy Permissions GA
roles/iam.serviceAccountAdmin
Create and manage service accounts.
Service Account Admin
['iam.serviceAccounts.create', 'iam.serviceAccounts.createTagBinding', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.deleteTagBinding', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.enable', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'iam.serviceAccounts.setIamPolicy', 'iam.serviceAccounts.undelete', 'iam.serviceAccounts.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/recommender.serviceaccntchangeriskAdmin
Admin of Service Account Change Risk Insights and Recommendations.
Service Account Change Risk Recommender Admin
['recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskInsights.update', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountChangeRiskRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.serviceaccntchangeriskViewer
Viewer of Service Account Change Risk Insights and Recommendations.
Service Account Change Risk Recommender Viewer
['recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/iam.serviceAccountKeyAdmin
Create and manage (and rotate) service account keys.
Service Account Key Admin
['iam.serviceAccountKeys.create', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.disable', 'iam.serviceAccountKeys.enable', 'iam.serviceAccountKeys.get', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.serviceAccountOpenIdTokenCreator
Create OpenID Connect (OIDC) identity tokens
Service Account OpenID Connect Identity Token Creator
['iam.serviceAccounts.getOpenIdToken']
Copy Permissions GA
roles/iam.serviceAccountTokenCreator
Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).
Service Account Token Creator
['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/iam.serviceAccountUser
Run operations as the service account.
Service Account User
['iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.consumerNetworkAdmin
Service Automation Consumer Network Admin is responsible for setting up ServiceConnectionPolicies.
Service Automation Consumer Network Admin
['networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/networkconnectivity.serviceProducerAdmin
Service Automation Producer Admin uses information from a consumer request to manage ServiceClasses and ServiceConnectionMaps
Service Automation Service Producer Admin
['networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/servicebroker.admin
Full access to ServiceBroker resources.
Service Broker Admin
['servicebroker.bindingoperations.get', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.create', 'servicebroker.bindings.delete', 'servicebroker.bindings.get', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.bindings.setIamPolicy', 'servicebroker.catalogs.create', 'servicebroker.catalogs.delete', 'servicebroker.catalogs.get', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.catalogs.setIamPolicy', 'servicebroker.catalogs.validate', 'servicebroker.instanceoperations.get', 'servicebroker.instanceoperations.list', 'servicebroker.instances.create', 'servicebroker.instances.delete', 'servicebroker.instances.get', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'servicebroker.instances.setIamPolicy', 'servicebroker.instances.update']
Copy Permissions DEPRECATED
roles/servicebroker.operator
Operational access to the ServiceBroker resources.
Service Broker Operator
['servicebroker.bindingoperations.get', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.create', 'servicebroker.bindings.delete', 'servicebroker.bindings.get', 'servicebroker.bindings.list', 'servicebroker.catalogs.create', 'servicebroker.catalogs.delete', 'servicebroker.catalogs.get', 'servicebroker.catalogs.list', 'servicebroker.instanceoperations.get', 'servicebroker.instanceoperations.list', 'servicebroker.instances.create', 'servicebroker.instances.delete', 'servicebroker.instances.get', 'servicebroker.instances.list', 'servicebroker.instances.update']
Copy Permissions DEPRECATED
roles/networkconnectivity.serviceClassUser
Service Class User uses a ServiceClass
Service Class User
['networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/servicemanagement.configEditor
Access to update the service config and create rollouts.
Service Config Editor
['servicemanagement.services.get', 'servicemanagement.services.update']
Copy Permissions GA
roles/servicemanagement.serviceConsumer
Can enable the service.
Service Consumer
['servicemanagement.services.bind']
Copy Permissions GA
roles/servicemanagement.serviceController
Can check preconditions and report usage of a service during runtime.
Service Controller
['servicemanagement.services.check', 'servicemanagement.services.get', 'servicemanagement.services.quota', 'servicemanagement.services.report']
Copy Permissions GA
roles/servicedirectory.admin
Full control of all Service Directory resources and permissions.
Service Directory Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.create', 'servicedirectory.endpoints.delete', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.setIamPolicy', 'servicedirectory.endpoints.update', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.setIamPolicy', 'servicedirectory.namespaces.update', 'servicedirectory.networks.attach', 'servicedirectory.services.bind', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicedirectory.services.setIamPolicy', 'servicedirectory.services.update']
Copy Permissions GA
roles/servicedirectory.editor
Edit Service Directory resources.
Service Directory Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.create', 'servicedirectory.endpoints.delete', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.update', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.update', 'servicedirectory.networks.attach', 'servicedirectory.services.bind', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicedirectory.services.update']
Copy Permissions GA
roles/servicedirectory.networkAttacher
Gives access to attach VPC Networks to Service Directory Endpoints
Service Directory Network Attacher
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.networks.attach']
Copy Permissions GA
roles/servicedirectory.serviceAgent
Give the Service Directory service agent access to Cloud Platform resources.
Service Directory Service Agent
['container.clusters.get', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.create', 'servicedirectory.endpoints.delete', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.endpoints.update', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.namespaces.update', 'servicedirectory.networks.attach', 'servicedirectory.services.bind', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicedirectory.services.update']
Copy Permissions GA
roles/servicedirectory.viewer
View Service Directory resources.
Service Directory Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve']
Copy Permissions GA
roles/recommender.serviceLimitAdmin
Admin of Service Limit insights and recommendations.
Service Limit Recommender Admin
['recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitInsights.update', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.resourcemanagerServiceLimitRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/recommender.serviceLimitViewer
Viewer of Service Limit insights and recommendations.
Service Limit Recommender Viewer
['recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/servicemanagement.admin
Full control of Google Service Management resources.
Service Management Administrator
['monitoring.timeSeries.list', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceconsumermanagement.consumers.get', 'serviceconsumermanagement.quota.get', 'serviceconsumermanagement.quota.update', 'serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource', 'servicemanagement.services.bind', 'servicemanagement.services.check', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.getIamPolicy', 'servicemanagement.services.list', 'servicemanagement.services.quota', 'servicemanagement.services.report', 'servicemanagement.services.setIamPolicy', 'servicemanagement.services.update', 'serviceusage.quotas.get', 'serviceusage.services.get']
Copy Permissions GA
roles/servicenetworking.networksAdmin
Full control of service networking with projects.
Service Networking Admin
['servicenetworking.operations.cancel', 'servicenetworking.operations.delete', 'servicenetworking.operations.get', 'servicenetworking.operations.list', 'servicenetworking.services.addDnsRecordSet', 'servicenetworking.services.addDnsZone', 'servicenetworking.services.addPeering', 'servicenetworking.services.addSubnetwork', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.getConsumerConfig', 'servicenetworking.services.listPeeredDnsDomains', 'servicenetworking.services.removeDnsRecordSet', 'servicenetworking.services.removeDnsZone', 'servicenetworking.services.updateConsumerConfig', 'servicenetworking.services.updateDnsRecordSet', 'servicenetworking.services.use']
Copy Permissions BETA
roles/servicenetworking.serviceAgent
Gives permission to manage network configuration, such as establishing network peering, necessary for service producers
Service Networking Service Agent
['compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.projects.get', 'compute.regionOperations.get', 'compute.routers.get', 'compute.routers.list', 'compute.routes.list', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'networkconnectivity.internalRanges.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/servicemanagement.reporter
Can report usage of a service during runtime.
Service Reporter
['servicemanagement.services.report']
Copy Permissions GA
roles/serviceusage.serviceUsageAdmin
Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.
Service Usage Admin
['monitoring.timeSeries.list', 'serviceusage.quotas.get', 'serviceusage.quotas.update', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/serviceusage.serviceUsageConsumer
Ability to inspect service states and operations, and consume quota and billing for a consumer project.
Service Usage Consumer
['monitoring.timeSeries.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions GA
roles/serviceusage.serviceUsageViewer
Ability to inspect service states and operations for a consumer project.
Service Usage Viewer
['monitoring.timeSeries.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/policysimulator.admin
Admin user that can run and access replays.
Simulator Admin
['policysimulator.replayResults.list', 'policysimulator.replays.create', 'policysimulator.replays.get', 'policysimulator.replays.list', 'policysimulator.replays.run']
Copy Permissions BETA
roles/securedlandingzone.bqdwOrgRemediator
Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.
SLZ BQDW Blueprint Organization Level Remediator
['accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.update']
Copy Permissions BETA
roles/securedlandingzone.bqdwProjectRemediator
Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.
SLZ BQDW Blueprint Project Level Remediator
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.setIamPolicy', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'resourcemanager.projects.update', 'serviceusage.services.use', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.setIamPolicy', 'storage.buckets.update']
Copy Permissions BETA
roles/baremetalsolution.volumesnapshotsadmin
Administrator of Bare Metal Solution snapshots resources
Snapshots Admin
['baremetalsolution.operations.get', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore']
Copy Permissions GA
roles/baremetalsolution.volumesnapshotseditor
Editor of Bare Metal Solution snapshots resources
Snapshots Editor
['baremetalsolution.operations.get', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list']
Copy Permissions GA
roles/baremetalsolution.volumesnapshotsviewer
Viewer of Bare Metal Solution snapshots resources
Snapshots Viewer
['baremetalsolution.operations.get', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list']
Copy Permissions GA
roles/source.admin
Admin access to repositories
Source Repository Administrator
['source.repos.create', 'source.repos.delete', 'source.repos.get', 'source.repos.getIamPolicy', 'source.repos.getProjectConfig', 'source.repos.list', 'source.repos.setIamPolicy', 'source.repos.update', 'source.repos.updateProjectConfig', 'source.repos.updateRepoConfig']
Copy Permissions GA
roles/source.reader
Read access to repositories
Source Repository Reader
['source.repos.get', 'source.repos.list']
Copy Permissions GA
roles/source.writer
Read / Write access to repositories
Source Repository Writer
['source.repos.get', 'source.repos.list', 'source.repos.update']
Copy Permissions GA
roles/speakerid.admin
Grants full access to all Speaker ID resources, including project settings.
Speaker ID Admin
['speakerid.phrases.create', 'speakerid.phrases.delete', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.settings.get', 'speakerid.settings.update', 'speakerid.speakers.create', 'speakerid.speakers.delete', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify']
Copy Permissions GA
roles/speakerid.editor
Grants access to read and write all Speaker ID resources.
Speaker ID Editor
['speakerid.phrases.create', 'speakerid.phrases.delete', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.speakers.create', 'speakerid.speakers.delete', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify']
Copy Permissions GA
roles/speakerid.verifier
Grants read access to all Speaker ID resources, and allows verification.
Speaker ID Verifier
['speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speakerid.speakers.verify']
Copy Permissions GA
roles/speakerid.viewer
Grants read access to all Speaker ID resources.
Speaker ID Viewer
['speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.speakers.get', 'speakerid.speakers.list']
Copy Permissions GA
roles/spectrumsas.serviceAgent
Gives Spectrum SAS Service Account access to enable analytics on behalf of users.
Spectrum SAS Service Agent
['bigquery.datasets.create', 'bigquery.jobs.create', 'bigquery.tables.create', 'bigquery.tables.updateData', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/recommender.ucsAdmin
Admin of Spend Based Commitment Recommender.
Spend Based Commitment Recommender Admin
['billing.accounts.get', 'billing.accounts.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update']
Copy Permissions BETA
roles/recommender.ucsViewer
Viewer of Spend Based Commitment Recommender.
Spend Based Commitment Recommender Viewer
['billing.accounts.get', 'billing.accounts.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get']
Copy Permissions BETA
roles/networkconnectivity.spokeAdmin
Enables full access to spoke resources and read-only access to hub resources
Spoke Admin
['networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.spokes.create', 'networkconnectivity.spokes.delete', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkconnectivity.spokes.setIamPolicy', 'networkconnectivity.spokes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/logging.sqlAlertWriter
Ability to write SQL Alerts.
SQL Alert Writer
['logging.sqlAlerts.create', 'logging.sqlAlerts.update']
Copy Permissions BETA
roles/stackdriver.accounts.editor
Read/write access to manage Stackdriver account structure.
Stackdriver Accounts Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.enable', 'serviceusage.services.get', 'stackdriver.projects.edit', 'stackdriver.projects.get']
Copy Permissions GA
roles/stackdriver.accounts.viewer
Read-only access to get and list information about Stackdriver account structure.
Stackdriver Accounts Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stackdriver.projects.get']
Copy Permissions GA
roles/stackdriver.resourceMetadata.writer
Write-only access to resource metadata. This provides exactly the permissions needed by the Stackdriver metadata agent and other systems that send metadata.
Stackdriver Resource Metadata Writer
['stackdriver.resourceMetadata.write']
Copy Permissions BETA
roles/storage.admin
Grants full control of buckets and objects.
Storage Admin
['firebase.projects.get', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/storage.folderAdmin
Grants full control over folders and objects, including listing, creating, viewing, and deleting objects.
Storage Folder Admin
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/storage.hmacKeyAdmin
Grants full control over HMAC keys in a project.
Storage HMAC Key Admin
['firebase.projects.get', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.hmacKeys.create', 'storage.hmacKeys.delete', 'storage.hmacKeys.get', 'storage.hmacKeys.list', 'storage.hmacKeys.update']
Copy Permissions GA
roles/storageinsights.admin
Full access to Storage Insights resources.
Storage Insights Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storageinsights.datasetConfigs.create', 'storageinsights.datasetConfigs.delete', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.linkDataset', 'storageinsights.datasetConfigs.list', 'storageinsights.datasetConfigs.unlinkDataset', 'storageinsights.datasetConfigs.update', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.cancel', 'storageinsights.operations.delete', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.create', 'storageinsights.reportConfigs.delete', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportConfigs.update', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list']
Copy Permissions GA
roles/storageinsights.analyst
Data access to Storage Insights.
Storage Insights Analyst
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.linkDataset', 'storageinsights.datasetConfigs.list', 'storageinsights.datasetConfigs.unlinkDataset', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list']
Copy Permissions GA
roles/storage.insightsCollectorService
Grants read access to object metadata in inventory reports.
Storage Insights Collector Service
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.get', 'storage.buckets.getObjectInsights']
Copy Permissions GA
roles/storageinsights.viewer
Readonly access to Storage Insights resources.
Storage Insights Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.list', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list']
Copy Permissions GA
roles/storage.legacyBucketOwner
Grants permission to create, replace, and delete objects; list objects in a bucket; create, delete, and list tag bindings; read object metadata when listing (excluding IAM policies); and read and edit bucket metadata, including IAM policies.
Storage Legacy Bucket Owner
['storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.list', 'storage.objects.restore', 'storage.objects.setRetention']
Copy Permissions GA
roles/storage.legacyBucketReader
Grants permission to list a bucket's contents and read bucket metadata, excluding IAM policies. Also grants permission to read object metadata when listing objects (excluding IAM policies).
Storage Legacy Bucket Reader
['storage.buckets.get', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.list', 'storage.objects.list']
Copy Permissions GA
roles/storage.legacyBucketWriter
Grants permission to create, replace, and delete objects; list objects in a bucket; read object metadata when listing (excluding IAM policies); and read bucket metadata, excluding IAM policies.
Storage Legacy Bucket Writer
['storage.buckets.get', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.list', 'storage.objects.restore', 'storage.objects.setRetention']
Copy Permissions GA
roles/storage.legacyObjectOwner
Grants permission to view and edit objects and their metadata, including ACLs.
Storage Legacy Object Owner
['storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.overrideUnlockedRetention', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/storage.legacyObjectReader
Grants permission to view objects and their metadata, excluding ACLs.
Storage Legacy Object Reader
['storage.objects.get']
Copy Permissions GA
roles/storage.objectAdmin
Grants full control over objects, including listing, creating, viewing, and deleting objects.
Storage Object Admin
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/storage.objectCreator
Allows users to create objects. Does not give permission to view, delete, or replace objects.
Storage Object Creator
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.create', 'storage.managedFolders.create', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.listParts', 'storage.objects.create']
Copy Permissions GA
roles/storage.objectUser
Access to create, read, update and delete objects and multipart uploads in GCS.
Storage Object User
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.restore', 'storage.objects.update']
Copy Permissions GA
roles/storage.objectViewer
Grants access to view objects and their metadata, excluding ACLs. Can also list the objects in a bucket.
Storage Object Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/storagetransfer.admin
Create, update and manage transfer jobs and operations.
Storage Transfer Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storagetransfer.agentpools.create', 'storagetransfer.agentpools.delete', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.agentpools.report', 'storagetransfer.agentpools.update', 'storagetransfer.jobs.create', 'storagetransfer.jobs.delete', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.jobs.run', 'storagetransfer.jobs.update', 'storagetransfer.operations.assign', 'storagetransfer.operations.cancel', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.operations.pause', 'storagetransfer.operations.report', 'storagetransfer.operations.resume', 'storagetransfer.projects.getServiceAccount']
Copy Permissions GA
roles/storagetransfer.transferAgent
Perform transfers from an agent.
Storage Transfer Agent
['monitoring.timeSeries.create', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'storagetransfer.agentpools.report', 'storagetransfer.operations.assign', 'storagetransfer.operations.get', 'storagetransfer.operations.report']
Copy Permissions GA
roles/storagetransfer.serviceAgent
Grants Storage Transfer Service Agent permissions required to run transfers
Storage Transfer Service Agent
['pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.publish', 'pubsub.topics.update']
Copy Permissions GA
roles/storagetransfer.user
Create and update storage transfer jobs and operations.
Storage Transfer User
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storagetransfer.agentpools.create', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.agentpools.report', 'storagetransfer.agentpools.update', 'storagetransfer.jobs.create', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.jobs.run', 'storagetransfer.jobs.update', 'storagetransfer.operations.assign', 'storagetransfer.operations.cancel', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.operations.pause', 'storagetransfer.operations.report', 'storagetransfer.operations.resume', 'storagetransfer.projects.getServiceAccount']
Copy Permissions GA
roles/storagetransfer.viewer
Read access to storage transfer jobs and operations.
Storage Transfer Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.projects.getServiceAccount']
Copy Permissions GA
roles/storageinsights.serviceAgent
Permissions for Insights to write reports into customer project
StorageInsights Service Agent
['bigquery.datasets.create', 'serviceusage.services.use', 'storageinsights.reportDetails.list']
Copy Permissions GA
roles/stream.admin
Full access to Stream all resources.
Stream Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stream.locations.get', 'stream.locations.list', 'stream.operations.cancel', 'stream.operations.delete', 'stream.operations.get', 'stream.operations.list', 'stream.streamContents.build', 'stream.streamContents.create', 'stream.streamContents.delete', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamContents.update', 'stream.streamInstances.create', 'stream.streamInstances.delete', 'stream.streamInstances.get', 'stream.streamInstances.list', 'stream.streamInstances.rollout', 'stream.streamInstances.update']
Copy Permissions GA
roles/stream.contentAdmin
Full access to all StreamContent resources.
Stream Content Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stream.streamContents.build', 'stream.streamContents.create', 'stream.streamContents.delete', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamContents.update']
Copy Permissions GA
roles/stream.contentBuilder
Read and build access to StreamContent resources.
Stream Content Builder
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stream.streamContents.build', 'stream.streamContents.get', 'stream.streamContents.list']
Copy Permissions GA
roles/stream.instanceAdmin
Full access to all StreamInstance resources and Read access to all StreamContent resources.
Stream Instance Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamInstances.create', 'stream.streamInstances.delete', 'stream.streamInstances.get', 'stream.streamInstances.list', 'stream.streamInstances.rollout', 'stream.streamInstances.update']
Copy Permissions GA
roles/stream.serviceAgent
Gives Immersive Stream for XR access to the required resources.
Stream Service Agent
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/stream.viewer
Read-only access to Stream all resources.
Stream Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'stream.locations.get', 'stream.locations.list', 'stream.operations.get', 'stream.operations.list', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamInstances.get', 'stream.streamInstances.list']
Copy Permissions GA
roles/subscribewithgoogledeveloper.developer
Access DevTools for Subscribe with Google
Subscribe with Google Developer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'subscribewithgoogledeveloper.tools.get']
Copy Permissions BETA
roles/readerrevenuesubscriptionlinking.admin
Full access to publication reader resources
Subscription Linking Admin
['readerrevenuesubscriptionlinking.readerEntitlements.get', 'readerrevenuesubscriptionlinking.readerEntitlements.update', 'readerrevenuesubscriptionlinking.readers.delete', 'readerrevenuesubscriptionlinking.readers.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/readerrevenuesubscriptionlinking.entitlementsViewer
This role can view all publication reader entitlements
Subscription Linking Entitlements Viewer
['readerrevenuesubscriptionlinking.readerEntitlements.get']
Copy Permissions GA
roles/readerrevenuesubscriptionlinking.viewer
This role can view all publication reader resources
Subscription Linking Viewer
['readerrevenuesubscriptionlinking.readerEntitlements.get', 'readerrevenuesubscriptionlinking.readers.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudsupport.admin
Allows management of a support account without giving access to support cases.
Support Account Administrator
['cloudsupport.accounts.create', 'cloudsupport.accounts.delete', 'cloudsupport.accounts.get', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.accounts.purchase', 'cloudsupport.accounts.setIamPolicy', 'cloudsupport.accounts.update', 'cloudsupport.accounts.updateUserRoles', 'cloudsupport.operations.get', 'cloudsupport.properties.get', 'resourcemanager.organizations.get']
Copy Permissions GA
roles/cloudsupport.viewer
Read-only access to details of a support account. This does not allow viewing cases.
Support Account Viewer
['cloudsupport.accounts.get', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.properties.get']
Copy Permissions GA
roles/resourcemanager.tagAdmin
Access to create, delete, update, and manage access to Tags
Tag Administrator
['resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.create', 'resourcemanager.tagKeys.delete', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagKeys.setIamPolicy', 'resourcemanager.tagKeys.update', 'resourcemanager.tagValues.create', 'resourcemanager.tagValues.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcemanager.tagValues.setIamPolicy', 'resourcemanager.tagValues.update']
Copy Permissions GA
roles/resourcemanager.tagHoldAdmin
Access to create, delete and list TagHolds under a TagValue
Tag Hold Administrator
['resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagHolds.list']
Copy Permissions GA
roles/resourcemanager.tagUser
Access to list Tags and manage their associations with resources
Tag User
['alloydb.backups.createTagBinding', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.tables.createTagBinding', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.instances.createTagBinding', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listTagBindings', 'compute.addresses.createTagBinding', 'compute.addresses.deleteTagBinding', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.createTagBinding', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.createTagBinding', 'compute.disks.deleteTagBinding', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.createTagBinding', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.createTagBinding', 'compute.images.deleteTagBinding', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instances.createTagBinding', 'compute.instances.deleteTagBinding', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnects.createTagBinding', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.createTagBinding', 'compute.networkEdgeSecurityServices.deleteTagBinding', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.createTagBinding', 'compute.networks.deleteTagBinding', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.publicDelegatedPrefixes.createTagBinding', 'compute.publicDelegatedPrefixes.deleteTagBinding', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.routers.createTagBinding', 'compute.routers.deleteTagBinding', 'compute.routers.listEffectiveTags', 'compute.routers.listTagBindings', 'compute.routes.createTagBinding', 'compute.routes.deleteTagBinding', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.createTagBinding', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.createTagBinding', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'container.clusters.createTagBinding', 'container.clusters.deleteTagBinding', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'datafusion.instances.createTagBinding', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datastore.databases.createTagBinding', 'datastore.databases.deleteTagBinding', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastream.connectionProfiles.createTagBinding', 'datastream.connectionProfiles.deleteTagBinding', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listTagBindings', 'datastream.privateConnections.createTagBinding', 'datastream.privateConnections.deleteTagBinding', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.streams.createTagBinding', 'datastream.streams.deleteTagBinding', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'domains.registrations.createTagBinding', 'domains.registrations.deleteTagBinding', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'file.backups.createTagBinding', 'file.backups.deleteTagBinding', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.createTagBinding', 'file.instances.deleteTagBinding', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.snapshots.createTagBinding', 'file.snapshots.deleteTagBinding', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'iam.serviceAccounts.createTagBinding', 'iam.serviceAccounts.deleteTagBinding', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'logging.buckets.createTagBinding', 'logging.buckets.deleteTagBinding', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'managedidentities.domains.createTagBinding', 'managedidentities.domains.deleteTagBinding', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'redis.instances.createTagBinding', 'redis.instances.deleteTagBinding', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'resourcemanager.hierarchyNodes.createTagBinding', 'resourcemanager.hierarchyNodes.deleteTagBinding', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.list', 'run.jobs.createTagBinding', 'run.jobs.deleteTagBinding', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.services.createTagBinding', 'run.services.deleteTagBinding', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'secretmanager.secrets.createTagBinding', 'secretmanager.secrets.deleteTagBinding', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'spanner.instances.createTagBinding', 'spanner.instances.deleteTagBinding', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'storage.buckets.createTagBinding', 'storage.buckets.deleteTagBinding', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings']
Copy Permissions GA
roles/resourcemanager.tagViewer
Access to list Tags and their associations with resources
Tag Viewer
['alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listTagBindings', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instances.listEffectiveTags', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.routers.listEffectiveTags', 'compute.routers.listTagBindings', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listTagBindings', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings']
Copy Permissions GA
roles/bigquerymigration.orchestrator
Orchestrator of EDW migration tasks.
Task Orchestrator
['bigquerymigration.subtasks.create', 'bigquerymigration.taskTypes.orchestrateTask', 'bigquerymigration.taskTypes.writeLogs', 'bigquerymigration.workflows.orchestrateTask', 'storage.objects.list']
Copy Permissions GA
roles/bigquerymigration.worker
Worker that executes EDW migration subtasks.
Task Worker
['bigquerymigration.subtaskTypes.executeTask', 'bigquerymigration.subtasks.executeTask', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/cloudsupport.techSupportEditor
Full read-write access to technical support cases (applicable for GCP Customer Care and Maps support).
Tech Support Editor
['billing.resourceAssociations.list', 'cloudasset.assets.searchAllResources', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudsupport.techSupportViewer
Read-only access to technical support cases (applicable for GCP Customer Care and Maps support).
Tech Support Viewer
['cloudsupport.properties.get', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/telcoautomation.admin
Full access to Telco Automation resources.
Telco Automation Admin
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'monitoring.timeSeries.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'serviceusage.quotas.get', 'serviceusage.quotas.update', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'telcoautomation.blueprints.approve', 'telcoautomation.blueprints.create', 'telcoautomation.blueprints.delete', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.blueprints.propose', 'telcoautomation.blueprints.update', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.edgeSlms.create', 'telcoautomation.edgeSlms.delete', 'telcoautomation.edgeSlms.get', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.locations.get', 'telcoautomation.locations.list', 'telcoautomation.operations.cancel', 'telcoautomation.operations.delete', 'telcoautomation.operations.get', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.create', 'telcoautomation.orchestrationClusters.delete', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.get', 'telcoautomation.publicBlueprints.list']
Copy Permissions BETA
roles/telcoautomation.blueprintDesigner
Ability to manage blueprints
Telco Automation Blueprint Designer
['telcoautomation.blueprints.create', 'telcoautomation.blueprints.delete', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.blueprints.propose', 'telcoautomation.blueprints.update', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.get', 'telcoautomation.publicBlueprints.list']
Copy Permissions BETA
roles/telcoautomation.deploymentAdmin
Ability to manage deployments
Telco Automation Deployment Admin
['telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list']
Copy Permissions BETA
roles/telcoautomation.serviceOrchestrator
Ability to manage deployments
Telco Automation Service Orchestrator
['telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list']
Copy Permissions BETA
roles/telcoautomation.opsAdminTier1
Ability to get status of deployments
Telco Automation Tier 1 Operations Admin
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list']
Copy Permissions BETA
roles/telcoautomation.opsAdminTier4
Ability to manage deployments and their status
Telco Automation Tier 4 Operations Admin
['logging.buckets.get', 'logging.buckets.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.apply', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.create', 'telcoautomation.deployments.delete', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.deployments.rollback', 'telcoautomation.deployments.update', 'telcoautomation.hydratedDeployments.apply', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.hydratedDeployments.update', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list']
Copy Permissions BETA
roles/timeseriesinsights.datasetsEditor
Edit access to DataSets.
Timeseries Insights DataSet Editor
['timeseriesinsights.datasets.create', 'timeseriesinsights.datasets.delete', 'timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.datasets.update', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list']
Copy Permissions BETA
roles/timeseriesinsights.datasetsOwner
Full access to DataSets.
Timeseries Insights DataSet Owner
['timeseriesinsights.datasets.create', 'timeseriesinsights.datasets.delete', 'timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.datasets.update', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list']
Copy Permissions BETA
roles/timeseriesinsights.datasetsViewer
Read-only access (List and Query) to DataSets.
Timeseries Insights DataSet Viewer
['timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list']
Copy Permissions BETA
roles/tpu.admin
Full access to TPU nodes and related resources.
TPU Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'tpu.acceleratortypes.get', 'tpu.acceleratortypes.list', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.create', 'tpu.nodes.delete', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.nodes.reimage', 'tpu.nodes.reset', 'tpu.nodes.simulateMaintenanceEvent', 'tpu.nodes.start', 'tpu.nodes.stop', 'tpu.nodes.update', 'tpu.operations.get', 'tpu.operations.list', 'tpu.runtimeversions.get', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.get', 'tpu.tensorflowversions.list']
Copy Permissions GA
roles/tpu.xpnAgent
Can use shared VPC network (XPN) for the TPU VMs.
TPU Shared VPC Agent
['compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.globalOperations.get', 'compute.networks.get', 'compute.networks.list', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get']
Copy Permissions GA
roles/tpu.viewer
Read-only access to TPU nodes and related resources.
TPU Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'tpu.acceleratortypes.get', 'tpu.acceleratortypes.list', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.operations.get', 'tpu.operations.list', 'tpu.runtimeversions.get', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.get', 'tpu.tensorflowversions.list']
Copy Permissions GA
roles/trafficdirector.client
Traffic Director Client to fetch service configurations and report metrics
Traffic Director Client
['trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions BETA
roles/transcoder.admin
Full access to all transcoder resources.
Transcoder Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'transcoder.jobTemplates.create', 'transcoder.jobTemplates.delete', 'transcoder.jobTemplates.get', 'transcoder.jobTemplates.list', 'transcoder.jobs.create', 'transcoder.jobs.delete', 'transcoder.jobs.get', 'transcoder.jobs.list']
Copy Permissions GA
roles/transcoder.serviceAgent
Downloads and uploads media files from and to customer GCS buckets. Publishes status updates to customer Pub/Sub.
Transcoder Service Agent
['pubsub.topics.publish', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'transcoder.jobs.delete']
Copy Permissions GA
roles/transcoder.viewer
Viewer of all transcoder resources.
Transcoder Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'transcoder.jobTemplates.get', 'transcoder.jobTemplates.list', 'transcoder.jobs.get', 'transcoder.jobs.list']
Copy Permissions GA
roles/transferappliance.admin
Full access to Transfer Appliance all resources.
Transfer Appliance Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'transferappliance.appliances.create', 'transferappliance.appliances.delete', 'transferappliance.appliances.get', 'transferappliance.appliances.list', 'transferappliance.appliances.update', 'transferappliance.credentials.get', 'transferappliance.locations.get', 'transferappliance.locations.list', 'transferappliance.operations.cancel', 'transferappliance.operations.delete', 'transferappliance.operations.get', 'transferappliance.operations.list', 'transferappliance.orders.create', 'transferappliance.orders.delete', 'transferappliance.orders.get', 'transferappliance.orders.list', 'transferappliance.orders.update', 'transferappliance.savedAddresses.create', 'transferappliance.savedAddresses.delete', 'transferappliance.savedAddresses.get', 'transferappliance.savedAddresses.list', 'transferappliance.savedAddresses.update']
Copy Permissions BETA
roles/transferappliance.viewer
Read-only access to Transfer Appliance all resources.
Transfer Appliance Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'transferappliance.appliances.get', 'transferappliance.appliances.list', 'transferappliance.locations.get', 'transferappliance.locations.list', 'transferappliance.operations.get', 'transferappliance.operations.list', 'transferappliance.orders.get', 'transferappliance.orders.list', 'transferappliance.savedAddresses.get', 'transferappliance.savedAddresses.list']
Copy Permissions BETA
roles/translationhub.admin
Admin of Translation Hub
Translation Hub Admin
['automl.models.get', 'automl.models.list', 'automl.models.predict', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'translationhub.portals.create', 'translationhub.portals.delete', 'translationhub.portals.get', 'translationhub.portals.list', 'translationhub.portals.update']
Copy Permissions BETA
roles/translationhub.portalUser
Portal user of Translation Hub
Translation Hub Portal User
['automl.models.get', 'automl.models.list', 'automl.models.predict', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'translationhub.portals.get', 'translationhub.portals.list']
Copy Permissions BETA
roles/osconfig.upgradeReportViewer
Provides read-only access to VM Manager Upgrade Reports
Upgrade Report Viewer
['osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/cloudmigration.inframanager
Ability to create and manage Compute VMs to run Velostrata Infrastructure
Velostrata Manager
['cloudmigration.velostrataendpoints.connect', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.images.get', 'compute.images.list', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setScheduling', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.update', 'compute.instances.updateNetworkInterface', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.use', 'compute.licenseCodes.get', 'compute.licenseCodes.list', 'compute.licenseCodes.update', 'compute.licenses.get', 'compute.licenses.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.list', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.get', 'compute.zones.list', 'gkehub.endpoints.connect', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update']
Copy Permissions BETA
roles/cloudmigration.velostrataconnect
Ability to set up connection between Velostrata Manager and Google
Velostrata Manager Connection Agent
['cloudmigration.velostrataendpoints.connect', 'gkehub.endpoints.connect']
Copy Permissions BETA
roles/cloudmigration.storageaccess
Ability to access migration storage
Velostrata Storage Access
['storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions BETA
roles/aiplatform.admin
Grants full access to all resources in Vertex AI
Vertex AI Administrator
['aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cacheConfigs.update', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.consents.update', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.setIamPolicy', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.setIamPolicy', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.setIamPolicy', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.migratableResources.migrate', 'aiplatform.migratableResources.search', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.create', 'aiplatform.persistentResources.delete', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.recordAccess', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.batchPredictionServiceAgent
Vertex AI Batch Prediction Service Agent for serving batch prediction requests.
Vertex AI Batch Prediction Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.models.create', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.colabServiceAgent
Gives Vertex AI Colab the proper permissions to function.
Vertex AI Colab Service Agent
['compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.networks.get', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'iam.serviceAccounts.actAs', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.get']
Copy Permissions GA
roles/aiplatform.customCodeServiceAgent
Gives Vertex AI Custom Code the proper permissions.
Vertex AI Custom Code Service Agent
['aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.tags.get', 'artifactregistry.versions.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.extensionCustomCodeServiceAgent
Gives Vertex AI Extension that executes custom code the permissions it needs to function.
Vertex AI Extension Custom Code Service Agent
['logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.extensionServiceAgent
Gives Vertex AI Extension the permissions it needs to function.
Vertex AI Extension Service Agent
['aiplatform.endpoints.predict', 'aiplatform.locations.get', 'discoveryengine.servingConfigs.search', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create', 'logging.logEntries.route', 'serviceusage.services.use', 'storage.objects.get']
Copy Permissions GA
roles/aiplatform.featurestoreAdmin
Grants full access to all resources in Vertex AI Feature Store
Vertex AI Feature Store Admin
['aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.setIamPolicy', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.setIamPolicy', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.featurestoreDataViewer
This role provides permissions to read Feature data.
Vertex AI Feature Store Data Viewer
['aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.batchReadFeatureValues', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.featurestoreDataWriter
This role provides permissions to read and write Feature data.
Vertex AI Feature Store Data Writer
['aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.batchReadFeatureValues', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.entityTypeOwner
Provides full access to all permissions for a particular entity type resource.
Vertex AI Feature Store EntityType owner
['aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.featurestoreInstanceCreator
Administrator of Featurestore resources, but not the child resources under Featurestores.
Vertex AI Feature Store Instance Creator
['aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.get', 'aiplatform.featurestores.list', 'aiplatform.featurestores.update']
Copy Permissions GA
roles/aiplatform.featurestoreResourceViewer
Viewer of all resources in Vertex AI Feature Store but cannot make changes.
Vertex AI Feature Store Resource Viewer
['aiplatform.entityTypes.get', 'aiplatform.entityTypes.list', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.get', 'aiplatform.featurestores.list', 'aiplatform.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.featurestoreUser
Deprecated. Use featurestoreAdmin instead.
Vertex AI Feature Store User
['aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions BETA
roles/aiplatform.migrator
Grants access to use migration service in Vertex AI
Vertex AI Migration Service User
['aiplatform.migratableResources.migrate', 'aiplatform.migratableResources.search']
Copy Permissions GA
roles/aiplatform.modelMonitoringServiceAgent
Gives Vertex AI Model Monitoring the permissions it needs to function.
Vertex AI Model Monitoring Service Agent
['aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'monitoring.notificationChannels.get', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.notebookServiceAgent
Vertex AI Service Agent used to run Notebook managed resources in user project with restricted permissions.
Vertex AI Notebook Service Agent
['logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions GA
roles/aiplatform.ragServiceAgent
Vertex AI Service Agent used by Vertex RAG to access user imported data and Vertex AI in the project
Vertex AI RAG Data Service Agent
['aiplatform.endpoints.get', 'aiplatform.endpoints.predict', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.models.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'logging.logEntries.create', 'logging.logEntries.route', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/aiplatform.rapidevalServiceAgent
Vertex AI Service Agent used by GenAI Rapid Evaluation Service to access publisher model endpoints in the user project
Vertex AI Rapid Eval Service Agent
['aiplatform.endpoints.predict']
Copy Permissions GA
roles/aiplatform.reasoningEngineServiceAgent
Gives Vertex AI Reasoning Engine the proper permissions to function.
Vertex AI Reasoning Engine Service Agent
['aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'cloudtrace.traces.patch', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions GA
roles/aiplatform.serviceAgent
Gives Vertex AI the permissions it needs to function.
Vertex AI Service Agent
['aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.get', 'artifactregistry.versions.get', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.list', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.tableSpecs.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.models.create', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.networks.get', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'datalabeling.annotateddatasets.get', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.list', 'datalabeling.operations.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create', 'logging.logEntries.route', 'ml.models.list', 'ml.operations.get', 'ml.versions.get', 'ml.versions.list', 'monitoring.notificationChannels.get', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.executions.delete', 'run.executions.get', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.run', 'run.jobs.update', 'run.operations.delete', 'run.operations.get', 'run.routes.invoke', 'run.services.create', 'run.services.delete', 'run.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.tensorboardWebAppUser
Grants access to the Vertex AI Tensorboard web app. Using the web app will incur charges.
Vertex AI Tensorboard Web App User
['aiplatform.tensorboards.recordAccess']
Copy Permissions BETA
roles/aiplatform.tuningServiceAgent
Vertex AI Service Agent used for tuning in user project.
Vertex AI Tuning Service Agent
['aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.get', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.get', 'aiplatform.locations.get', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.models.get', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'resourcemanager.projects.get', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.update']
Copy Permissions GA
roles/aiplatform.user
Grants access to use all resource in Vertex AI
Vertex AI User
['aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/aiplatform.viewer
Grants access to view all resource in Vertex AI
Vertex AI Viewer
['aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.consents.get', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.get', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.get', 'aiplatform.endpoints.list', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.list', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.extensions.get', 'aiplatform.extensions.list', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.get', 'aiplatform.featurestores.list', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/videostitcher.admin
Full access to all video stitcher resources.
Video Stitcher Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'videostitcher.cdnKeys.create', 'videostitcher.cdnKeys.delete', 'videostitcher.cdnKeys.get', 'videostitcher.cdnKeys.list', 'videostitcher.cdnKeys.update', 'videostitcher.liveAdTagDetails.get', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.create', 'videostitcher.liveConfigs.delete', 'videostitcher.liveConfigs.get', 'videostitcher.liveConfigs.list', 'videostitcher.liveSessions.create', 'videostitcher.liveSessions.get', 'videostitcher.operations.cancel', 'videostitcher.operations.delete', 'videostitcher.operations.get', 'videostitcher.operations.list', 'videostitcher.slates.create', 'videostitcher.slates.delete', 'videostitcher.slates.get', 'videostitcher.slates.list', 'videostitcher.slates.update', 'videostitcher.vodAdTagDetails.get', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.create', 'videostitcher.vodConfigs.delete', 'videostitcher.vodConfigs.get', 'videostitcher.vodConfigs.list', 'videostitcher.vodConfigs.update', 'videostitcher.vodSessions.create', 'videostitcher.vodSessions.get', 'videostitcher.vodStitchDetails.get', 'videostitcher.vodStitchDetails.list']
Copy Permissions GA
roles/videostitcher.user
Full access to video stitcher sessions.
Video Stitcher User
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'videostitcher.liveSessions.create', 'videostitcher.liveSessions.get', 'videostitcher.vodSessions.create', 'videostitcher.vodSessions.get']
Copy Permissions GA
roles/videostitcher.viewer
Read-only access to video stitcher resources.
Video Stitcher Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'videostitcher.cdnKeys.get', 'videostitcher.cdnKeys.list', 'videostitcher.liveAdTagDetails.get', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.get', 'videostitcher.liveConfigs.list', 'videostitcher.liveSessions.get', 'videostitcher.operations.get', 'videostitcher.operations.list', 'videostitcher.slates.get', 'videostitcher.slates.list', 'videostitcher.vodAdTagDetails.get', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.get', 'videostitcher.vodConfigs.list', 'videostitcher.vodSessions.get', 'videostitcher.vodStitchDetails.get', 'videostitcher.vodStitchDetails.list']
Copy Permissions GA
roles/iam.serviceAccountViewer
Read access to service accounts, metadata, and keys.
View Service Accounts
['iam.serviceAccountKeys.get', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/viewer
View most Google Cloud resources. See the list of included permissions.
Viewer
['accessapproval.requests.get', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'actions.agent.get', 'actions.agentVersions.get', 'actions.agentVersions.list', 'advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.consents.get', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasets.get', 'aiplatform.datasets.list', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.extensions.get', 'aiplatform.extensions.list', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.migratableResources.search', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.export', 'alloydb.clusters.get', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.databases.list', 'alloydb.instances.get', 'alloydb.instances.list', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.get', 'alloydb.users.list', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.get', 'apigateway.operations.list', 'apigee.addonsconfig.get', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appkeys.get', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.canaryevaluations.get', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datalocation.get', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.list', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerbalances.get', 'apigee.developermonetizationconfigs.get', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.get', 'apigee.instances.list', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.get', 'apigee.portals.list', 'apigee.projectorganizations.get', 'apigee.projects.previewMigration', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.references.get', 'apigee.references.list', 'apigee.reports.get', 'apigee.reports.list', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.runtimeconfigs.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.traceconfig.get', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'apigeeconnect.connections.list', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.instances.get', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apis.get', 'apihub.apis.list', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.get', 'apihub.specs.list', 'apihub.styleGuides.get', 'apihub.versions.get', 'apihub.versions.list', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.get', 'apim.operations.list', 'appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.get', 'appengine.memcache.getKey', 'appengine.memcache.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.get', 'apphub.services.list', 'apphub.workloads.get', 'apphub.workloads.list', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automlrecommendations.catalogItems.get', 'automlrecommendations.catalogItems.list', 'automlrecommendations.catalogs.getStats', 'automlrecommendations.catalogs.list', 'automlrecommendations.eventStores.getStats', 'automlrecommendations.eventStores.list', 'automlrecommendations.events.get', 'automlrecommendations.events.list', 'automlrecommendations.placements.getStats', 'automlrecommendations.placements.list', 'automlrecommendations.recommendations.list', 'autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.tasks.get', 'batch.tasks.list', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.get', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.get', 'biglake.tables.list', 'bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.use', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listTagBindings', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listExecutionMetadata', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.createSnapshot', 'bigquery.tables.getIamPolicy', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.transfers.get', 'bigquerymigration.locations.get', 'bigquerymigration.locations.list', 'bigquerymigration.subtasks.get', 'bigquerymigration.subtasks.list', 'bigquerymigration.workflows.get', 'bigquerymigration.workflows.list', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceCosts.get', 'billing.resourcebudgets.read', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'carestudio.patients.get', 'carestudio.patients.list', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'chat.bots.get', 'chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpSettings.get', 'clientauthconfig.brands.get', 'clientauthconfig.brands.list', 'clientauthconfig.clients.get', 'clientauthconfig.clients.list', 'cloud.locations.get', 'cloud.locations.list', 'cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.companions.generateChat', 'cloudaicompanion.companions.generateCode', 'cloudaicompanion.entitlements.get', 'cloudaicompanion.instances.completeCode', 'cloudaicompanion.instances.completeTask', 'cloudaicompanion.instances.generateCode', 'cloudaicompanion.instances.generateText', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.use', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudconfig.configs.get', 'cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'cloudiottoken.tokensettings.get', 'cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.tenants.get', 'cloudkms.autokeyConfigs.get', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'cloudkms.protectedResources.search', 'cloudnotifications.activities.list', 'cloudonefs.isiloncloud.com/clusters.get', 'cloudonefs.isiloncloud.com/clusters.list', 'cloudonefs.isiloncloud.com/fileshares.get', 'cloudonefs.isiloncloud.com/fileshares.list', 'cloudoptimization.operations.get', 'cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.settings.get', 'cloudprofiler.profiles.list', 'cloudquotas.quotas.get', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.instances.export', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.schemas.view', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsupport.accounts.get', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.operations.get', 'cloudsupport.properties.get', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudtasks.cmekConfig.get', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.get', 'cloudtasks.queues.list', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.get', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.get', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'cloudvolumesgcp-api.netapp.com/activeDirectories.get', 'cloudvolumesgcp-api.netapp.com/activeDirectories.list', 'cloudvolumesgcp-api.netapp.com/ipRanges.list', 'cloudvolumesgcp-api.netapp.com/jobs.get', 'cloudvolumesgcp-api.netapp.com/jobs.list', 'cloudvolumesgcp-api.netapp.com/regions.list', 'cloudvolumesgcp-api.netapp.com/serviceLevels.list', 'cloudvolumesgcp-api.netapp.com/snapshots.get', 'cloudvolumesgcp-api.netapp.com/snapshots.list', 'cloudvolumesgcp-api.netapp.com/volumereplication.get', 'cloudvolumesgcp-api.netapp.com/volumereplication.list', 'cloudvolumesgcp-api.netapp.com/volumes.get', 'cloudvolumesgcp-api.netapp.com/volumes.list', 'commerceagreementpublishing.agreements.get', 'commerceagreementpublishing.agreements.list', 'commerceagreementpublishing.documents.get', 'commerceagreementpublishing.documents.list', 'commercebusinessenablement.leadgenConfig.get', 'commercebusinessenablement.operations.get', 'commercebusinessenablement.operations.list', 'commercebusinessenablement.partnerAccounts.get', 'commercebusinessenablement.partnerAccounts.list', 'commercebusinessenablement.partnerInfo.get', 'commercebusinessenablement.paymentConfig.get', 'commercebusinessenablement.refunds.get', 'commercebusinessenablement.refunds.list', 'commercebusinessenablement.resellerConfig.get', 'commercebusinessenablement.resellerDiscountConfig.get', 'commercebusinessenablement.resellerDiscountOffers.list', 'commercebusinessenablement.resellerPrivateOfferPlans.get', 'commercebusinessenablement.resellerPrivateOfferPlans.list', 'commercebusinessenablement.resellerRestrictions.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'commerceorggovernance.collections.get', 'commerceorggovernance.collections.list', 'commerceorggovernance.consumerSharingPolicies.get', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.populateCollectionJobs.list', 'commerceorggovernance.services.get', 'commerceorggovernance.services.list', 'commerceprice.privateoffers.get', 'commerceprice.privateoffers.list', 'composer.dags.get', 'composer.dags.getSourceCode', 'composer.dags.list', 'composer.environments.get', 'composer.environments.list', 'composer.imageversions.list', 'composer.operations.get', 'composer.operations.list', 'composer.userworkloadsconfigmaps.get', 'composer.userworkloadsconfigmaps.list', 'composer.userworkloadssecrets.get', 'composer.userworkloadssecrets.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.createSnapshot', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.useReadOnly', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.useReadOnly', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'confidentialcomputing.locations.get', 'confidentialcomputing.locations.list', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.get', 'config.locations.list', 'config.operations.get', 'config.operations.list', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'connectors.actions.list', 'connectors.connections.generateOpenAPISpec', 'connectors.connections.get', 'connectors.connections.getConnectionSchemaMetadata', 'connectors.connections.getIamPolicy', 'connectors.connections.getRuntimeActionSchema', 'connectors.connections.getRuntimeEntitySchema', 'connectors.connections.list', 'connectors.connectors.get', 'connectors.connectors.list', 'connectors.customConnectorVersions.get', 'connectors.customConnectorVersions.getIamPolicy', 'connectors.customConnectorVersions.list', 'connectors.customConnectors.get', 'connectors.customConnectors.getIamPolicy', 'connectors.customConnectors.list', 'connectors.endpointAttachments.get', 'connectors.endpointAttachments.getIamPolicy', 'connectors.endpointAttachments.list', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entityTypes.list', 'connectors.eventSubscriptions.get', 'connectors.eventSubscriptions.list', 'connectors.eventtypes.get', 'connectors.eventtypes.list', 'connectors.locations.get', 'connectors.locations.list', 'connectors.managedZones.get', 'connectors.managedZones.getIamPolicy', 'connectors.managedZones.list', 'connectors.operations.get', 'connectors.operations.list', 'connectors.providers.get', 'connectors.providers.list', 'connectors.regionalSettings.get', 'connectors.runtimeconfig.get', 'connectors.settings.get', 'connectors.versions.get', 'connectors.versions.list', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.entitlements.get', 'consumerprocurement.entitlements.list', 'consumerprocurement.freeTrials.get', 'consumerprocurement.freeTrials.list', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'contactcenteraiplatform.contactCenters.get', 'contactcenteraiplatform.contactCenters.list', 'contactcenteraiplatform.contactCenters.queryQuota', 'contactcenteraiplatform.locations.get', 'contactcenteraiplatform.locations.list', 'contactcenteraiplatform.operations.get', 'contactcenteraiplatform.operations.list', 'contactcenterinsights.analyses.get', 'contactcenterinsights.analyses.list', 'contactcenterinsights.analysisRules.get', 'contactcenterinsights.analysisRules.list', 'contactcenterinsights.conversations.get', 'contactcenterinsights.conversations.list', 'contactcenterinsights.faqEntries.get', 'contactcenterinsights.faqEntries.list', 'contactcenterinsights.faqModels.get', 'contactcenterinsights.faqModels.list', 'contactcenterinsights.feedbackLabels.get', 'contactcenterinsights.feedbackLabels.list', 'contactcenterinsights.issueModels.get', 'contactcenterinsights.issueModels.list', 'contactcenterinsights.issues.get', 'contactcenterinsights.issues.list', 'contactcenterinsights.operations.get', 'contactcenterinsights.operations.list', 'contactcenterinsights.phraseMatchers.get', 'contactcenterinsights.phraseMatchers.list', 'contactcenterinsights.qaQuestions.get', 'contactcenterinsights.qaQuestions.list', 'contactcenterinsights.qaScorecardRevisions.get', 'contactcenterinsights.qaScorecardRevisions.list', 'contactcenterinsights.qaScorecards.get', 'contactcenterinsights.qaScorecards.list', 'contactcenterinsights.settings.get', 'contactcenterinsights.views.get', 'contactcenterinsights.views.list', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.auditSinks.get', 'container.auditSinks.list', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.bindings.get', 'container.bindings.list', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.get', 'container.configMaps.list', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodes.get', 'container.csiNodes.list', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.deployments.get', 'container.deployments.getStatus', 'container.deployments.list', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpoints.get', 'container.endpoints.list', 'container.events.get', 'container.events.list', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.leases.get', 'container.leases.list', 'container.limitRanges.get', 'container.limitRanges.list', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.petSets.get', 'container.petSets.list', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podPresets.get', 'container.podPresets.list', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.get', 'container.podTemplates.list', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.list', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.tokenReviews.create', 'container.updateInfos.get', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'containeranalysis.notes.get', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containersecurity.locations.get', 'containersecurity.locations.list', 'contentwarehouse.corpora.get', 'contentwarehouse.corpora.list', 'contentwarehouse.documentSchemas.get', 'contentwarehouse.documentSchemas.list', 'contentwarehouse.documents.get', 'contentwarehouse.documents.getIamPolicy', 'contentwarehouse.documents.list', 'contentwarehouse.links.get', 'contentwarehouse.locations.getStatus', 'contentwarehouse.operations.get', 'contentwarehouse.rawDocuments.download', 'contentwarehouse.ruleSets.get', 'contentwarehouse.ruleSets.list', 'contentwarehouse.synonymSets.get', 'contentwarehouse.synonymSets.list', 'databasecenter.fleetHealthStats.list', 'databasecenter.fleetStats.list', 'databasecenter.locations.list', 'databasecenter.products.list', 'databasecenter.resourceGroups.list', 'databasecenter.userLabels.list', 'databaseinsights.activeQueries.fetch', 'databaseinsights.activitySummary.fetch', 'databaseinsights.aggregatedEvents.query', 'databaseinsights.aggregatedStats.query', 'databaseinsights.clusterEvents.query', 'databaseinsights.instanceEvents.query', 'databaseinsights.locations.get', 'databaseinsights.locations.list', 'databaseinsights.recommendations.query', 'databaseinsights.resourceRecommendations.query', 'databaseinsights.timeSeries.query', 'databaseinsights.workloadRecommendations.fetch', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.migrationConfig.get', 'datacatalog.operations.list', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'dataconnectors.connectors.get', 'dataconnectors.connectors.getIamPolicy', 'dataconnectors.connectors.list', 'dataconnectors.locations.get', 'dataconnectors.locations.list', 'dataconnectors.operations.get', 'dataconnectors.operations.list', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.list', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.searchFiles', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'datalabeling.annotateddatasets.get', 'datalabeling.annotateddatasets.label', 'datalabeling.annotateddatasets.list', 'datalabeling.annotationspecsets.get', 'datalabeling.annotationspecsets.list', 'datalabeling.dataitems.get', 'datalabeling.dataitems.list', 'datalabeling.datasets.export', 'datalabeling.datasets.get', 'datalabeling.datasets.list', 'datalabeling.examples.get', 'datalabeling.examples.list', 'datalabeling.instructions.get', 'datalabeling.instructions.list', 'datalabeling.operations.get', 'datalabeling.operations.list', 'datalineage.events.get', 'datalineage.events.list', 'datalineage.locations.searchLinks', 'datalineage.operations.get', 'datalineage.processes.get', 'datalineage.processes.list', 'datalineage.runs.get', 'datalineage.runs.list', 'datamigration.connectionprofiles.get', 'datamigration.connectionprofiles.getIamPolicy', 'datamigration.connectionprofiles.list', 'datamigration.conversionworkspaces.get', 'datamigration.conversionworkspaces.getIamPolicy', 'datamigration.conversionworkspaces.list', 'datamigration.locations.fetchStaticIps', 'datamigration.locations.get', 'datamigration.locations.list', 'datamigration.mappingrules.getIamPolicy', 'datamigration.migrationjobs.get', 'datamigration.migrationjobs.getIamPolicy', 'datamigration.migrationjobs.list', 'datamigration.migrationjobs.verify', 'datamigration.objects.get', 'datamigration.objects.list', 'datamigration.operations.get', 'datamigration.operations.list', 'datamigration.privateconnections.get', 'datamigration.privateconnections.getIamPolicy', 'datamigration.privateconnections.list', 'datapipelines.jobs.list', 'datapipelines.pipelines.get', 'datapipelines.pipelines.list', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.assetActions.list', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.readData', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.lakeActions.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.projects.search', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.zoneActions.list', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataproc.agents.get', 'dataproc.agents.list', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.getIamPolicy', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.get', 'dataproc.clusters.getIamPolicy', 'dataproc.clusters.list', 'dataproc.jobs.get', 'dataproc.jobs.getIamPolicy', 'dataproc.jobs.list', 'dataproc.nodeGroups.get', 'dataproc.operations.get', 'dataproc.operations.getIamPolicy', 'dataproc.operations.list', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.tasks.listInvalidatedLeases', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.getIamPolicy', 'dataproc.workflowTemplates.list', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.featurecontrols.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'dataprocrm.locations.get', 'dataprocrm.locations.list', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodes.get', 'dataprocrm.nodes.list', 'dataprocrm.nodes.mintOAuthToken', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backups.get', 'datastore.backups.list', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'datastream.connectionProfiles.destinationTypes', 'datastream.connectionProfiles.discover', 'datastream.connectionProfiles.get', 'datastream.connectionProfiles.getIamPolicy', 'datastream.connectionProfiles.list', 'datastream.connectionProfiles.listEffectiveTags', 'datastream.connectionProfiles.listStaticServiceIps', 'datastream.connectionProfiles.listTagBindings', 'datastream.connectionProfiles.sourceTypes', 'datastream.locations.fetchStaticIps', 'datastream.locations.get', 'datastream.locations.list', 'datastream.objects.get', 'datastream.objects.list', 'datastream.operations.get', 'datastream.operations.list', 'datastream.privateConnections.get', 'datastream.privateConnections.getIamPolicy', 'datastream.privateConnections.list', 'datastream.privateConnections.listEffectiveTags', 'datastream.privateConnections.listTagBindings', 'datastream.routes.get', 'datastream.routes.getIamPolicy', 'datastream.routes.list', 'datastream.streams.fetchErrors', 'datastream.streams.get', 'datastream.streams.getIamPolicy', 'datastream.streams.list', 'datastream.streams.listEffectiveTags', 'datastream.streams.listTagBindings', 'datastudio.datasources.get', 'datastudio.datasources.getIamPolicy', 'datastudio.datasources.search', 'datastudio.reports.get', 'datastudio.reports.getIamPolicy', 'datastudio.reports.search', 'datastudio.workspaces.get', 'datastudio.workspaces.getIamPolicy', 'datastudio.workspaces.search', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'developerconnect.connections.fetchGitHubInstallations', 'developerconnect.connections.fetchLinkableGitRepositories', 'developerconnect.connections.get', 'developerconnect.connections.list', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'developerconnect.locations.get', 'developerconnect.locations.list', 'developerconnect.operations.get', 'developerconnect.operations.list', 'dialogflow.agents.export', 'dialogflow.agents.get', 'dialogflow.agents.list', 'dialogflow.agents.search', 'dialogflow.agents.searchResources', 'dialogflow.answerrecords.get', 'dialogflow.answerrecords.list', 'dialogflow.callMatchers.list', 'dialogflow.changelogs.get', 'dialogflow.changelogs.list', 'dialogflow.contexts.get', 'dialogflow.contexts.list', 'dialogflow.conversationDatasets.get', 'dialogflow.conversationDatasets.list', 'dialogflow.conversationModels.get', 'dialogflow.conversationModels.list', 'dialogflow.conversationProfiles.get', 'dialogflow.conversationProfiles.list', 'dialogflow.conversations.get', 'dialogflow.conversations.list', 'dialogflow.deployments.get', 'dialogflow.deployments.list', 'dialogflow.documents.get', 'dialogflow.documents.list', 'dialogflow.encryptionspec.get', 'dialogflow.entityTypes.get', 'dialogflow.entityTypes.list', 'dialogflow.environments.get', 'dialogflow.environments.getHistory', 'dialogflow.environments.list', 'dialogflow.environments.lookupHistory', 'dialogflow.examples.get', 'dialogflow.examples.list', 'dialogflow.experiments.get', 'dialogflow.experiments.list', 'dialogflow.flows.get', 'dialogflow.flows.list', 'dialogflow.fulfillments.get', 'dialogflow.generators.get', 'dialogflow.generators.list', 'dialogflow.integrations.get', 'dialogflow.integrations.list', 'dialogflow.intents.get', 'dialogflow.intents.list', 'dialogflow.knowledgeBases.get', 'dialogflow.knowledgeBases.list', 'dialogflow.messages.list', 'dialogflow.modelEvaluations.get', 'dialogflow.modelEvaluations.list', 'dialogflow.operations.get', 'dialogflow.pages.get', 'dialogflow.pages.list', 'dialogflow.participants.get', 'dialogflow.participants.list', 'dialogflow.participants.suggest', 'dialogflow.phoneNumberOrders.get', 'dialogflow.phoneNumberOrders.list', 'dialogflow.phoneNumbers.list', 'dialogflow.playbooks.get', 'dialogflow.playbooks.list', 'dialogflow.securitySettings.get', 'dialogflow.securitySettings.list', 'dialogflow.sessionEntityTypes.get', 'dialogflow.sessionEntityTypes.list', 'dialogflow.smartMessagingEntries.get', 'dialogflow.smartMessagingEntries.list', 'dialogflow.testcases.calculateCoverage', 'dialogflow.testcases.export', 'dialogflow.testcases.get', 'dialogflow.testcases.list', 'dialogflow.tools.get', 'dialogflow.tools.list', 'dialogflow.transitionRouteGroups.get', 'dialogflow.transitionRouteGroups.list', 'dialogflow.versions.get', 'dialogflow.versions.list', 'dialogflow.webhooks.get', 'dialogflow.webhooks.list', 'discoveryengine.aclConfigs.get', 'discoveryengine.analytics.acquireDashboardSession', 'discoveryengine.analytics.refreshDashboardSessionTokens', 'discoveryengine.answers.get', 'discoveryengine.branches.get', 'discoveryengine.branches.list', 'discoveryengine.cmekConfigs.get', 'discoveryengine.cmekConfigs.list', 'discoveryengine.collections.get', 'discoveryengine.collections.list', 'discoveryengine.completionConfigs.completeQuery', 'discoveryengine.completionConfigs.get', 'discoveryengine.controls.get', 'discoveryengine.controls.list', 'discoveryengine.conversations.get', 'discoveryengine.conversations.list', 'discoveryengine.dataStores.completeQuery', 'discoveryengine.dataStores.get', 'discoveryengine.dataStores.list', 'discoveryengine.documentProcessingConfigs.get', 'discoveryengine.documents.batchGetDocumentsMetadata', 'discoveryengine.documents.get', 'discoveryengine.documents.list', 'discoveryengine.engines.get', 'discoveryengine.engines.list', 'discoveryengine.evaluations.get', 'discoveryengine.evaluations.list', 'discoveryengine.groundingConfigs.check', 'discoveryengine.locations.estimateDataSize', 'discoveryengine.models.get', 'discoveryengine.models.list', 'discoveryengine.operations.get', 'discoveryengine.operations.list', 'discoveryengine.projects.get', 'discoveryengine.rankingConfigs.rank', 'discoveryengine.sampleQueries.get', 'discoveryengine.sampleQueries.list', 'discoveryengine.sampleQuerySets.get', 'discoveryengine.sampleQuerySets.list', 'discoveryengine.schemas.get', 'discoveryengine.schemas.list', 'discoveryengine.schemas.preview', 'discoveryengine.schemas.validate', 'discoveryengine.servingConfigs.answer', 'discoveryengine.servingConfigs.get', 'discoveryengine.servingConfigs.list', 'discoveryengine.servingConfigs.recommend', 'discoveryengine.servingConfigs.search', 'discoveryengine.sessions.get', 'discoveryengine.sessions.list', 'discoveryengine.siteSearchEngines.fetchDomainVerificationStatus', 'discoveryengine.siteSearchEngines.get', 'discoveryengine.targetSites.get', 'discoveryengine.targetSites.list', 'discoveryengine.userEvents.fetchStats', 'discoveryengine.widgetConfigs.get', 'dlp.analyzeRiskTemplates.get', 'dlp.analyzeRiskTemplates.list', 'dlp.charts.get', 'dlp.columnDataProfiles.get', 'dlp.columnDataProfiles.list', 'dlp.connections.get', 'dlp.connections.list', 'dlp.connections.search', 'dlp.deidentifyTemplates.get', 'dlp.deidentifyTemplates.list', 'dlp.estimates.get', 'dlp.estimates.list', 'dlp.fileStoreProfiles.get', 'dlp.fileStoreProfiles.list', 'dlp.inspectFindings.list', 'dlp.inspectTemplates.get', 'dlp.inspectTemplates.list', 'dlp.jobTriggers.get', 'dlp.jobTriggers.list', 'dlp.jobs.get', 'dlp.jobs.list', 'dlp.locations.get', 'dlp.locations.list', 'dlp.projectDataProfiles.get', 'dlp.projectDataProfiles.list', 'dlp.storedInfoTypes.get', 'dlp.storedInfoTypes.list', 'dlp.subscriptions.get', 'dlp.subscriptions.list', 'dlp.tableDataProfiles.get', 'dlp.tableDataProfiles.list', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.projects.get', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'documentai.dataLabelingJobs.list', 'documentai.datasetSchemas.get', 'documentai.datasets.get', 'documentai.datasets.getDocuments', 'documentai.datasets.listDocuments', 'documentai.evaluationDocuments.get', 'documentai.evaluations.get', 'documentai.evaluations.list', 'documentai.humanReviewConfigs.get', 'documentai.humanReviewConfigs.review', 'documentai.labelerPools.get', 'documentai.labelerPools.list', 'documentai.locations.get', 'documentai.locations.list', 'documentai.operations.getLegacy', 'documentai.processedDocumentsSets.get', 'documentai.processedDocumentsSets.getDocuments', 'documentai.processedDocumentsSets.listDocuments', 'documentai.processorTypes.get', 'documentai.processorTypes.list', 'documentai.processorVersions.get', 'documentai.processorVersions.list', 'documentai.processorVersions.processBatch', 'documentai.processorVersions.processOnline', 'documentai.processors.fetchHumanReviewDetails', 'documentai.processors.get', 'documentai.processors.list', 'documentai.processors.processBatch', 'documentai.processors.processOnline', 'domains.locations.get', 'domains.locations.list', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'earthengine.assets.get', 'earthengine.assets.getIamPolicy', 'earthengine.assets.list', 'earthengine.config.get', 'earthengine.filmstripthumbnails.get', 'earthengine.maps.get', 'earthengine.operations.get', 'earthengine.operations.list', 'earthengine.tables.get', 'earthengine.thumbnails.get', 'earthengine.videothumbnails.get', 'edgecontainer.clusters.generateAccessToken', 'edgecontainer.clusters.get', 'edgecontainer.clusters.getIamPolicy', 'edgecontainer.clusters.list', 'edgecontainer.locations.get', 'edgecontainer.locations.list', 'edgecontainer.machines.get', 'edgecontainer.machines.getIamPolicy', 'edgecontainer.machines.list', 'edgecontainer.nodePools.get', 'edgecontainer.nodePools.getIamPolicy', 'edgecontainer.nodePools.list', 'edgecontainer.operations.get', 'edgecontainer.operations.list', 'edgecontainer.serverconfig.get', 'edgecontainer.vpnConnections.get', 'edgecontainer.vpnConnections.getIamPolicy', 'edgecontainer.vpnConnections.list', 'edgenetwork.interconnectAttachments.get', 'edgenetwork.interconnectAttachments.getIamPolicy', 'edgenetwork.interconnectAttachments.list', 'edgenetwork.interconnects.get', 'edgenetwork.interconnects.getDiagnostics', 'edgenetwork.interconnects.getIamPolicy', 'edgenetwork.interconnects.list', 'edgenetwork.locations.get', 'edgenetwork.locations.list', 'edgenetwork.networks.get', 'edgenetwork.networks.getIamPolicy', 'edgenetwork.networks.getStatus', 'edgenetwork.networks.list', 'edgenetwork.operations.get', 'edgenetwork.operations.list', 'edgenetwork.routers.get', 'edgenetwork.routers.getIamPolicy', 'edgenetwork.routers.getRouterStatus', 'edgenetwork.routers.list', 'edgenetwork.routes.get', 'edgenetwork.routes.list', 'edgenetwork.subnetworks.get', 'edgenetwork.subnetworks.getIamPolicy', 'edgenetwork.subnetworks.getStatus', 'edgenetwork.subnetworks.list', 'edgenetwork.zones.get', 'edgenetwork.zones.list', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search', 'enterpriseknowledgegraph.entityReconciliationJobs.get', 'enterpriseknowledgegraph.entityReconciliationJobs.list', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup', 'enterpriseknowledgegraph.publicKnowledgeGraphEntities.search', 'enterprisepurchasing.gcveCuds.get', 'enterprisepurchasing.gcveCuds.list', 'enterprisepurchasing.gcveNodePricingInfo.list', 'enterprisepurchasing.locations.get', 'enterprisepurchasing.locations.list', 'enterprisepurchasing.operations.get', 'enterprisepurchasing.operations.list', 'errorreporting.applications.list', 'errorreporting.errorEvents.list', 'errorreporting.groupMetadata.get', 'errorreporting.groups.list', 'essentialcontacts.contacts.get', 'essentialcontacts.contacts.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'fcmdata.deliverydata.list', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.locations.get', 'file.locations.list', 'file.operations.get', 'file.operations.list', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'financialservices.locations.get', 'financialservices.locations.list', 'financialservices.operations.get', 'financialservices.operations.list', 'financialservices.v1backtests.exportMetadata', 'financialservices.v1backtests.get', 'financialservices.v1backtests.list', 'financialservices.v1datasets.get', 'financialservices.v1datasets.list', 'financialservices.v1engineconfigs.exportMetadata', 'financialservices.v1engineconfigs.get', 'financialservices.v1engineconfigs.list', 'financialservices.v1engineversions.get', 'financialservices.v1engineversions.list', 'financialservices.v1instances.exportRegisteredParties', 'financialservices.v1instances.get', 'financialservices.v1instances.list', 'financialservices.v1models.exportMetadata', 'financialservices.v1models.get', 'financialservices.v1models.list', 'financialservices.v1predictions.exportMetadata', 'financialservices.v1predictions.get', 'financialservices.v1predictions.list', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.links.list', 'firebase.playLinks.get', 'firebase.playLinks.list', 'firebase.projects.get', 'firebaseabt.experimentresults.get', 'firebaseabt.experiments.get', 'firebaseabt.experiments.list', 'firebaseabt.projectmetadata.get', 'firebaseanalytics.resources.googleAnalyticsReadAndAnalyze', 'firebaseappcheck.appAttestConfig.get', 'firebaseappcheck.debugTokens.get', 'firebaseappcheck.deviceCheckConfig.get', 'firebaseappcheck.playIntegrityConfig.get', 'firebaseappcheck.recaptchaEnterpriseConfig.get', 'firebaseappcheck.recaptchaV3Config.get', 'firebaseappcheck.resourcePolicies.get', 'firebaseappcheck.safetyNetConfig.get', 'firebaseappcheck.services.get', 'firebaseappdistro.groups.list', 'firebaseappdistro.releases.list', 'firebaseappdistro.testers.list', 'firebaseauth.configs.get', 'firebaseauth.users.get', 'firebasecrash.reports.get', 'firebasecrashlytics.config.get', 'firebasecrashlytics.data.get', 'firebasecrashlytics.issues.get', 'firebasecrashlytics.issues.list', 'firebasecrashlytics.sessions.get', 'firebasedatabase.instances.get', 'firebasedatabase.instances.list', 'firebasedataconnect.connectorRevisions.get', 'firebasedataconnect.connectorRevisions.list', 'firebasedataconnect.connectors.get', 'firebasedataconnect.connectors.list', 'firebasedataconnect.locations.get', 'firebasedataconnect.locations.list', 'firebasedataconnect.operations.get', 'firebasedataconnect.operations.list', 'firebasedataconnect.schemaRevisions.get', 'firebasedataconnect.schemaRevisions.list', 'firebasedataconnect.schemas.get', 'firebasedataconnect.schemas.list', 'firebasedataconnect.services.get', 'firebasedataconnect.services.list', 'firebasedynamiclinks.destinations.list', 'firebasedynamiclinks.domains.get', 'firebasedynamiclinks.domains.list', 'firebasedynamiclinks.links.get', 'firebasedynamiclinks.links.list', 'firebasedynamiclinks.stats.get', 'firebaseextensions.configs.list', 'firebaseextensionspublisher.extensions.get', 'firebaseextensionspublisher.extensions.list', 'firebasehosting.sites.get', 'firebasehosting.sites.list', 'firebaseinappmessaging.campaigns.get', 'firebaseinappmessaging.campaigns.list', 'firebasemessagingcampaigns.campaigns.get', 'firebasemessagingcampaigns.campaigns.list', 'firebaseml.models.get', 'firebaseml.models.list', 'firebaseml.modelversions.get', 'firebaseml.modelversions.list', 'firebasenotifications.messages.get', 'firebasenotifications.messages.list', 'firebaseperformance.data.get', 'firebaserules.releases.get', 'firebaserules.releases.getExecutable', 'firebaserules.releases.list', 'firebaserules.rulesets.list', 'firebaserules.rulesets.test', 'firebasestorage.buckets.get', 'firebasestorage.buckets.list', 'firebasestorage.defaultBucket.get', 'fleetengine.deliveryvehicles.get', 'fleetengine.deliveryvehicles.list', 'fleetengine.tasks.get', 'fleetengine.tasks.list', 'fleetengine.tasks.searchWithTrackingId', 'fleetengine.tasktrackinginfo.get', 'fleetengine.trips.get', 'fleetengine.trips.search', 'fleetengine.vehicles.get', 'fleetengine.vehicles.list', 'fleetengine.vehicles.search', 'fleetengine.vehicles.searchFuzzed', 'gcp.redisenterprise.com/databases.get', 'gcp.redisenterprise.com/databases.list', 'gcp.redisenterprise.com/subscriptions.get', 'gcp.redisenterprise.com/subscriptions.list', 'gdchardwaremanagement.changeLogEntries.get', 'gdchardwaremanagement.changeLogEntries.list', 'gdchardwaremanagement.comments.get', 'gdchardwaremanagement.comments.list', 'gdchardwaremanagement.hardware.get', 'gdchardwaremanagement.hardware.list', 'gdchardwaremanagement.hardwareGroups.get', 'gdchardwaremanagement.hardwareGroups.list', 'gdchardwaremanagement.locations.get', 'gdchardwaremanagement.locations.list', 'gdchardwaremanagement.operations.get', 'gdchardwaremanagement.operations.list', 'gdchardwaremanagement.orders.get', 'gdchardwaremanagement.orders.list', 'gdchardwaremanagement.sites.get', 'gdchardwaremanagement.sites.list', 'gdchardwaremanagement.skus.get', 'gdchardwaremanagement.skus.list', 'gdchardwaremanagement.zones.get', 'gdchardwaremanagement.zones.list', 'genomics.datasets.get', 'genomics.datasets.list', 'genomics.operations.get', 'genomics.operations.list', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'gkeonprem.bareMetalAdminClusters.connect', 'gkeonprem.bareMetalAdminClusters.get', 'gkeonprem.bareMetalAdminClusters.getIamPolicy', 'gkeonprem.bareMetalAdminClusters.list', 'gkeonprem.bareMetalAdminClusters.queryVersionConfig', 'gkeonprem.bareMetalClusters.get', 'gkeonprem.bareMetalClusters.getIamPolicy', 'gkeonprem.bareMetalClusters.list', 'gkeonprem.bareMetalClusters.queryVersionConfig', 'gkeonprem.bareMetalNodePools.get', 'gkeonprem.bareMetalNodePools.getIamPolicy', 'gkeonprem.bareMetalNodePools.list', 'gkeonprem.locations.get', 'gkeonprem.locations.list', 'gkeonprem.operations.get', 'gkeonprem.operations.list', 'gkeonprem.vmwareAdminClusters.connect', 'gkeonprem.vmwareAdminClusters.get', 'gkeonprem.vmwareAdminClusters.getIamPolicy', 'gkeonprem.vmwareAdminClusters.list', 'gkeonprem.vmwareClusters.get', 'gkeonprem.vmwareClusters.getIamPolicy', 'gkeonprem.vmwareClusters.list', 'gkeonprem.vmwareClusters.queryVersionConfig', 'gkeonprem.vmwareNodePools.get', 'gkeonprem.vmwareNodePools.getIamPolicy', 'gkeonprem.vmwareNodePools.list', 'gsuiteaddons.authorizations.get', 'gsuiteaddons.deployments.get', 'gsuiteaddons.deployments.list', 'healthcare.annotationStores.evaluate', 'healthcare.annotationStores.export', 'healthcare.annotationStores.get', 'healthcare.annotationStores.getIamPolicy', 'healthcare.annotationStores.list', 'healthcare.annotations.get', 'healthcare.annotations.list', 'healthcare.attributeDefinitions.get', 'healthcare.attributeDefinitions.list', 'healthcare.consentArtifacts.get', 'healthcare.consentArtifacts.list', 'healthcare.consentStores.checkDataAccess', 'healthcare.consentStores.evaluateUserConsents', 'healthcare.consentStores.get', 'healthcare.consentStores.getIamPolicy', 'healthcare.consentStores.list', 'healthcare.consentStores.queryAccessibleData', 'healthcare.consents.get', 'healthcare.consents.list', 'healthcare.datasets.get', 'healthcare.datasets.getIamPolicy', 'healthcare.datasets.list', 'healthcare.dicomStores.dicomWebRead', 'healthcare.dicomStores.export', 'healthcare.dicomStores.get', 'healthcare.dicomStores.getIamPolicy', 'healthcare.dicomStores.list', 'healthcare.fhirResources.get', 'healthcare.fhirResources.translateConceptMap', 'healthcare.fhirStores.executeBundle', 'healthcare.fhirStores.explainDataAccess', 'healthcare.fhirStores.export', 'healthcare.fhirStores.get', 'healthcare.fhirStores.getIamPolicy', 'healthcare.fhirStores.list', 'healthcare.fhirStores.searchResources', 'healthcare.hl7V2Messages.get', 'healthcare.hl7V2Messages.list', 'healthcare.hl7V2Stores.get', 'healthcare.hl7V2Stores.getIamPolicy', 'healthcare.hl7V2Stores.list', 'healthcare.locations.get', 'healthcare.locations.list', 'healthcare.nlpservice.analyzeEntities', 'healthcare.operations.get', 'healthcare.operations.list', 'healthcare.userDataMappings.get', 'healthcare.userDataMappings.list', 'iam.denypolicies.get', 'iam.denypolicies.list', 'iam.googleapis.com/oauthClientCredentials.get', 'iam.googleapis.com/oauthClientCredentials.list', 'iam.googleapis.com/oauthClients.get', 'iam.googleapis.com/oauthClients.list', 'iam.googleapis.com/workforcePoolProviderKeys.get', 'iam.googleapis.com/workforcePoolProviderKeys.list', 'iam.googleapis.com/workforcePoolProviders.get', 'iam.googleapis.com/workforcePoolProviders.list', 'iam.googleapis.com/workforcePools.get', 'iam.googleapis.com/workforcePools.getIamPolicy', 'iam.googleapis.com/workforcePools.list', 'iam.googleapis.com/workforcePools.searchPolicyBindings', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.get', 'iam.googleapis.com/workloadIdentityPoolProviderKeys.list', 'iam.googleapis.com/workloadIdentityPoolProviders.get', 'iam.googleapis.com/workloadIdentityPoolProviders.list', 'iam.googleapis.com/workloadIdentityPools.get', 'iam.googleapis.com/workloadIdentityPools.list', 'iam.googleapis.com/workspacePools.searchPolicyBindings', 'iam.policybindings.get', 'iam.policybindings.list', 'iam.principalaccessboundarypolicies.get', 'iam.principalaccessboundarypolicies.list', 'iam.principalaccessboundarypolicies.searchPolicyBindings', 'iam.roles.get', 'iam.roles.list', 'iam.serviceAccountKeys.get', 'iam.serviceAccountKeys.list', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.list', 'iam.serviceAccounts.listEffectiveTags', 'iam.serviceAccounts.listTagBindings', 'iam.workloadIdentityPools.searchPolicyBindings', 'iap.projects.getSettings', 'iap.tunnelDestGroups.get', 'iap.tunnelDestGroups.list', 'iap.web.getSettings', 'iap.webServiceVersions.getSettings', 'iap.webServices.getSettings', 'iap.webTypes.getSettings', 'identitytoolkit.tenants.get', 'identitytoolkit.tenants.getIamPolicy', 'identitytoolkit.tenants.list', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.locations.get', 'ids.locations.list', 'ids.operations.get', 'ids.operations.list', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSuspensions.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.securityAuthConfigs.get', 'integrations.securityAuthConfigs.list', 'integrations.securityExecutions.get', 'integrations.securityExecutions.list', 'integrations.securityIntegTempVers.get', 'integrations.securityIntegTempVers.list', 'integrations.securityIntegrationVers.get', 'integrations.securityIntegrationVers.list', 'integrations.securityIntegrations.list', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.suspensions.list', 'integrations.testCases.get', 'integrations.testCases.list', 'issuerswitch.accountManagerTransactions.list', 'issuerswitch.complaintTransactions.list', 'issuerswitch.financialTransactions.list', 'issuerswitch.issuerParticipants.get', 'issuerswitch.managedAccounts.get', 'issuerswitch.mandateTransactions.list', 'issuerswitch.metadataTransactions.list', 'issuerswitch.operations.get', 'issuerswitch.operations.list', 'issuerswitch.operations.wait', 'issuerswitch.ruleMetadata.list', 'issuerswitch.ruleMetadataValues.list', 'issuerswitch.rules.list', 'krmapihosting.krmApiHosts.get', 'krmapihosting.krmApiHosts.getIamPolicy', 'krmapihosting.krmApiHosts.list', 'krmapihosting.locations.get', 'krmapihosting.locations.list', 'krmapihosting.operations.get', 'krmapihosting.operations.list', 'kubernetesmetadata.metadata.config', 'lifesciences.operations.get', 'lifesciences.operations.list', 'livestream.assets.get', 'livestream.assets.list', 'livestream.channels.get', 'livestream.channels.list', 'livestream.clips.get', 'livestream.clips.list', 'livestream.events.get', 'livestream.events.list', 'livestream.inputs.get', 'livestream.inputs.list', 'livestream.locations.get', 'livestream.locations.list', 'livestream.operations.get', 'livestream.operations.list', 'livestream.pools.get', 'logging.buckets.copyLogEntries', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.download', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.operations.get', 'logging.operations.list', 'logging.queries.getShared', 'logging.queries.listShared', 'logging.queries.usePrivate', 'logging.settings.get', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.listLogs', 'logging.views.listResourceKeys', 'logging.views.listResourceValues', 'looker.backups.get', 'looker.backups.list', 'looker.instances.get', 'looker.instances.list', 'looker.instances.login', 'looker.locations.get', 'looker.locations.list', 'looker.operations.get', 'looker.operations.list', 'managedflink.deployments.get', 'managedflink.deployments.list', 'managedflink.jobs.get', 'managedflink.jobs.list', 'managedflink.locations.get', 'managedflink.locations.list', 'managedflink.operations.get', 'managedflink.operations.list', 'managedflink.sessions.get', 'managedflink.sessions.list', 'managedidentities.backups.get', 'managedidentities.backups.getIamPolicy', 'managedidentities.backups.list', 'managedidentities.domains.checkMigrationPermission', 'managedidentities.domains.get', 'managedidentities.domains.getIamPolicy', 'managedidentities.domains.list', 'managedidentities.domains.listEffectiveTags', 'managedidentities.domains.listTagBindings', 'managedidentities.domains.validateTrust', 'managedidentities.locations.get', 'managedidentities.locations.list', 'managedidentities.operations.get', 'managedidentities.operations.list', 'managedidentities.peerings.get', 'managedidentities.peerings.getIamPolicy', 'managedidentities.peerings.list', 'managedidentities.sqlintegrations.get', 'managedidentities.sqlintegrations.list', 'managedkafka.clusters.get', 'managedkafka.clusters.list', 'managedkafka.consumerGroups.get', 'managedkafka.consumerGroups.list', 'managedkafka.locations.get', 'managedkafka.locations.list', 'managedkafka.operations.get', 'managedkafka.operations.list', 'managedkafka.topics.get', 'managedkafka.topics.list', 'mandiant.genericAttackSurfaceManagements.get', 'mandiant.genericDigitalThreatMonitorings.get', 'mandiant.genericExpertiseOnDemands.get', 'mandiant.genericPlatforms.get', 'mandiant.genericThreatIntels.get', 'mandiant.genericValidations.get', 'mapsadmin.clientMaps.get', 'mapsadmin.clientMaps.list', 'mapsadmin.clientStyleSheetSnapshots.list', 'mapsadmin.clientStyles.get', 'mapsadmin.clientStyles.list', 'mapsadmin.styleEditorConfigs.get', 'mapsadmin.styleSnapshots.list', 'mapsplatformdatasets.datasets.export', 'mapsplatformdatasets.datasets.get', 'mapsplatformdatasets.datasets.list', 'marketplacesolutions.locations.get', 'marketplacesolutions.locations.list', 'marketplacesolutions.operations.get', 'marketplacesolutions.operations.list', 'marketplacesolutions.powerImages.get', 'marketplacesolutions.powerImages.list', 'marketplacesolutions.powerInstances.get', 'marketplacesolutions.powerInstances.list', 'marketplacesolutions.powerNetworks.get', 'marketplacesolutions.powerNetworks.list', 'marketplacesolutions.powerSshKeys.get', 'marketplacesolutions.powerSshKeys.list', 'marketplacesolutions.powerVolumes.get', 'marketplacesolutions.powerVolumes.list', 'memcache.instances.get', 'memcache.instances.list', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.get', 'memcache.operations.list', 'memorystore.instances.get', 'memorystore.instances.list', 'memorystore.locations.get', 'memorystore.locations.list', 'memorystore.operations.get', 'memorystore.operations.list', 'metastore.backups.get', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.use', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.imports.get', 'metastore.imports.list', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'migrationcenter.assets.get', 'migrationcenter.assets.list', 'migrationcenter.discoveryClients.get', 'migrationcenter.discoveryClients.list', 'migrationcenter.errorFrames.get', 'migrationcenter.errorFrames.list', 'migrationcenter.groups.get', 'migrationcenter.groups.list', 'migrationcenter.importDataFiles.get', 'migrationcenter.importDataFiles.list', 'migrationcenter.importJobs.get', 'migrationcenter.importJobs.list', 'migrationcenter.locations.get', 'migrationcenter.locations.list', 'migrationcenter.operations.get', 'migrationcenter.operations.list', 'migrationcenter.preferenceSets.get', 'migrationcenter.preferenceSets.list', 'migrationcenter.relations.get', 'migrationcenter.relations.list', 'migrationcenter.reportConfigs.get', 'migrationcenter.reportConfigs.list', 'migrationcenter.reports.get', 'migrationcenter.reports.list', 'migrationcenter.settings.get', 'migrationcenter.sources.get', 'migrationcenter.sources.list', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'nestconsole.smarthomeProjects.get', 'nestconsole.smarthomeVersions.get', 'netapp.activeDirectories.get', 'netapp.activeDirectories.list', 'netapp.backupPolicies.get', 'netapp.backupPolicies.list', 'netapp.backupVaults.get', 'netapp.backupVaults.list', 'netapp.backups.get', 'netapp.backups.list', 'netapp.kmsConfigs.get', 'netapp.kmsConfigs.list', 'netapp.locations.get', 'netapp.locations.list', 'netapp.operations.get', 'netapp.operations.list', 'netapp.replications.get', 'netapp.replications.list', 'netapp.snapshots.get', 'netapp.snapshots.list', 'netapp.storagePools.get', 'netapp.storagePools.list', 'netapp.volumes.get', 'netapp.volumes.list', 'networkconnectivity.groups.get', 'networkconnectivity.groups.getIamPolicy', 'networkconnectivity.groups.list', 'networkconnectivity.hubRouteTables.get', 'networkconnectivity.hubRouteTables.getIamPolicy', 'networkconnectivity.hubRouteTables.list', 'networkconnectivity.hubRoutes.get', 'networkconnectivity.hubRoutes.getIamPolicy', 'networkconnectivity.hubRoutes.list', 'networkconnectivity.hubs.get', 'networkconnectivity.hubs.getIamPolicy', 'networkconnectivity.hubs.list', 'networkconnectivity.hubs.listSpokes', 'networkconnectivity.hubs.queryStatus', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.spokes.get', 'networkconnectivity.spokes.getIamPolicy', 'networkconnectivity.spokes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.getIamPolicy', 'networkmanagement.connectivitytests.list', 'networkmanagement.locations.get', 'networkmanagement.locations.list', 'networkmanagement.operations.get', 'networkmanagement.operations.list', 'networkmanagement.vpcflowlogsconfigs.get', 'networkmanagement.vpcflowlogsconfigs.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.mirroringDeploymentGroups.get', 'networksecurity.mirroringDeploymentGroups.list', 'networksecurity.mirroringDeployments.get', 'networksecurity.mirroringDeployments.list', 'networksecurity.mirroringEndpointGroupAssociations.get', 'networksecurity.mirroringEndpointGroupAssociations.list', 'networksecurity.mirroringEndpointGroups.get', 'networksecurity.mirroringEndpointGroups.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.instances.checkUpgradability', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'oauthconfig.clientpolicy.get', 'oauthconfig.testusers.get', 'oauthconfig.verification.get', 'observability.scopes.get', 'ondemandscanning.operations.get', 'ondemandscanning.operations.list', 'ondemandscanning.operations.wait', 'ondemandscanning.scans.listVulnerabilities', 'opsconfigmonitoring.resourceMetadata.list', 'oracledatabase.autonomousDatabaseBackups.get', 'oracledatabase.autonomousDatabaseBackups.list', 'oracledatabase.autonomousDatabaseCharacterSets.list', 'oracledatabase.autonomousDatabases.generateWallet', 'oracledatabase.autonomousDatabases.get', 'oracledatabase.autonomousDatabases.list', 'oracledatabase.autonomousDbVersions.list', 'oracledatabase.cloudExadataInfrastructures.get', 'oracledatabase.cloudExadataInfrastructures.list', 'oracledatabase.cloudVmClusters.get', 'oracledatabase.cloudVmClusters.list', 'oracledatabase.dbNodes.list', 'oracledatabase.dbServers.list', 'oracledatabase.dbSystemShapes.list', 'oracledatabase.entitlements.list', 'oracledatabase.giVersions.list', 'oracledatabase.locations.get', 'oracledatabase.locations.list', 'oracledatabase.operations.get', 'oracledatabase.operations.list', 'orgpolicy.constraints.list', 'orgpolicy.customConstraints.get', 'orgpolicy.customConstraints.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'osconfig.guestPolicies.get', 'osconfig.guestPolicies.list', 'osconfig.instanceOSPoliciesCompliances.get', 'osconfig.instanceOSPoliciesCompliances.list', 'osconfig.inventories.get', 'osconfig.inventories.list', 'osconfig.osPolicyAssignmentReports.get', 'osconfig.osPolicyAssignmentReports.list', 'osconfig.osPolicyAssignmentReports.searchSummaries', 'osconfig.osPolicyAssignments.get', 'osconfig.osPolicyAssignments.list', 'osconfig.osPolicyAssignments.searchPolicies', 'osconfig.patchDeployments.get', 'osconfig.patchDeployments.list', 'osconfig.patchJobs.get', 'osconfig.patchJobs.list', 'osconfig.projectFeatureSettings.get', 'osconfig.upgradeReports.get', 'osconfig.upgradeReports.getSummary', 'osconfig.upgradeReports.list', 'osconfig.upgradeReports.searchSummaries', 'osconfig.vulnerabilityReports.get', 'osconfig.vulnerabilityReports.list', 'paymentsresellersubscription.products.list', 'paymentsresellersubscription.promotions.list', 'paymentsresellersubscription.subscriptions.get', 'policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query', 'policyremediatormanager.locations.get', 'policyremediatormanager.locations.list', 'policyremediatormanager.operations.get', 'policyremediatormanager.operations.list', 'policyremediatormanager.remediatorServices.get', 'policysimulator.orgPolicyViolations.list', 'policysimulator.orgPolicyViolationsPreviews.get', 'policysimulator.orgPolicyViolationsPreviews.list', 'policysimulator.replayResults.list', 'policysimulator.replays.get', 'policysimulator.replays.list', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.use', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privilegedaccessmanager.entitlements.get', 'privilegedaccessmanager.entitlements.list', 'privilegedaccessmanager.grants.get', 'privilegedaccessmanager.grants.list', 'privilegedaccessmanager.locations.get', 'privilegedaccessmanager.locations.list', 'privilegedaccessmanager.operations.get', 'privilegedaccessmanager.operations.list', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.namespaces.get', 'proximitybeacon.namespaces.list', 'pubsub.schemas.attach', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsublite.locations.openKafkaStream', 'pubsublite.operations.get', 'pubsublite.operations.list', 'pubsublite.reservations.get', 'pubsublite.reservations.list', 'pubsublite.reservations.listTopics', 'pubsublite.subscriptions.get', 'pubsublite.subscriptions.getCursor', 'pubsublite.subscriptions.list', 'pubsublite.subscriptions.subscribe', 'pubsublite.topics.computeHeadCursor', 'pubsublite.topics.computeMessageStats', 'pubsublite.topics.computeTimeCursor', 'pubsublite.topics.get', 'pubsublite.topics.getPartitions', 'pubsublite.topics.list', 'pubsublite.topics.listSubscriptions', 'pubsublite.topics.subscribe', 'readerrevenuesubscriptionlinking.readerEntitlements.get', 'readerrevenuesubscriptionlinking.readers.get', 'recaptchaenterprise.firewallpolicies.get', 'recaptchaenterprise.firewallpolicies.list', 'recaptchaenterprise.keys.get', 'recaptchaenterprise.keys.list', 'recaptchaenterprise.metrics.get', 'recaptchaenterprise.projectmetadata.get', 'recaptchaenterprise.relatedaccountgroupmemberships.list', 'recaptchaenterprise.relatedaccountgroups.list', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudRecentChangeInsights.get', 'recommender.cloudRecentChangeInsights.list', 'recommender.cloudRecentChangeRecommendations.get', 'recommender.cloudRecentChangeRecommendations.list', 'recommender.cloudRecentChangeRecommenderConfig.get', 'recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudSecurityGeneralInsights.get', 'recommender.cloudSecurityGeneralInsights.list', 'recommender.cloudSecurityGeneralRecommendations.get', 'recommender.cloudSecurityGeneralRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.computeAddressIdleResourceInsights.get', 'recommender.computeAddressIdleResourceInsights.list', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceInsights.get', 'recommender.computeDiskIdleResourceInsights.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeFirewallInsightTypeConfigs.get', 'recommender.computeFirewallInsights.get', 'recommender.computeFirewallInsights.list', 'recommender.computeImageIdleResourceInsights.get', 'recommender.computeImageIdleResourceInsights.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceCpuUsageInsights.get', 'recommender.computeInstanceCpuUsageInsights.list', 'recommender.computeInstanceCpuUsagePredictionInsights.get', 'recommender.computeInstanceCpuUsagePredictionInsights.list', 'recommender.computeInstanceCpuUsageTrendInsights.get', 'recommender.computeInstanceCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageInsights.list', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get', 'recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsageInsights.list', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get', 'recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceIdleResourceRecommenderConfig.get', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.computeInstanceMemoryUsageInsights.get', 'recommender.computeInstanceMemoryUsageInsights.list', 'recommender.computeInstanceMemoryUsagePredictionInsights.get', 'recommender.computeInstanceMemoryUsagePredictionInsights.list', 'recommender.computeInstanceNetworkThroughputInsights.get', 'recommender.computeInstanceNetworkThroughputInsights.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.errorReportingInsights.get', 'recommender.errorReportingInsights.list', 'recommender.errorReportingRecommendations.get', 'recommender.errorReportingRecommendations.list', 'recommender.firestoreDatabaseReliabilityInsights.get', 'recommender.firestoreDatabaseReliabilityInsights.list', 'recommender.firestoreDatabaseReliabilityRecommendations.get', 'recommender.firestoreDatabaseReliabilityRecommendations.list', 'recommender.gmpGuidedExperienceInsights.get', 'recommender.gmpGuidedExperienceInsights.list', 'recommender.gmpGuidedExperienceRecommendations.get', 'recommender.gmpGuidedExperienceRecommendations.list', 'recommender.gmpProjectManagementInsights.get', 'recommender.gmpProjectManagementInsights.list', 'recommender.gmpProjectManagementRecommendations.get', 'recommender.gmpProjectManagementRecommendations.list', 'recommender.gmpProjectProductSuggestionsInsights.get', 'recommender.gmpProjectProductSuggestionsInsights.list', 'recommender.gmpProjectProductSuggestionsRecommendations.get', 'recommender.gmpProjectProductSuggestionsRecommendations.list', 'recommender.iamPolicyChangeRiskInsights.get', 'recommender.iamPolicyChangeRiskInsights.list', 'recommender.iamPolicyChangeRiskRecommendations.get', 'recommender.iamPolicyChangeRiskRecommendations.list', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyLateralMovementInsights.get', 'recommender.iamPolicyLateralMovementInsights.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommenderConfig.get', 'recommender.iamServiceAccountChangeRiskInsights.get', 'recommender.iamServiceAccountChangeRiskInsights.list', 'recommender.iamServiceAccountChangeRiskRecommendations.get', 'recommender.iamServiceAccountChangeRiskRecommendations.list', 'recommender.iamServiceAccountInsights.get', 'recommender.iamServiceAccountInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.loggingProductSuggestionContainerInsights.get', 'recommender.loggingProductSuggestionContainerInsights.list', 'recommender.loggingProductSuggestionContainerRecommendations.get', 'recommender.loggingProductSuggestionContainerRecommendations.list', 'recommender.monitoringProductSuggestionComputeInsights.get', 'recommender.monitoringProductSuggestionComputeInsights.list', 'recommender.monitoringProductSuggestionComputeRecommendations.get', 'recommender.monitoringProductSuggestionComputeRecommendations.list', 'recommender.networkAnalyzerCloudSqlInsights.get', 'recommender.networkAnalyzerCloudSqlInsights.list', 'recommender.networkAnalyzerDynamicRouteInsights.get', 'recommender.networkAnalyzerDynamicRouteInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeServiceAccountInsights.get', 'recommender.networkAnalyzerGkeServiceAccountInsights.list', 'recommender.networkAnalyzerIpAddressInsights.get', 'recommender.networkAnalyzerIpAddressInsights.list', 'recommender.networkAnalyzerLoadBalancerInsights.get', 'recommender.networkAnalyzerLoadBalancerInsights.list', 'recommender.networkAnalyzerVpcConnectivityInsights.get', 'recommender.networkAnalyzerVpcConnectivityInsights.list', 'recommender.resourcemanagerProjectChangeRiskInsights.get', 'recommender.resourcemanagerProjectChangeRiskInsights.list', 'recommender.resourcemanagerProjectChangeRiskRecommendations.get', 'recommender.resourcemanagerProjectChangeRiskRecommendations.list', 'recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get', 'recommender.resourcemanagerProjectUtilizationInsights.get', 'recommender.resourcemanagerProjectUtilizationInsights.list', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get', 'recommender.resourcemanagerServiceLimitInsights.get', 'recommender.resourcemanagerServiceLimitInsights.list', 'recommender.resourcemanagerServiceLimitRecommendations.get', 'recommender.resourcemanagerServiceLimitRecommendations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'redis.clusters.get', 'redis.clusters.list', 'redis.instances.get', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.locations.get', 'redis.locations.list', 'redis.operations.get', 'redis.operations.list', 'remotebuildexecution.actions.get', 'remotebuildexecution.blobs.get', 'remotebuildexecution.instances.get', 'remotebuildexecution.instances.list', 'remotebuildexecution.logstreams.get', 'remotebuildexecution.workerpools.get', 'remotebuildexecution.workerpools.list', 'resourcemanager.folders.searchPolicyBindings', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.hierarchyNodes.listTagBindings', 'resourcemanager.organizations.searchPolicyBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.searchPolicyBindings', 'resourcemanager.tagHolds.list', 'resourcemanager.tagKeys.get', 'resourcemanager.tagKeys.getIamPolicy', 'resourcemanager.tagKeys.list', 'resourcemanager.tagValues.get', 'resourcemanager.tagValues.getIamPolicy', 'resourcemanager.tagValues.list', 'resourcesettings.settings.get', 'resourcesettings.settings.list', 'retail.alertConfigs.get', 'retail.attributesConfigs.exportCatalogAttributes', 'retail.attributesConfigs.get', 'retail.branches.get', 'retail.branches.list', 'retail.catalogs.completeQuery', 'retail.catalogs.exportAnalyticsMetrics', 'retail.catalogs.list', 'retail.controls.export', 'retail.controls.get', 'retail.controls.list', 'retail.experiments.get', 'retail.experiments.list', 'retail.experiments.loadExperimentLookerDashboard', 'retail.experiments.queryTrafficMetrics', 'retail.models.get', 'retail.models.list', 'retail.models.pause', 'retail.models.resume', 'retail.models.tune', 'retail.operations.get', 'retail.operations.list', 'retail.placements.predict', 'retail.placements.search', 'retail.products.export', 'retail.products.get', 'retail.products.list', 'retail.retailProjects.get', 'retail.servingConfigs.get', 'retail.servingConfigs.list', 'retail.servingConfigs.predict', 'retail.servingConfigs.search', 'riscconfigurationservice.riscconfigs.get', 'riskmanager.controlScoreBreakdowns.get', 'riskmanager.controlScoreBreakdowns.list', 'riskmanager.operations.get', 'riskmanager.operations.list', 'riskmanager.policies.get', 'riskmanager.policies.list', 'riskmanager.reports.get', 'riskmanager.reports.list', 'riskmanager.settings.get', 'rma.annotations.get', 'rma.collectors.get', 'rma.collectors.list', 'rma.locations.get', 'rma.locations.list', 'rma.operations.get', 'rma.operations.list', 'routeoptimization.locations.use', 'routeoptimization.operations.get', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.get', 'runapps.operations.list', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'secretmanager.locations.get', 'secretmanager.locations.list', 'secretmanager.secrets.get', 'secretmanager.secrets.getIamPolicy', 'secretmanager.secrets.list', 'secretmanager.secrets.listEffectiveTags', 'secretmanager.secrets.listTagBindings', 'secretmanager.versions.get', 'secretmanager.versions.list', 'securedlandingzone.operations.get', 'securedlandingzone.overwatches.get', 'securedlandingzone.overwatches.list', 'securesourcemanager.branchRules.get', 'securesourcemanager.branchRules.list', 'securesourcemanager.instances.access', 'securesourcemanager.instances.get', 'securesourcemanager.instances.getIamPolicy', 'securesourcemanager.instances.list', 'securesourcemanager.locations.get', 'securesourcemanager.locations.list', 'securesourcemanager.operations.get', 'securesourcemanager.operations.list', 'securesourcemanager.repositories.fetch', 'securesourcemanager.repositories.get', 'securesourcemanager.repositories.getIamPolicy', 'securesourcemanager.repositories.list', 'securesourcemanager.repositories.readIssues', 'securesourcemanager.repositories.readPullRequests', 'securesourcemanager.sshkeys.get', 'securesourcemanager.sshkeys.list', 'securesourcemanager.sshkeys.listAny', 'securitycenter.assets.group', 'securitycenter.assets.list', 'securitycenter.assets.listAssetPropertyNames', 'securitycenter.attackpaths.list', 'securitycenter.bigQueryExports.get', 'securitycenter.bigQueryExports.list', 'securitycenter.complianceReports.aggregate', 'securitycenter.compliancesnapshots.list', 'securitycenter.containerthreatdetectionsettings.calculate', 'securitycenter.containerthreatdetectionsettings.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.get', 'securitycenter.effectivesecurityhealthanalyticscustommodules.list', 'securitycenter.eventthreatdetectionsettings.calculate', 'securitycenter.eventthreatdetectionsettings.get', 'securitycenter.exposurepathexplan.get', 'securitycenter.findingexplanations.get', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.integratedvulnerabilityscannersettings.calculate', 'securitycenter.integratedvulnerabilityscannersettings.get', 'securitycenter.muteconfigs.get', 'securitycenter.muteconfigs.list', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.list', 'securitycenter.organizationsettings.get', 'securitycenter.rapidvulnerabilitydetectionsettings.calculate', 'securitycenter.rapidvulnerabilitydetectionsettings.get', 'securitycenter.resourcevalueconfigs.get', 'securitycenter.resourcevalueconfigs.list', 'securitycenter.securitycentersettings.get', 'securitycenter.securityhealthanalyticscustommodules.get', 'securitycenter.securityhealthanalyticscustommodules.list', 'securitycenter.securityhealthanalyticscustommodules.simulate', 'securitycenter.securityhealthanalyticscustommodules.test', 'securitycenter.securityhealthanalyticssettings.calculate', 'securitycenter.securityhealthanalyticssettings.get', 'securitycenter.simulations.get', 'securitycenter.sources.get', 'securitycenter.sources.getIamPolicy', 'securitycenter.sources.list', 'securitycenter.subscription.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list', 'securitycenter.virtualmachinethreatdetectionsettings.calculate', 'securitycenter.virtualmachinethreatdetectionsettings.get', 'securitycenter.vulnerabilitysnapshots.list', 'securitycenter.websecurityscannersettings.calculate', 'securitycenter.websecurityscannersettings.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.get', 'securitycentermanagement.effectiveEventThreatDetectionCustomModules.list', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.get', 'securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.get', 'securitycentermanagement.eventThreatDetectionCustomModules.list', 'securitycentermanagement.eventThreatDetectionCustomModules.validate', 'securitycentermanagement.locations.get', 'securitycentermanagement.locations.list', 'securitycentermanagement.securityCenterServices.get', 'securitycentermanagement.securityCenterServices.list', 'securitycentermanagement.securityCommandCenter.checkActivationOperation', 'securitycentermanagement.securityCommandCenter.checkEligibility', 'securitycentermanagement.securityCommandCenter.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.get', 'securitycentermanagement.securityHealthAnalyticsCustomModules.list', 'securitycentermanagement.securityHealthAnalyticsCustomModules.simulate', 'securitycentermanagement.securityHealthAnalyticsCustomModules.test', 'securityposture.locations.get', 'securityposture.locations.list', 'securityposture.operations.get', 'securityposture.operations.list', 'securityposture.postureDeployments.get', 'securityposture.postureDeployments.list', 'securityposture.postureTemplates.get', 'securityposture.postureTemplates.list', 'securityposture.postures.get', 'securityposture.postures.list', 'securityposture.reports.get', 'securityposture.reports.list', 'servicebroker.bindingoperations.get', 'servicebroker.bindingoperations.list', 'servicebroker.bindings.get', 'servicebroker.bindings.getIamPolicy', 'servicebroker.bindings.list', 'servicebroker.catalogs.get', 'servicebroker.catalogs.getIamPolicy', 'servicebroker.catalogs.list', 'servicebroker.instanceoperations.get', 'servicebroker.instanceoperations.list', 'servicebroker.instances.get', 'servicebroker.instances.getIamPolicy', 'servicebroker.instances.list', 'serviceconsumermanagement.consumers.get', 'serviceconsumermanagement.quota.get', 'serviceconsumermanagement.tenancyu.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'servicehealth.events.get', 'servicehealth.events.list', 'servicehealth.locations.get', 'servicehealth.locations.list', 'servicehealth.organizationEvents.get', 'servicehealth.organizationEvents.list', 'servicehealth.organizationImpacts.get', 'servicehealth.organizationImpacts.list', 'servicehealth.statuses.get', 'servicemanagement.services.get', 'servicemanagement.services.list', 'servicenetworking.operations.get', 'servicenetworking.operations.list', 'servicenetworking.services.get', 'servicenetworking.services.getConsumerConfig', 'servicesecurityinsights.clusterSecurityInfo.get', 'servicesecurityinsights.clusterSecurityInfo.list', 'servicesecurityinsights.policies.get', 'servicesecurityinsights.projectStates.get', 'servicesecurityinsights.securityInfo.list', 'servicesecurityinsights.securityViews.get', 'servicesecurityinsights.workloadPolicies.list', 'servicesecurityinsights.workloadSecurityInfo.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'source.repos.get', 'source.repos.getIamPolicy', 'source.repos.list', 'spanner.backupOperations.get', 'spanner.backupOperations.list', 'spanner.backupSchedules.get', 'spanner.backupSchedules.getIamPolicy', 'spanner.backupSchedules.list', 'spanner.backups.get', 'spanner.backups.getIamPolicy', 'spanner.backups.list', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databaseRoles.list', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.get', 'spanner.databases.getDdl', 'spanner.databases.getIamPolicy', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.useDataBoost', 'spanner.instanceConfigOperations.get', 'spanner.instanceConfigOperations.list', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instanceOperations.get', 'spanner.instanceOperations.list', 'spanner.instancePartitionOperations.get', 'spanner.instancePartitionOperations.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.get', 'spanner.instances.getIamPolicy', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'speakerid.phrases.get', 'speakerid.phrases.list', 'speakerid.settings.get', 'speakerid.speakers.get', 'speakerid.speakers.list', 'speech.adaptations.execute', 'speech.config.get', 'speech.customClasses.get', 'speech.customClasses.list', 'speech.locations.get', 'speech.locations.list', 'speech.operations.get', 'speech.operations.list', 'speech.operations.wait', 'speech.phraseSets.get', 'speech.phraseSets.list', 'speech.recognizers.get', 'speech.recognizers.list', 'speech.recognizers.recognize', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.folders.get', 'storage.folders.list', 'storage.hmacKeys.get', 'storage.hmacKeys.list', 'storage.managementHubs.get', 'storageinsights.datasetConfigs.get', 'storageinsights.datasetConfigs.list', 'storageinsights.locations.get', 'storageinsights.locations.list', 'storageinsights.operations.get', 'storageinsights.operations.list', 'storageinsights.reportConfigs.get', 'storageinsights.reportConfigs.list', 'storageinsights.reportDetails.get', 'storageinsights.reportDetails.list', 'storagetransfer.agentpools.get', 'storagetransfer.agentpools.list', 'storagetransfer.jobs.get', 'storagetransfer.jobs.list', 'storagetransfer.operations.get', 'storagetransfer.operations.list', 'storagetransfer.projects.getServiceAccount', 'stream.locations.get', 'stream.locations.list', 'stream.operations.get', 'stream.operations.list', 'stream.streamContents.get', 'stream.streamContents.list', 'stream.streamInstances.get', 'stream.streamInstances.list', 'subscribewithgoogledeveloper.tools.get', 'telcoautomation.blueprints.get', 'telcoautomation.blueprints.list', 'telcoautomation.deployments.computeStatus', 'telcoautomation.deployments.get', 'telcoautomation.deployments.list', 'telcoautomation.edgeSlms.get', 'telcoautomation.edgeSlms.list', 'telcoautomation.hydratedDeployments.get', 'telcoautomation.hydratedDeployments.list', 'telcoautomation.locations.get', 'telcoautomation.locations.list', 'telcoautomation.operations.get', 'telcoautomation.operations.list', 'telcoautomation.orchestrationClusters.get', 'telcoautomation.orchestrationClusters.list', 'telcoautomation.publicBlueprints.get', 'telcoautomation.publicBlueprints.list', 'timeseriesinsights.datasets.evaluate', 'timeseriesinsights.datasets.list', 'timeseriesinsights.datasets.query', 'timeseriesinsights.locations.get', 'timeseriesinsights.locations.list', 'tpu.acceleratortypes.get', 'tpu.acceleratortypes.list', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.operations.get', 'tpu.operations.list', 'tpu.runtimeversions.get', 'tpu.runtimeversions.list', 'tpu.tensorflowversions.get', 'tpu.tensorflowversions.list', 'trafficdirector.networks.getConfigs', 'transcoder.jobTemplates.get', 'transcoder.jobTemplates.list', 'transcoder.jobs.get', 'transcoder.jobs.list', 'transferappliance.appliances.get', 'transferappliance.appliances.list', 'transferappliance.credentials.get', 'transferappliance.locations.get', 'transferappliance.locations.list', 'transferappliance.operations.get', 'transferappliance.operations.list', 'transferappliance.orders.get', 'transferappliance.orders.list', 'transferappliance.savedAddresses.get', 'transferappliance.savedAddresses.list', 'translationhub.portals.get', 'translationhub.portals.list', 'videostitcher.cdnKeys.get', 'videostitcher.cdnKeys.list', 'videostitcher.liveAdTagDetails.get', 'videostitcher.liveAdTagDetails.list', 'videostitcher.liveConfigs.get', 'videostitcher.liveConfigs.list', 'videostitcher.liveSessions.get', 'videostitcher.operations.get', 'videostitcher.operations.list', 'videostitcher.slates.get', 'videostitcher.slates.list', 'videostitcher.vodAdTagDetails.get', 'videostitcher.vodAdTagDetails.list', 'videostitcher.vodConfigs.get', 'videostitcher.vodConfigs.list', 'videostitcher.vodSessions.get', 'videostitcher.vodStitchDetails.get', 'videostitcher.vodStitchDetails.list', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.applications.get', 'visionai.applications.list', 'visionai.assets.clip', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.list', 'visionai.assets.search', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.watch', 'visionai.corpora.get', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.validate', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operations.wait', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.series.acquireLease', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.receive', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list', 'visualinspection.annotationSets.get', 'visualinspection.annotationSets.list', 'visualinspection.annotationSpecs.get', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.get', 'visualinspection.annotations.list', 'visualinspection.datasets.export', 'visualinspection.datasets.get', 'visualinspection.datasets.list', 'visualinspection.images.get', 'visualinspection.images.list', 'visualinspection.locations.get', 'visualinspection.locations.list', 'visualinspection.modelEvaluations.get', 'visualinspection.modelEvaluations.list', 'visualinspection.models.get', 'visualinspection.models.list', 'visualinspection.modules.get', 'visualinspection.modules.list', 'visualinspection.operations.get', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.get', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutionArtifacts.predict', 'visualinspection.solutions.get', 'visualinspection.solutions.list', 'vmmigration.cloneJobs.get', 'vmmigration.cloneJobs.list', 'vmmigration.cutoverJobs.get', 'vmmigration.cutoverJobs.list', 'vmmigration.datacenterConnectors.get', 'vmmigration.datacenterConnectors.list', 'vmmigration.deployments.get', 'vmmigration.deployments.list', 'vmmigration.groups.get', 'vmmigration.groups.list', 'vmmigration.locations.get', 'vmmigration.locations.list', 'vmmigration.migratingVms.get', 'vmmigration.migratingVms.list', 'vmmigration.operations.get', 'vmmigration.operations.list', 'vmmigration.replicationCycles.get', 'vmmigration.replicationCycles.list', 'vmmigration.sources.get', 'vmmigration.sources.list', 'vmmigration.targets.get', 'vmmigration.targets.list', 'vmmigration.utilizationReports.get', 'vmmigration.utilizationReports.list', 'vmwareengine.clusters.get', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.dnsBindPermission.get', 'vmwareengine.dnsForwarding.get', 'vmwareengine.externalAccessRules.get', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.hcxActivationKeys.get', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.locations.get', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.get', 'vmwareengine.loggingServers.list', 'vmwareengine.managementDnsZoneBindings.get', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.networkPeerings.get', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPeerings.listPeeringRoutes', 'vmwareengine.networkPolicies.fetchExternalAddresses', 'vmwareengine.networkPolicies.get', 'vmwareengine.networkPolicies.list', 'vmwareengine.nodeTypes.get', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list', 'vmwareengine.operations.get', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.get', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateConnections.get', 'vmwareengine.privateConnections.list', 'vmwareengine.privateConnections.listPeeringRoutes', 'vmwareengine.projectState.get', 'vmwareengine.services.view', 'vmwareengine.subnets.get', 'vmwareengine.subnets.list', 'vmwareengine.vmwareEngineNetworks.get', 'vmwareengine.vmwareEngineNetworks.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list', 'vpcaccess.connectors.use', 'vpcaccess.locations.list', 'vpcaccess.operations.get', 'vpcaccess.operations.list', 'workflows.callbacks.list', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.insights.export', 'workloadmanager.insights.listSapSystems', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.get', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list', 'workstations.operations.get', 'workstations.workstationClusters.get', 'workstations.workstationClusters.list', 'workstations.workstationConfigs.get', 'workstations.workstationConfigs.getIamPolicy', 'workstations.workstationConfigs.list', 'workstations.workstations.get', 'workstations.workstations.getIamPolicy', 'workstations.workstations.list']
Copy Permissions GA
roles/serviceconsumermanagement.tenancyUnitsViewer
View tenancy units
Viewer of Tenancy Units
['serviceconsumermanagement.tenancyu.list']
Copy Permissions BETA
roles/visionai.analysisEditor
Access to read and write Vision AI Analyses.
Vision AI Analysis Editor
['visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.list', 'visionai.analyses.update']
Copy Permissions BETA
roles/visionai.analysisViewer
Access to read Vision AI Analyses.
Vision AI Analysis Viewer
['visionai.analyses.get', 'visionai.analyses.list']
Copy Permissions BETA
roles/visionai.applicationEditor
Access to read and write Vision AI Applications.
Vision AI Application Editor
['visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.instances.get', 'visionai.instances.list']
Copy Permissions BETA
roles/visionai.applicationViewer
Access to read Vision AI Applications.
Vision AI Application Viewer
['visionai.applications.get', 'visionai.applications.list', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.instances.get', 'visionai.instances.list']
Copy Permissions BETA
roles/visionai.clusterEditor
Access to read and write Vision AI Cluster.
Vision AI Cluster Editor
['visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.list', 'visionai.clusters.update', 'visionai.clusters.watch']
Copy Permissions BETA
roles/visionai.clusterViewer
Access to read Vision AI Clusters.
Vision AI Cluster Viewer
['visionai.clusters.get', 'visionai.clusters.list']
Copy Permissions BETA
roles/visionai.eventEditor
Access to read and write Vision AI Events.
Vision AI Event Editor
['visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.list', 'visionai.events.update']
Copy Permissions BETA
roles/visionai.eventViewer
Access to read Vision AI Events.
Vision AI Event Viewer
['visionai.events.get', 'visionai.events.list']
Copy Permissions BETA
roles/visionai.operatorEditor
Access to read and write Vision AI Operators.
Vision AI Operator Editor
['visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.list', 'visionai.operators.update']
Copy Permissions BETA
roles/visionai.operatorViewer
Access to read Vision AI Operators.
Vision AI Operator Viewer
['visionai.operators.get', 'visionai.operators.list']
Copy Permissions BETA
roles/visionai.packetReceiver
Access to read Vision AI Series.
Vision AI Packet Receiver
['visionai.clusters.watch', 'visionai.series.acquireLease', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.streams.receive']
Copy Permissions BETA
roles/visionai.packetSender
Packet sender to the series.
Vision AI Packet Sender
['visionai.series.acquireLease', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.streams.send']
Copy Permissions BETA
roles/visionai.processorEditor
Access to read and write Vision AI Processors.
Vision AI Processor Editor
['visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.processors.update']
Copy Permissions BETA
roles/visionai.processorViewer
Access to read Vision AI Processors.
Vision AI Processor Viewer
['visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt']
Copy Permissions BETA
roles/visionai.retailcatalogEditor
Access to read and write Vision AI RetailCatalogs.
Vision AI RetailCatalog Editor
Copy Permissions BETA
roles/visionai.retailcatalogViewer
Access to read Vision AI RetailCatalogs.
Vision AI RetailCatalog Viewer
Copy Permissions BETA
roles/visionai.retailendpointEditor
Access to read and write Vision AI RetailEndpoints.
Vision AI RetailEndpoint Editor
Copy Permissions BETA
roles/visionai.retailendpointViewer
Access to read Vision AI RetailEndpoints.
Vision AI RetailEndpoint Viewer
Copy Permissions BETA
roles/visionai.seriesEditor
Access to read and write Vision AI Series.
Vision AI Series Editor
['visionai.clusters.watch', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.update', 'visionai.streams.receive', 'visionai.streams.send']
Copy Permissions BETA
roles/visionai.seriesViewer
Access to read Vision AI Series.
Vision AI Series Viewer
['visionai.series.get', 'visionai.series.list']
Copy Permissions BETA
roles/visionai.streamEditor
Access to read and write Vision AI Streams.
Vision AI Stream Editor
['visionai.clusters.watch', 'visionai.series.acquireLease', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.update']
Copy Permissions BETA
roles/visionai.streamViewer
Access to read Vision AI Streams.
Vision AI Stream Viewer
['visionai.streams.get', 'visionai.streams.list']
Copy Permissions BETA
roles/visionai.uiStreamEditor
Access to read & write Vision AI UI Streams.
Vision AI UI Stream Editor
['visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions BETA
roles/visionai.uiStreamViewer
Access to read Vision AI UI Streams.
Vision AI UI Stream Viewer
['visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions BETA
roles/visionai.admin
Full access to Vision AI all resources.
VisionAI Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.analyses.setIamPolicy', 'visionai.analyses.update', 'visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.setIamPolicy', 'visionai.clusters.update', 'visionai.clusters.watch', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.events.setIamPolicy', 'visionai.events.update', 'visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.cancel', 'visionai.operations.delete', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operations.wait', 'visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.operators.setIamPolicy', 'visionai.operators.update', 'visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.processors.update', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.setIamPolicy', 'visionai.series.update', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.setIamPolicy', 'visionai.streams.update', 'visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions BETA
roles/visionai.editor
Edit access to Vision AI all resources.
VisionAI Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'visionai.analyses.create', 'visionai.analyses.delete', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.analyses.update', 'visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.applications.create', 'visionai.applications.delete', 'visionai.applications.deploy', 'visionai.applications.get', 'visionai.applications.list', 'visionai.applications.undeploy', 'visionai.applications.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.clusters.create', 'visionai.clusters.delete', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.clusters.update', 'visionai.clusters.watch', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.drafts.create', 'visionai.drafts.delete', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.drafts.update', 'visionai.events.create', 'visionai.events.delete', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.events.update', 'visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.cancel', 'visionai.operations.delete', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operations.wait', 'visionai.operators.create', 'visionai.operators.delete', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.operators.update', 'visionai.processors.create', 'visionai.processors.delete', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.processors.update', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update', 'visionai.series.acquireLease', 'visionai.series.create', 'visionai.series.delete', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.series.receive', 'visionai.series.releaseLease', 'visionai.series.renewLease', 'visionai.series.send', 'visionai.series.update', 'visionai.streams.create', 'visionai.streams.delete', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.streams.receive', 'visionai.streams.send', 'visionai.streams.update', 'visionai.uistreams.create', 'visionai.uistreams.delete', 'visionai.uistreams.generateStreamThumbnails', 'visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions BETA
roles/visionai.viewer
View access to Vision AI all resources.
VisionAI Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'visionai.analyses.get', 'visionai.analyses.getIamPolicy', 'visionai.analyses.list', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.applications.get', 'visionai.applications.list', 'visionai.assets.clip', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.list', 'visionai.assets.search', 'visionai.clusters.get', 'visionai.clusters.getIamPolicy', 'visionai.clusters.list', 'visionai.corpora.get', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.validate', 'visionai.drafts.get', 'visionai.drafts.list', 'visionai.events.get', 'visionai.events.getIamPolicy', 'visionai.events.list', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.viewAssets', 'visionai.instances.get', 'visionai.instances.list', 'visionai.locations.get', 'visionai.locations.list', 'visionai.operations.get', 'visionai.operations.list', 'visionai.operators.get', 'visionai.operators.getIamPolicy', 'visionai.operators.list', 'visionai.processors.get', 'visionai.processors.list', 'visionai.processors.listPrebuilt', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.series.get', 'visionai.series.getIamPolicy', 'visionai.series.list', 'visionai.streams.get', 'visionai.streams.getIamPolicy', 'visionai.streams.list', 'visionai.uistreams.get', 'visionai.uistreams.list']
Copy Permissions BETA
roles/visionai.annotationEditor
Grants access to edit media asset annotations into the Warehouse.
VisionAI Warehouse Annotation Editor
['visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update']
Copy Permissions BETA
roles/visionai.annotationViewer
Grants access to view media asset annotations into the Warehouse.
VisionAI Warehouse Annotation Viewer
['visionai.annotations.get', 'visionai.annotations.list']
Copy Permissions BETA
roles/visionai.assetCreator
Grants access to ingest media assets into the Warehouse.
VisionAI Warehouse Asset Creator
['visionai.assets.create', 'visionai.assets.ingest']
Copy Permissions BETA
roles/visionai.assetEditor
Grants access to edit media assets into the Warehouse.
VisionAI Warehouse Asset Editor
['visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload']
Copy Permissions BETA
roles/visionai.assetViewer
Grants access to view media assets into the Warehouse.
VisionAI Warehouse Asset Viewer
['visionai.assets.get', 'visionai.assets.list', 'visionai.assets.search']
Copy Permissions BETA
roles/visionai.corpusAdmin
Full control to everything in a corpus including corpus access control.
VisionAI Warehouse Corpus Administrator
['visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.operations.get', 'visionai.operations.list', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update']
Copy Permissions BETA
roles/visionai.corpusEditor
Read-write access to everything in a corpus.
VisionAI Warehouse Corpus Editor
['visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.corpora.analyze', 'visionai.corpora.create', 'visionai.corpora.delete', 'visionai.corpora.get', 'visionai.corpora.import', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.update', 'visionai.dataSchemas.validate', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.update', 'visionai.indexes.viewAssets', 'visionai.operations.get', 'visionai.operations.list', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list', 'visionai.searchConfigs.update']
Copy Permissions BETA
roles/visionai.corpusViewer
Grants access to view everything in a corpus.
VisionAI Warehouse Corpus Viewer
['visionai.annotations.get', 'visionai.annotations.list', 'visionai.assets.clip', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.list', 'visionai.assets.search', 'visionai.corpora.get', 'visionai.corpora.list', 'visionai.corpora.suggest', 'visionai.dataSchemas.get', 'visionai.dataSchemas.list', 'visionai.dataSchemas.validate', 'visionai.indexes.get', 'visionai.indexes.list', 'visionai.indexes.viewAssets', 'visionai.operations.get', 'visionai.operations.list', 'visionai.searchConfigs.get', 'visionai.searchConfigs.list']
Copy Permissions BETA
roles/visionai.corpusWriter
Grants access to create/update/delete everything in a corpus.
VisionAI Warehouse Corpus Writer
['visionai.annotations.create', 'visionai.annotations.delete', 'visionai.annotations.get', 'visionai.annotations.list', 'visionai.annotations.update', 'visionai.assets.analyze', 'visionai.assets.clip', 'visionai.assets.create', 'visionai.assets.delete', 'visionai.assets.generateHlsUri', 'visionai.assets.get', 'visionai.assets.index', 'visionai.assets.ingest', 'visionai.assets.list', 'visionai.assets.removeIndex', 'visionai.assets.search', 'visionai.assets.update', 'visionai.assets.upload', 'visionai.corpora.analyze', 'visionai.corpora.delete', 'visionai.corpora.import', 'visionai.corpora.update', 'visionai.dataSchemas.create', 'visionai.dataSchemas.delete', 'visionai.dataSchemas.update', 'visionai.indexes.create', 'visionai.indexes.delete', 'visionai.indexes.update', 'visionai.operations.get', 'visionai.operations.list', 'visionai.searchConfigs.create', 'visionai.searchConfigs.delete', 'visionai.searchConfigs.update']
Copy Permissions BETA
roles/visionai.indexEndpointAdmin
Full control of all Media Warehouse resources and permissions.
VisionAI Warehouse IndexEndpoint Administrator
['visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update']
Copy Permissions BETA
roles/visionai.indexEndpointEditor
Read, write and create access to all index endpoints level resources.
VisionAI Warehouse IndexEndpoint Editor
['visionai.indexEndpoints.create', 'visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update']
Copy Permissions BETA
roles/visionai.indexEndpointViewer
Grants access to view all index endpoint resources and be able to search on them. (ReadOnly)
VisionAI Warehouse IndexEndpoint Viewer
['visionai.indexEndpoints.get', 'visionai.indexEndpoints.list', 'visionai.indexEndpoints.search']
Copy Permissions BETA
roles/visionai.indexEndpointWriter
Grants access to perform update, delete, deploy and undeploy operations on the index endpoint.
VisionAI Warehouse IndexEndpoint Writer
['visionai.indexEndpoints.delete', 'visionai.indexEndpoints.deploy', 'visionai.indexEndpoints.undeploy', 'visionai.indexEndpoints.update']
Copy Permissions BETA
roles/visualinspection.serviceAgent
Grants Visual Inspection AI Service Agent admin roles for accessing/exporting training data, pushing containers artifacts to GCR and ArtifactsRegistry, and Vertex AI for storing data and running training jobs.
Visual Inspection AI Service Agent
['aiplatform.agentExamples.create', 'aiplatform.agentExamples.delete', 'aiplatform.agentExamples.get', 'aiplatform.agentExamples.list', 'aiplatform.agentExamples.update', 'aiplatform.agents.create', 'aiplatform.agents.delete', 'aiplatform.agents.get', 'aiplatform.agents.list', 'aiplatform.agents.update', 'aiplatform.annotationSpecs.create', 'aiplatform.annotationSpecs.delete', 'aiplatform.annotationSpecs.get', 'aiplatform.annotationSpecs.list', 'aiplatform.annotationSpecs.update', 'aiplatform.annotations.create', 'aiplatform.annotations.delete', 'aiplatform.annotations.get', 'aiplatform.annotations.list', 'aiplatform.annotations.update', 'aiplatform.apps.create', 'aiplatform.apps.delete', 'aiplatform.apps.get', 'aiplatform.apps.list', 'aiplatform.apps.update', 'aiplatform.artifacts.create', 'aiplatform.artifacts.delete', 'aiplatform.artifacts.get', 'aiplatform.artifacts.list', 'aiplatform.artifacts.update', 'aiplatform.batchPredictionJobs.cancel', 'aiplatform.batchPredictionJobs.create', 'aiplatform.batchPredictionJobs.delete', 'aiplatform.batchPredictionJobs.get', 'aiplatform.batchPredictionJobs.list', 'aiplatform.cacheConfigs.get', 'aiplatform.cacheConfigs.update', 'aiplatform.cachedContents.create', 'aiplatform.cachedContents.delete', 'aiplatform.cachedContents.get', 'aiplatform.cachedContents.list', 'aiplatform.cachedContents.update', 'aiplatform.consents.get', 'aiplatform.consents.update', 'aiplatform.contexts.addContextArtifactsAndExecutions', 'aiplatform.contexts.addContextChildren', 'aiplatform.contexts.create', 'aiplatform.contexts.delete', 'aiplatform.contexts.get', 'aiplatform.contexts.list', 'aiplatform.contexts.queryContextLineageSubgraph', 'aiplatform.contexts.update', 'aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.delete', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.dataItems.create', 'aiplatform.dataItems.delete', 'aiplatform.dataItems.get', 'aiplatform.dataItems.list', 'aiplatform.dataItems.update', 'aiplatform.dataLabelingJobs.cancel', 'aiplatform.dataLabelingJobs.create', 'aiplatform.dataLabelingJobs.delete', 'aiplatform.dataLabelingJobs.get', 'aiplatform.dataLabelingJobs.list', 'aiplatform.datasetVersions.create', 'aiplatform.datasetVersions.delete', 'aiplatform.datasetVersions.get', 'aiplatform.datasetVersions.list', 'aiplatform.datasetVersions.restore', 'aiplatform.datasets.create', 'aiplatform.datasets.delete', 'aiplatform.datasets.export', 'aiplatform.datasets.get', 'aiplatform.datasets.import', 'aiplatform.datasets.list', 'aiplatform.datasets.update', 'aiplatform.deploymentResourcePools.create', 'aiplatform.deploymentResourcePools.delete', 'aiplatform.deploymentResourcePools.get', 'aiplatform.deploymentResourcePools.list', 'aiplatform.deploymentResourcePools.queryDeployedModels', 'aiplatform.deploymentResourcePools.update', 'aiplatform.edgeDeploymentJobs.create', 'aiplatform.edgeDeploymentJobs.delete', 'aiplatform.edgeDeploymentJobs.get', 'aiplatform.edgeDeploymentJobs.list', 'aiplatform.edgeDeviceDebugInfo.get', 'aiplatform.edgeDevices.create', 'aiplatform.edgeDevices.delete', 'aiplatform.edgeDevices.get', 'aiplatform.edgeDevices.list', 'aiplatform.edgeDevices.update', 'aiplatform.endpoints.create', 'aiplatform.endpoints.delete', 'aiplatform.endpoints.deploy', 'aiplatform.endpoints.explain', 'aiplatform.endpoints.get', 'aiplatform.endpoints.getIamPolicy', 'aiplatform.endpoints.list', 'aiplatform.endpoints.predict', 'aiplatform.endpoints.setIamPolicy', 'aiplatform.endpoints.undeploy', 'aiplatform.endpoints.update', 'aiplatform.entityTypes.create', 'aiplatform.entityTypes.delete', 'aiplatform.entityTypes.deleteFeatureValues', 'aiplatform.entityTypes.exportFeatureValues', 'aiplatform.entityTypes.get', 'aiplatform.entityTypes.getIamPolicy', 'aiplatform.entityTypes.importFeatureValues', 'aiplatform.entityTypes.list', 'aiplatform.entityTypes.readFeatureValues', 'aiplatform.entityTypes.setIamPolicy', 'aiplatform.entityTypes.streamingReadFeatureValues', 'aiplatform.entityTypes.update', 'aiplatform.entityTypes.writeFeatureValues', 'aiplatform.executions.addExecutionEvents', 'aiplatform.executions.create', 'aiplatform.executions.delete', 'aiplatform.executions.get', 'aiplatform.executions.list', 'aiplatform.executions.queryExecutionInputsAndOutputs', 'aiplatform.executions.update', 'aiplatform.extensions.delete', 'aiplatform.extensions.execute', 'aiplatform.extensions.get', 'aiplatform.extensions.import', 'aiplatform.extensions.list', 'aiplatform.extensions.update', 'aiplatform.featureGroups.create', 'aiplatform.featureGroups.delete', 'aiplatform.featureGroups.get', 'aiplatform.featureGroups.list', 'aiplatform.featureGroups.update', 'aiplatform.featureOnlineStores.create', 'aiplatform.featureOnlineStores.delete', 'aiplatform.featureOnlineStores.get', 'aiplatform.featureOnlineStores.getIamPolicy', 'aiplatform.featureOnlineStores.list', 'aiplatform.featureOnlineStores.setIamPolicy', 'aiplatform.featureOnlineStores.update', 'aiplatform.featureViewSyncs.get', 'aiplatform.featureViewSyncs.list', 'aiplatform.featureViews.create', 'aiplatform.featureViews.delete', 'aiplatform.featureViews.fetchFeatureValues', 'aiplatform.featureViews.get', 'aiplatform.featureViews.getIamPolicy', 'aiplatform.featureViews.list', 'aiplatform.featureViews.searchNearestEntities', 'aiplatform.featureViews.setIamPolicy', 'aiplatform.featureViews.sync', 'aiplatform.featureViews.update', 'aiplatform.features.create', 'aiplatform.features.delete', 'aiplatform.features.get', 'aiplatform.features.list', 'aiplatform.features.update', 'aiplatform.featurestores.batchReadFeatureValues', 'aiplatform.featurestores.create', 'aiplatform.featurestores.delete', 'aiplatform.featurestores.exportFeatures', 'aiplatform.featurestores.get', 'aiplatform.featurestores.getIamPolicy', 'aiplatform.featurestores.importFeatures', 'aiplatform.featurestores.list', 'aiplatform.featurestores.readFeatures', 'aiplatform.featurestores.setIamPolicy', 'aiplatform.featurestores.update', 'aiplatform.featurestores.writeFeatures', 'aiplatform.humanInTheLoops.cancel', 'aiplatform.humanInTheLoops.create', 'aiplatform.humanInTheLoops.delete', 'aiplatform.humanInTheLoops.get', 'aiplatform.humanInTheLoops.list', 'aiplatform.humanInTheLoops.queryAnnotationStats', 'aiplatform.humanInTheLoops.send', 'aiplatform.humanInTheLoops.update', 'aiplatform.hyperparameterTuningJobs.cancel', 'aiplatform.hyperparameterTuningJobs.create', 'aiplatform.hyperparameterTuningJobs.delete', 'aiplatform.hyperparameterTuningJobs.get', 'aiplatform.hyperparameterTuningJobs.list', 'aiplatform.indexEndpoints.create', 'aiplatform.indexEndpoints.delete', 'aiplatform.indexEndpoints.deploy', 'aiplatform.indexEndpoints.get', 'aiplatform.indexEndpoints.list', 'aiplatform.indexEndpoints.queryVectors', 'aiplatform.indexEndpoints.undeploy', 'aiplatform.indexEndpoints.update', 'aiplatform.indexes.create', 'aiplatform.indexes.delete', 'aiplatform.indexes.get', 'aiplatform.indexes.list', 'aiplatform.indexes.update', 'aiplatform.locations.get', 'aiplatform.locations.list', 'aiplatform.metadataSchemas.create', 'aiplatform.metadataSchemas.delete', 'aiplatform.metadataSchemas.get', 'aiplatform.metadataSchemas.list', 'aiplatform.metadataStores.create', 'aiplatform.metadataStores.delete', 'aiplatform.metadataStores.get', 'aiplatform.metadataStores.list', 'aiplatform.migratableResources.migrate', 'aiplatform.migratableResources.search', 'aiplatform.modelDeploymentMonitoringJobs.create', 'aiplatform.modelDeploymentMonitoringJobs.delete', 'aiplatform.modelDeploymentMonitoringJobs.get', 'aiplatform.modelDeploymentMonitoringJobs.list', 'aiplatform.modelDeploymentMonitoringJobs.pause', 'aiplatform.modelDeploymentMonitoringJobs.resume', 'aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies', 'aiplatform.modelDeploymentMonitoringJobs.update', 'aiplatform.modelEvaluationSlices.get', 'aiplatform.modelEvaluationSlices.import', 'aiplatform.modelEvaluationSlices.list', 'aiplatform.modelEvaluations.exportEvaluatedDataItems', 'aiplatform.modelEvaluations.get', 'aiplatform.modelEvaluations.import', 'aiplatform.modelEvaluations.list', 'aiplatform.modelMonitoringJobs.create', 'aiplatform.modelMonitoringJobs.delete', 'aiplatform.modelMonitoringJobs.get', 'aiplatform.modelMonitoringJobs.list', 'aiplatform.modelMonitors.create', 'aiplatform.modelMonitors.delete', 'aiplatform.modelMonitors.get', 'aiplatform.modelMonitors.list', 'aiplatform.modelMonitors.searchModelMonitoringAlerts', 'aiplatform.modelMonitors.searchModelMonitoringStats', 'aiplatform.modelMonitors.update', 'aiplatform.models.delete', 'aiplatform.models.export', 'aiplatform.models.get', 'aiplatform.models.list', 'aiplatform.models.update', 'aiplatform.models.upload', 'aiplatform.nasJobs.cancel', 'aiplatform.nasJobs.create', 'aiplatform.nasJobs.delete', 'aiplatform.nasJobs.get', 'aiplatform.nasJobs.list', 'aiplatform.nasTrialDetails.get', 'aiplatform.nasTrialDetails.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'aiplatform.persistentResources.create', 'aiplatform.persistentResources.delete', 'aiplatform.persistentResources.get', 'aiplatform.persistentResources.list', 'aiplatform.pipelineJobs.cancel', 'aiplatform.pipelineJobs.create', 'aiplatform.pipelineJobs.delete', 'aiplatform.pipelineJobs.get', 'aiplatform.pipelineJobs.list', 'aiplatform.reasoningEngines.create', 'aiplatform.reasoningEngines.delete', 'aiplatform.reasoningEngines.get', 'aiplatform.reasoningEngines.list', 'aiplatform.reasoningEngines.query', 'aiplatform.reasoningEngines.update', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'aiplatform.sessions.get', 'aiplatform.sessions.list', 'aiplatform.sessions.run', 'aiplatform.specialistPools.create', 'aiplatform.specialistPools.delete', 'aiplatform.specialistPools.get', 'aiplatform.specialistPools.list', 'aiplatform.specialistPools.update', 'aiplatform.studies.create', 'aiplatform.studies.delete', 'aiplatform.studies.get', 'aiplatform.studies.list', 'aiplatform.studies.update', 'aiplatform.tensorboardExperiments.create', 'aiplatform.tensorboardExperiments.delete', 'aiplatform.tensorboardExperiments.get', 'aiplatform.tensorboardExperiments.list', 'aiplatform.tensorboardExperiments.update', 'aiplatform.tensorboardExperiments.write', 'aiplatform.tensorboardRuns.batchCreate', 'aiplatform.tensorboardRuns.create', 'aiplatform.tensorboardRuns.delete', 'aiplatform.tensorboardRuns.get', 'aiplatform.tensorboardRuns.list', 'aiplatform.tensorboardRuns.update', 'aiplatform.tensorboardRuns.write', 'aiplatform.tensorboardTimeSeries.batchCreate', 'aiplatform.tensorboardTimeSeries.batchRead', 'aiplatform.tensorboardTimeSeries.create', 'aiplatform.tensorboardTimeSeries.delete', 'aiplatform.tensorboardTimeSeries.get', 'aiplatform.tensorboardTimeSeries.list', 'aiplatform.tensorboardTimeSeries.read', 'aiplatform.tensorboardTimeSeries.update', 'aiplatform.tensorboards.create', 'aiplatform.tensorboards.delete', 'aiplatform.tensorboards.get', 'aiplatform.tensorboards.list', 'aiplatform.tensorboards.recordAccess', 'aiplatform.tensorboards.update', 'aiplatform.trainingPipelines.cancel', 'aiplatform.trainingPipelines.create', 'aiplatform.trainingPipelines.delete', 'aiplatform.trainingPipelines.get', 'aiplatform.trainingPipelines.list', 'aiplatform.trials.create', 'aiplatform.trials.delete', 'aiplatform.trials.get', 'aiplatform.trials.list', 'aiplatform.trials.update', 'aiplatform.tuningJobs.cancel', 'aiplatform.tuningJobs.create', 'aiplatform.tuningJobs.delete', 'aiplatform.tuningJobs.get', 'aiplatform.tuningJobs.list', 'aiplatform.tuningJobs.vertexTune', 'artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'firebase.projects.get', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions GA
roles/visualinspection.editor
Read and write access to all Visual Inspection AI resources except visualinspection.locations.reportUsageMetrics
Visual Inspection AI Solution Editor
['visualinspection.annotationSets.create', 'visualinspection.annotationSets.delete', 'visualinspection.annotationSets.get', 'visualinspection.annotationSets.list', 'visualinspection.annotationSets.update', 'visualinspection.annotationSpecs.create', 'visualinspection.annotationSpecs.delete', 'visualinspection.annotationSpecs.get', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.create', 'visualinspection.annotations.delete', 'visualinspection.annotations.get', 'visualinspection.annotations.list', 'visualinspection.annotations.update', 'visualinspection.datasets.create', 'visualinspection.datasets.delete', 'visualinspection.datasets.export', 'visualinspection.datasets.get', 'visualinspection.datasets.import', 'visualinspection.datasets.list', 'visualinspection.datasets.update', 'visualinspection.images.delete', 'visualinspection.images.get', 'visualinspection.images.list', 'visualinspection.images.update', 'visualinspection.locations.get', 'visualinspection.locations.list', 'visualinspection.modelEvaluations.get', 'visualinspection.modelEvaluations.list', 'visualinspection.models.create', 'visualinspection.models.delete', 'visualinspection.models.get', 'visualinspection.models.list', 'visualinspection.models.update', 'visualinspection.models.writePrediction', 'visualinspection.modules.create', 'visualinspection.modules.delete', 'visualinspection.modules.get', 'visualinspection.modules.list', 'visualinspection.modules.update', 'visualinspection.operations.get', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.create', 'visualinspection.solutionArtifacts.delete', 'visualinspection.solutionArtifacts.get', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutionArtifacts.predict', 'visualinspection.solutionArtifacts.update', 'visualinspection.solutions.create', 'visualinspection.solutions.delete', 'visualinspection.solutions.get', 'visualinspection.solutions.list']
Copy Permissions GA
roles/visualinspection.usageMetricsReporter
ReportUsageMetric access to Visual Inspection AI Service
Visual Inspection AI Usage Metrics Reporter
['visualinspection.locations.reportUsageMetrics']
Copy Permissions GA
roles/visualinspection.viewer
Read access to Visual Inspection AI resources
Visual Inspection AI Viewer
['visualinspection.annotationSets.get', 'visualinspection.annotationSets.list', 'visualinspection.annotationSpecs.get', 'visualinspection.annotationSpecs.list', 'visualinspection.annotations.get', 'visualinspection.annotations.list', 'visualinspection.datasets.export', 'visualinspection.datasets.get', 'visualinspection.datasets.list', 'visualinspection.images.get', 'visualinspection.images.list', 'visualinspection.locations.get', 'visualinspection.locations.list', 'visualinspection.modelEvaluations.get', 'visualinspection.modelEvaluations.list', 'visualinspection.models.get', 'visualinspection.models.list', 'visualinspection.modules.get', 'visualinspection.modules.list', 'visualinspection.operations.get', 'visualinspection.operations.list', 'visualinspection.solutionArtifacts.get', 'visualinspection.solutionArtifacts.list', 'visualinspection.solutionArtifacts.predict', 'visualinspection.solutions.get', 'visualinspection.solutions.list']
Copy Permissions GA
roles/vmmigration.admin
Ability to view and edit all VM Migration objects
VM Migration Administrator
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vmmigration.cloneJobs.create', 'vmmigration.cloneJobs.get', 'vmmigration.cloneJobs.list', 'vmmigration.cloneJobs.update', 'vmmigration.cutoverJobs.create', 'vmmigration.cutoverJobs.get', 'vmmigration.cutoverJobs.list', 'vmmigration.cutoverJobs.update', 'vmmigration.datacenterConnectors.create', 'vmmigration.datacenterConnectors.delete', 'vmmigration.datacenterConnectors.get', 'vmmigration.datacenterConnectors.list', 'vmmigration.datacenterConnectors.update', 'vmmigration.deployments.create', 'vmmigration.deployments.get', 'vmmigration.deployments.list', 'vmmigration.groups.create', 'vmmigration.groups.delete', 'vmmigration.groups.get', 'vmmigration.groups.list', 'vmmigration.groups.update', 'vmmigration.locations.get', 'vmmigration.locations.list', 'vmmigration.migratingVms.create', 'vmmigration.migratingVms.delete', 'vmmigration.migratingVms.get', 'vmmigration.migratingVms.list', 'vmmigration.migratingVms.update', 'vmmigration.operations.cancel', 'vmmigration.operations.delete', 'vmmigration.operations.get', 'vmmigration.operations.list', 'vmmigration.replicationCycles.get', 'vmmigration.replicationCycles.list', 'vmmigration.sources.create', 'vmmigration.sources.delete', 'vmmigration.sources.get', 'vmmigration.sources.list', 'vmmigration.sources.update', 'vmmigration.targets.create', 'vmmigration.targets.delete', 'vmmigration.targets.get', 'vmmigration.targets.list', 'vmmigration.targets.update', 'vmmigration.utilizationReports.create', 'vmmigration.utilizationReports.delete', 'vmmigration.utilizationReports.get', 'vmmigration.utilizationReports.list']
Copy Permissions BETA
roles/vmmigration.serviceAgent
Grants VM Migration Service Account access to create migrated VMs, disks and images in the user project.
VM Migration Service Agent
['compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.images.create', 'compute.images.get', 'compute.images.setLabels', 'compute.images.useReadOnly', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.get', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.stop', 'compute.instances.update', 'compute.instances.useReadOnly', 'compute.machineImages.create', 'compute.machineImages.get', 'compute.machineTypes.list', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.list']
Copy Permissions GA
roles/vmmigration.viewer
Ability to view all VM Migration objects
VM Migration Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vmmigration.cloneJobs.get', 'vmmigration.cloneJobs.list', 'vmmigration.cutoverJobs.get', 'vmmigration.cutoverJobs.list', 'vmmigration.datacenterConnectors.get', 'vmmigration.datacenterConnectors.list', 'vmmigration.deployments.get', 'vmmigration.deployments.list', 'vmmigration.groups.get', 'vmmigration.groups.list', 'vmmigration.locations.get', 'vmmigration.locations.list', 'vmmigration.migratingVms.get', 'vmmigration.migratingVms.list', 'vmmigration.operations.get', 'vmmigration.operations.list', 'vmmigration.replicationCycles.get', 'vmmigration.replicationCycles.list', 'vmmigration.sources.get', 'vmmigration.sources.list', 'vmmigration.targets.get', 'vmmigration.targets.list', 'vmmigration.utilizationReports.get', 'vmmigration.utilizationReports.list']
Copy Permissions BETA
roles/vmwareengine.vmwareengineAdmin
Admin has full access to VMware Engine Service
VMware Engine Service Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vmwareengine.clusters.create', 'vmwareengine.clusters.delete', 'vmwareengine.clusters.get', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.clusters.setIamPolicy', 'vmwareengine.clusters.update', 'vmwareengine.dnsBindPermission.get', 'vmwareengine.dnsBindPermission.grant', 'vmwareengine.dnsBindPermission.revoke', 'vmwareengine.dnsForwarding.get', 'vmwareengine.dnsForwarding.update', 'vmwareengine.externalAccessRules.create', 'vmwareengine.externalAccessRules.delete', 'vmwareengine.externalAccessRules.get', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAccessRules.update', 'vmwareengine.externalAddresses.create', 'vmwareengine.externalAddresses.delete', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.externalAddresses.update', 'vmwareengine.hcxActivationKeys.create', 'vmwareengine.hcxActivationKeys.get', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.hcxActivationKeys.setIamPolicy', 'vmwareengine.locations.get', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.create', 'vmwareengine.loggingServers.delete', 'vmwareengine.loggingServers.get', 'vmwareengine.loggingServers.list', 'vmwareengine.loggingServers.update', 'vmwareengine.managementDnsZoneBindings.create', 'vmwareengine.managementDnsZoneBindings.delete', 'vmwareengine.managementDnsZoneBindings.get', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.managementDnsZoneBindings.repair', 'vmwareengine.managementDnsZoneBindings.update', 'vmwareengine.networkPeerings.create', 'vmwareengine.networkPeerings.delete', 'vmwareengine.networkPeerings.get', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPeerings.listPeeringRoutes', 'vmwareengine.networkPeerings.update', 'vmwareengine.networkPolicies.create', 'vmwareengine.networkPolicies.delete', 'vmwareengine.networkPolicies.fetchExternalAddresses', 'vmwareengine.networkPolicies.get', 'vmwareengine.networkPolicies.list', 'vmwareengine.networkPolicies.update', 'vmwareengine.nodeTypes.get', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list', 'vmwareengine.operations.delete', 'vmwareengine.operations.get', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.create', 'vmwareengine.privateClouds.delete', 'vmwareengine.privateClouds.get', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateClouds.resetNsxCredentials', 'vmwareengine.privateClouds.resetVcenterCredentials', 'vmwareengine.privateClouds.setIamPolicy', 'vmwareengine.privateClouds.showNsxCredentials', 'vmwareengine.privateClouds.showVcenterCredentials', 'vmwareengine.privateClouds.undelete', 'vmwareengine.privateClouds.update', 'vmwareengine.privateConnections.create', 'vmwareengine.privateConnections.delete', 'vmwareengine.privateConnections.get', 'vmwareengine.privateConnections.list', 'vmwareengine.privateConnections.listPeeringRoutes', 'vmwareengine.privateConnections.update', 'vmwareengine.projectState.get', 'vmwareengine.services.use', 'vmwareengine.services.view', 'vmwareengine.subnets.get', 'vmwareengine.subnets.list', 'vmwareengine.subnets.update', 'vmwareengine.vmwareEngineNetworks.create', 'vmwareengine.vmwareEngineNetworks.delete', 'vmwareengine.vmwareEngineNetworks.get', 'vmwareengine.vmwareEngineNetworks.list', 'vmwareengine.vmwareEngineNetworks.update']
Copy Permissions GA
roles/vmwareengine.serviceAgent
Gives permission to manage network configuration, such as establishing network peering, necessary for GCVE
VMware Engine Service Agent
['compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.projects.get', 'compute.regionOperations.get', 'compute.routers.get', 'compute.routers.list', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list']
Copy Permissions GA
roles/vmwareengine.vmwareengineViewer
Viewer has read-only access to VMware Engine Service
VMware Engine Service Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'vmwareengine.clusters.get', 'vmwareengine.clusters.getIamPolicy', 'vmwareengine.clusters.list', 'vmwareengine.dnsBindPermission.get', 'vmwareengine.dnsForwarding.get', 'vmwareengine.externalAccessRules.get', 'vmwareengine.externalAccessRules.list', 'vmwareengine.externalAddresses.get', 'vmwareengine.externalAddresses.list', 'vmwareengine.hcxActivationKeys.get', 'vmwareengine.hcxActivationKeys.getIamPolicy', 'vmwareengine.hcxActivationKeys.list', 'vmwareengine.locations.get', 'vmwareengine.locations.list', 'vmwareengine.loggingServers.get', 'vmwareengine.loggingServers.list', 'vmwareengine.managementDnsZoneBindings.get', 'vmwareengine.managementDnsZoneBindings.list', 'vmwareengine.networkPeerings.get', 'vmwareengine.networkPeerings.list', 'vmwareengine.networkPeerings.listPeeringRoutes', 'vmwareengine.networkPolicies.fetchExternalAddresses', 'vmwareengine.networkPolicies.get', 'vmwareengine.networkPolicies.list', 'vmwareengine.nodeTypes.get', 'vmwareengine.nodeTypes.list', 'vmwareengine.nodes.get', 'vmwareengine.nodes.list', 'vmwareengine.operations.get', 'vmwareengine.operations.list', 'vmwareengine.privateClouds.get', 'vmwareengine.privateClouds.getIamPolicy', 'vmwareengine.privateClouds.list', 'vmwareengine.privateConnections.get', 'vmwareengine.privateConnections.list', 'vmwareengine.privateConnections.listPeeringRoutes', 'vmwareengine.projectState.get', 'vmwareengine.services.view', 'vmwareengine.subnets.get', 'vmwareengine.subnets.list', 'vmwareengine.vmwareEngineNetworks.get', 'vmwareengine.vmwareEngineNetworks.list']
Copy Permissions GA
roles/baremetalsolution.volumesadmin
Administrator of Bare Metal Solution volume resources
Volume Admin
['baremetalsolution.operations.get', 'baremetalsolution.pods.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update']
Copy Permissions GA
roles/baremetalsolution.volumeseditor
Editor of Bare Metal Solution volumes resources
Volumes Editor
['baremetalsolution.operations.get', 'baremetalsolution.pods.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update']
Copy Permissions GA
roles/baremetalsolution.volumessviewer
Viewer of Bare Metal Solution volumes resources
Volumes Viewer
['baremetalsolution.operations.get', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list']
Copy Permissions GA
roles/accesscontextmanager.vpcScTroubleshooterViewer
VPC Service Controls Troubleshooter Viewer
['accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.logEntries.list', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.sinks.get', 'logging.sinks.list', 'logging.usage.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/gkedataplanemanagement.warpRunServiceAgent
Gives the Warp Run service agent access to Cloud Platform resources.
Warp Run Service Agent
['resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions GA
roles/cloudsecurityscanner.editor
Full access to all Web Security Scanner resources
Web Security Scanner Editor
['appengine.applications.get', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'compute.addresses.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/cloudsecurityscanner.runner
Read access to Scan and ScanRun, plus the ability to start scans
Web Security Scanner Runner
['cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run']
Copy Permissions GA
roles/cloudsecurityscanner.viewer
Read access to all Web Security Scanner resources
Web Security Scanner Viewer
['cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions GA
roles/workflows.admin
Full access to workflows and related resources.
Workflows Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workflows.callbacks.list', 'workflows.callbacks.send', 'workflows.executions.cancel', 'workflows.executions.create', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.cancel', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision', 'workflows.workflows.update']
Copy Permissions GA
roles/workflows.editor
Read and write access to workflows and related resources, including development and debugging of workflows.
Workflows Editor
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workflows.callbacks.list', 'workflows.callbacks.send', 'workflows.executions.cancel', 'workflows.executions.create', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.cancel', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision', 'workflows.workflows.update']
Copy Permissions GA
roles/workflows.invoker
Access to execute workflows and manage the executions using the API. Does not provide access to develop and debug workflows.
Workflows Invoker
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workflows.callbacks.list', 'workflows.callbacks.send', 'workflows.executions.cancel', 'workflows.executions.create', 'workflows.executions.get', 'workflows.executions.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list']
Copy Permissions GA
roles/workflows.viewer
Read-only access to workflows and related resources.
Workflows Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workflows.callbacks.list', 'workflows.executions.get', 'workflows.executions.list', 'workflows.locations.get', 'workflows.locations.list', 'workflows.operations.get', 'workflows.operations.list', 'workflows.stepEntries.get', 'workflows.stepEntries.list', 'workflows.workflows.get', 'workflows.workflows.list', 'workflows.workflows.listRevision']
Copy Permissions GA
roles/workloadcertificate.admin
Full access to all Workload Certificate API resources.
Workload Certificate Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.cancel', 'workloadcertificate.operations.delete', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadCertificateFeature.update', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.delete', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list', 'workloadcertificate.workloadRegistrations.update']
Copy Permissions BETA
roles/workloadcertificate.registrationAdmin
Full access to WorkloadRegistration resources.
Workload Certificate Registration Admin
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.cancel', 'workloadcertificate.operations.delete', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.delete', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list', 'workloadcertificate.workloadRegistrations.update']
Copy Permissions BETA
roles/workloadcertificate.registrationViewer
Read-only access to WorkloadRegistration resources.
Workload Certificate Registration Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list']
Copy Permissions BETA
roles/workloadcertificate.serviceAgent
Gives the Workload Certificate service agent access to Cloud Platform resources.
Workload Certificate Service Agent
['container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusters.get', 'container.clusters.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.operations.get', 'container.thirdPartyObjects.update', 'gkehub.features.get', 'gkehub.fleet.create', 'gkehub.fleet.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'gkehub.operations.get', 'serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.removeResource', 'serviceusage.services.use', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.list']
Copy Permissions GA
roles/workloadcertificate.viewer
Read-only access to Workload Certificate all resources.
Workload Certificate Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.operations.list', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list']
Copy Permissions BETA
roles/iam.workloadIdentityUser
Impersonate service accounts from federated workloads.
Workload Identity User
['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.list']
Copy Permissions GA
roles/workloadmanager.admin
Full access to Workload Manager all resources.
Workload Manager Admin
['compute.acceleratorTypes.list', 'compute.diskTypes.list', 'compute.machineTypes.list', 'compute.networks.list', 'compute.projects.get', 'compute.regions.list', 'compute.subnetworks.list', 'compute.zones.list', 'dns.managedZones.list', 'iam.serviceAccounts.list', 'monitoring.timeSeries.list', 'orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'storage.buckets.list', 'storage.objects.list', 'workloadmanager.actuations.create', 'workloadmanager.actuations.delete', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.create', 'workloadmanager.deployments.delete', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.insights.export', 'workloadmanager.insights.listSapSystems', 'workloadmanager.insights.write', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.cancel', 'workloadmanager.operations.delete', 'workloadmanager.operations.get', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list']
Copy Permissions BETA
roles/workloadmanager.deploymentAdmin
Full access to Workload Manager deployment resources.
Workload Manager Deployment Admin
['compute.acceleratorTypes.list', 'compute.diskTypes.list', 'compute.machineTypes.list', 'compute.networks.list', 'compute.projects.get', 'compute.regions.list', 'compute.subnetworks.list', 'compute.zones.list', 'dns.managedZones.list', 'iam.serviceAccounts.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'storage.buckets.list', 'storage.objects.list', 'workloadmanager.actuations.create', 'workloadmanager.actuations.delete', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.create', 'workloadmanager.deployments.delete', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.cancel', 'workloadmanager.operations.delete', 'workloadmanager.operations.get', 'workloadmanager.operations.list']
Copy Permissions BETA
roles/workloadmanager.deploymentViewer
Read-only access to Workload Manager deployment resources.
Workload Manager Deployment Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list']
Copy Permissions BETA
roles/workloadmanager.evaluationAdmin
Full access to Workload Manager evaluation resources.
Workload Manager Evaluation Admin
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.locations.get', 'workloadmanager.locations.list', 'workloadmanager.operations.cancel', 'workloadmanager.operations.delete', 'workloadmanager.operations.get', 'workloadmanager.operations.list', 'workloadmanager.results.list', 'workloadmanager.rules.list']
Copy Permissions BETA
roles/workloadmanager.evaluationViewer
Read-only access to Workload Manager evaluation resources.
Workload Manager Evaluation Viewer
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.results.list', 'workloadmanager.rules.list']
Copy Permissions BETA
roles/workloadmanager.evaluationWorker
The role used by Workload Manager application runners to read and update workloads.
Workload Manager Evaluation Worker
['workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list']
Copy Permissions BETA
roles/workloadmanager.insightWriter
The role used to write data to WLM data warehouse.
Workload Manager Insights Writer
['workloadmanager.insights.write']
Copy Permissions BETA
roles/workloadmanager.serviceAgent
Gives Workload Manager Service Agent access to CAI export functions and Cloud Monitoring.
Workload Manager Service Agent
['cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listResource', 'cloudasset.assets.searchAllResources', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.get', 'config.deployments.list', 'config.deployments.update', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.list', 'serviceusage.services.use', 'workloadmanager.insights.export', 'workloadmanager.insights.listSapSystems']
Copy Permissions GA
roles/workloadmanager.viewer
Read-only access to Workload Manager all resources.
Workload Manager Viewer
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.results.list', 'workloadmanager.rules.list']
Copy Permissions BETA
roles/workloadmanager.worker
The role used by Workload Manager application runners to read and update workloads.
Workload Manager Worker
['orgpolicy.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.actuations.create', 'workloadmanager.actuations.delete', 'workloadmanager.actuations.get', 'workloadmanager.actuations.list', 'workloadmanager.deployments.create', 'workloadmanager.deployments.delete', 'workloadmanager.deployments.get', 'workloadmanager.deployments.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list', 'workloadmanager.evaluations.create', 'workloadmanager.evaluations.delete', 'workloadmanager.evaluations.get', 'workloadmanager.evaluations.list', 'workloadmanager.evaluations.run', 'workloadmanager.evaluations.update', 'workloadmanager.executions.delete', 'workloadmanager.executions.get', 'workloadmanager.executions.list', 'workloadmanager.insights.write', 'workloadmanager.results.list', 'workloadmanager.rules.list']
Copy Permissions BETA
roles/workloadmanager.workloadViewer
The role used to view the workload related data.
Workload Manager Workload Viewer
['resourcemanager.projects.get', 'resourcemanager.projects.list', 'workloadmanager.discoveredprofiles.get', 'workloadmanager.discoveredprofiles.getHealth', 'workloadmanager.discoveredprofiles.list']
Copy Permissions BETA
roles/iam.workspacePoolAdmin
IAM workspace pool admin able to bind IAM policies to Dasher accounts.
Workspace Pool IAM Admin
['iam.googleapis.com/workspacePools.createPolicyBinding', 'iam.googleapis.com/workspacePools.deletePolicyBinding', 'iam.googleapis.com/workspacePools.searchPolicyBindings', 'iam.googleapis.com/workspacePools.updatePolicyBinding']
Copy Permissions BETA
roles/workstations.serviceAgent
Grants the Workstations Service Account access to manage resources in consumer project.
Workstations Service Agent
['compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalOperations.get', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.regionOperations.get', 'compute.regions.get', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.listTagBindings', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'serviceusage.services.get']
Copy Permissions GA