Roles Data

Name Description Title Included Permissions Copy Stage
roles/accessapproval.approver Ability to view or act on access approval requests and view configuration. Access Approval Approver ['accessapproval.requests.approve', 'accessapproval.requests.dismiss', 'accessapproval.requests.get', 'accessapproval.requests.invalidate', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accessapproval.configEditor Ability to update the Access Approval configuration Access Approval Config Editor ['accessapproval.serviceAccounts.get', 'accessapproval.settings.delete', 'accessapproval.settings.get', 'accessapproval.settings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accessapproval.invalidator Ability to invalidate existing approved approval requests Access Approval Invalidator ['accessapproval.requests.invalidate', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accessapproval.viewer Ability to view access approval requests and configuration Access Approval Viewer ['accessapproval.requests.get', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accesscontextmanager.policyAdmin Full access to policies, access levels, access zones and authorized orgs descs. Access Context Manager Admin ['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.setIamPolicy', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accesscontextmanager.policyEditor Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs. Access Context Manager Editor ['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/accesscontextmanager.policyReader Read access to policies, access levels, access zones and authorized orgs descs. Access Context Manager Reader ['accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/axt.admin Enable Access Transparency for Organization Access Transparency Admin ['axt.labels.get', 'axt.labels.set', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/actions.Admin Access to edit and deploy an action Actions Admin ['actions.agent.claimContentProvider', 'actions.agent.get', 'actions.agent.update', 'actions.agentVersions.create', 'actions.agentVersions.delete', 'actions.agentVersions.deploy', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'firebase.projects.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use'] GA
roles/actions.Viewer Access to view an action Actions Viewer ['actions.agent.get', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use'] GA
roles/policyanalyzer.activityAnalysisViewer Viewer user that can read all activity analysis. Activity Analysis Viewer ['policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query'] BETA
roles/serviceconsumermanagement.tenancyUnitsAdmin Administrate tenancy units Admin of Tenancy Units ['serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource'] BETA
roles/advisorynotifications.admin Grants write access to settings in Advisory Notifications Advisory Notifications Admin ['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'advisorynotifications.settings.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get'] GA
roles/advisorynotifications.viewer Grants view access in Advisory Notifications Advisory Notifications Viewer ['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get'] GA
roles/ml.admin Full access to AI Platform. AI Platform Admin ['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get'] GA
roles/ml.developer Access to create training and prediction jobs, models and versions, send online prediction requests. AI Platform Developer ['ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'resourcemanager.projects.get'] GA
roles/ml.jobOwner Full access to the job. AI Platform Job Owner ['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update'] GA
roles/ml.modelOwner Full access to the model and its versions. AI Platform Model Owner ['ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update'] GA
roles/ml.modelUser Permissions to read the model and its versions, and use them for prediction. AI Platform Model User ['ml.models.get', 'ml.models.predict', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict'] GA
roles/notebooks.serviceAgent Provide access for notebooks service agent to manage notebook instances in user projects AI Platform Notebooks Service Agent ['aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.clusters.get', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.list', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.list', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/ml.operationOwner Full access to the operation. AI Platform Operation Owner ['ml.operations.cancel', 'ml.operations.get', 'ml.operations.list'] GA
roles/ml.serviceAgent AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator. AI Platform Service Agent ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.updateData', 'firebase.projects.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update'] GA
roles/ml.viewer Read-only access to AI Platform resources. AI Platform Viewer ['ml.jobs.get', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.list', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'resourcemanager.projects.get'] GA
roles/recommender.alloydbAdmin Admin of AlloyDB insights and recommendations. AlloyDB Recommender Admin ['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.alloydbViewer Viewer of AlloyDB insights and recommendations. AlloyDB Recommender Viewer ['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/alloydb.serviceAgent Gives the AlloyDB service account permission to manage customer resources AlloyDB Service Agent ['alloydb.clusters.list'] GA
roles/analyticshub.admin Administer Data Exchanges and Listings Analytics Hub Admin ['analyticshub.dataExchanges.create', 'analyticshub.dataExchanges.delete', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.setIamPolicy', 'analyticshub.dataExchanges.update', 'analyticshub.dataExchanges.viewSubscriptions', 'analyticshub.listings.create', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/analyticshub.listingAdmin Grants full control over the Listing, including updating, deleting and setting ACLs Analytics Hub Listing Admin ['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/analyticshub.publisher Can publish to Data Exchanges thus creating Listings Analytics Hub Publisher ['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.create', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/analyticshub.subscriber Can browse Data Exchanges and subscribe to Listings Analytics Hub Subscriber ['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.subscribe', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.subscribe', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/analyticshub.subscriptionOwner Grants full control over the Subscription, including updating and deleting Analytics Hub Subscription Owner ['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/analyticshub.viewer Can browse Data Exchanges and Listings Analytics Hub Viewer ['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/androidmanagement.user Full access to manage devices. Android Management User ['androidmanagement.enterprises.manage', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/anthosaudit.serviceAgent Gives the Anthos Audit service agent access toCloud Platform resources. Anthos Audit Service Agent ['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list'] GA
roles/anthosconfigmanagement.serviceAgent Gives the Anthos Config Management service agent access toCloud Platform resources. Anthos Config Management Service Agent ['container.clusters.get', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list'] GA
roles/anthosidentityservice.serviceAgent Gives the Anthos Identity service agent access to Cloud Platform resources. Anthos Identity Service Agent ['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list'] GA
roles/gkemulticloud.admin Admin access to Anthos Multi-cloud resources. Anthos Multi-cloud Admin ['gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.getAdminKubeconfig', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.getAdminKubeconfig', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkemulticloud.containerServiceAgent Grants the Anthos Multi-Cloud Container Service Account access to manage resources. Anthos Multi-Cloud Container Service Agent ['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'cloudnotifications.activities.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list'] GA
roles/gkemulticloud.controlPlaneMachineServiceAgent Grants the Anthos Multi-Cloud Control Plane Machine Service Account access to manage resources. Anthos Multi-Cloud Control Plane Machine Service Agent ['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use'] GA
roles/gkemulticloud.nodePoolMachineServiceAgent Grants the Anthos Multi-Cloud Node Pool Machine Service Account access to manage resources. Anthos Multi-Cloud Node Pool Machine Service Agent ['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use'] GA
roles/gkemulticloud.serviceAgent Grants the Anthos Multi-Cloud Service Account access to manage resources. Anthos Multi-Cloud Service Agent ['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureNodePools.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkemulticloud.telemetryWriter Grant access to write cluster telemetry data such as logs, metrics, and resource metadata. Anthos Multi-cloud Telemetry Writer ['logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'opsconfigmonitoring.resourceMetadata.write'] GA
roles/gkemulticloud.viewer Viewer access to Anthos Multi-cloud resources. Anthos Multi-cloud Viewer ['gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/anthospolicycontroller.serviceAgent Gives the Anthos Policy Controller service agent access toCloud Platform resources. Anthos Policy Controller Service Agent ['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list'] GA
roles/anthos.serviceAgent Gives the Anthos service agent access to Cloud Platformresources. Anthos Service Agent ['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/anthosservicemesh.serviceAgent Gives the Anthos Service Mesh service agent access to Cloud Platform resources. Anthos Service Mesh Service Agent ['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.use', 'compute.networks.updatePolicy', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regions.list', 'compute.zones.list', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.get', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.deployments.get', 'container.deployments.list', 'container.events.get', 'container.events.list', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.list', 'container.jobs.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.get', 'container.namespaces.list', 'container.operations.get', 'container.pods.get', 'container.pods.list', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.get', 'container.services.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'logging.logEntries.create', 'meshconfig.projects.init', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'serviceusage.services.get', 'serviceusage.services.use', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list'] GA
roles/anthossupport.serviceAgent Gives the Anthos Support Service Agent access to Cloud Platform resource. Anthos Support Service Agent ['gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get'] GA
roles/serviceusage.apiKeysAdmin Ability to create, delete, update, get and list API keys for a project. API Keys Admin ['apikeys.keys.create', 'apikeys.keys.delete', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apikeys.keys.undelete', 'apikeys.keys.update', 'orgpolicy.policy.get', 'serviceusage.apiKeys.regenerate', 'serviceusage.apiKeys.revert'] GA
roles/serviceusage.apiKeysViewer Ability to get and list API keys for a project. API Keys Viewer ['apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup'] GA
roles/apim.admin Full access to API Management resources. API Management Admin ['apim.apiObservations.batchEditTags', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.create', 'apim.observationJobs.delete', 'apim.observationJobs.disable', 'apim.observationJobs.enable', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.create', 'apim.observationSources.delete', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.cancel', 'apim.operations.delete', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apim.viewer Readonly access to API Management resources. API Management Viewer ['apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.runtimeProjectServiceAgent Gives API-Hub Service Account access to runtime project resources. API-Hub Runtime Project Service Agent ['apigee.deployments.list', 'apigee.envgroupattachments.list', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.organizations.get', 'apigee.proxyrevisions.get'] GA
roles/apigateway.admin Full access to ApiGateway and related resources. ApiGateway Admin ['apigateway.apiconfigs.create', 'apigateway.apiconfigs.delete', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.setIamPolicy', 'apigateway.apiconfigs.update', 'apigateway.apis.create', 'apigateway.apis.delete', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.setIamPolicy', 'apigateway.apis.update', 'apigateway.gateways.create', 'apigateway.gateways.delete', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.setIamPolicy', 'apigateway.gateways.update', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.cancel', 'apigateway.operations.delete', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/apigateway.viewer Read-only access to ApiGateway and related resources. ApiGateway Viewer ['apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/apigee.analyticsAgent Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization Apigee Analytics Agent ['apigee.datalocation.get', 'apigee.environments.getDataLocation', 'apigee.runtimeconfigs.get'] GA
roles/apigee.analyticsEditor Analytics editor for an Apigee Organization Apigee Analytics Editor ['apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.analyticsViewer Analytics viewer for an Apigee Organization Apigee Analytics Viewer ['apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.get', 'apigee.reports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.apiAdminV2 Full read/write access to all apigee API resources Apigee API Admin ['apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.deployments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.apiReaderV2 Reader of apigee resources Apigee API Reader ['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigeeconnect.Admin Admin of Apigee Connect Apigee Connect Admin ['apigeeconnect.connections.list'] GA
roles/apigeeconnect.Agent Ability to set up Apigee Connect agent between external clusters and Google. Apigee Connect Agent ['apigeeconnect.endpoints.connect'] GA
roles/apigee.deploymentInvoker Invoker of deployments in the apigee runtime Apigee Deployment Invoker ['apigee.deployments.invoke'] GA
roles/apigee.developerAdmin Developer admin of apigee resources Apigee Developer Admin ['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.get', 'apigee.rateplans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list'] GA
roles/apigee.environmentAdmin Full read/write access to apigee environment resources, including deployments. Apigee Environment Admin ['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.ingressconfigs.get', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeIntegrationAdminRole A user that has full access to all Apigee integrations. Apigee Integration Admin ['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeSuspensionResolver A role that can approve / reject Apigee integrations that contain a suspension/wait task. Apigee Integration Approver ['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeIntegrationDeployerRole A developer that can deploy/undeploy Apigee integrations to the integration runtime. Apigee Integration Deployer ['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeIntegrationEditorRole A developer that can list, create and update Apigee integrations. Apigee Integration Editor ['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeIntegrationInvokerRole A role that can invoke Apigee integrations. Apigee Integration Invoker ['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.apigeeIntegrationsViewer A developer that can list and view Apigee integrations. Apigee Integration Viewer ['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.monetizationAdmin All permissions related to monetization Apigee Monetization Admin ['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.admin Full access to all apigee resource features Apigee Organization Admin ['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.caches.delete', 'apigee.caches.list', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datalocation.get', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.endpointattachments.create', 'apigee.endpointattachments.delete', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.create', 'apigee.envgroupattachments.delete', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.create', 'apigee.envgroups.delete', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.envgroups.update', 'apigee.environments.create', 'apigee.environments.delete', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.manageRuntime', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.create', 'apigee.instanceattachments.delete', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.create', 'apigee.instances.delete', 'apigee.instances.get', 'apigee.instances.list', 'apigee.instances.reportStatus', 'apigee.instances.update', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.nataddresses.activate', 'apigee.nataddresses.create', 'apigee.nataddresses.delete', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.create', 'apigee.organizations.delete', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.organizations.update', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'apigee.projects.migrate', 'apigee.projects.previewMigration', 'apigee.projects.update', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.runtimeconfigs.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.setupcontexts.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list'] GA
roles/apigee.portalAdmin Portal admin for an Apigee Organization Apigee Portal Admin ['apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.readOnlyAdmin Viewer of all apigee resources Apigee Read-only Admin ['apigee.addonsconfig.get', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appkeys.get', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.canaryevaluations.get', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datalocation.get', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.deployments.get', 'apigee.deployments.list', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerbalances.get', 'apigee.developermonetizationconfigs.get', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.get', 'apigee.instances.list', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.get', 'apigee.portals.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.references.get', 'apigee.references.list', 'apigee.reports.get', 'apigee.reports.list', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.runtimeconfigs.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.traceconfig.get', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list'] GA
roles/apigee.runtimeAgent Curated set of permissions for a runtime agent to access Apigee Organization resources Apigee Runtime Agent ['apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.entitlements.get', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.projectorganizations.get', 'apigee.runtimeconfigs.get'] GA
roles/apigee.securityAdmin Security admin for an Apigee Organization Apigee Security Admin ['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.securityViewer Security viewer for an Apigee Organization Apigee Security Viewer ['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apigee.serviceAgent Service agent that grants access to Apigee resources - API Products, Developers, Developer Apps, and App Keys. Apigee Service Agent ['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.proxyrevisions.get', 'apigee.runtimeconfigs.get', 'cloudtrace.traces.patch', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.views.create', 'logging.views.get', 'logging.views.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create'] GA
roles/apigee.synchronizerManager Curated set of permissions for a Synchronizer to manage environments in an Apigee Organization Apigee Synchronizer Manager ['apigee.environments.get', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get'] GA
roles/apim.apiDiscoveryServiceAgent Gives APIM the ability to manage resources in consumer project APIM API Discovery Service Agent ['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.globalOperations.get', 'compute.networks.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.subnetworks.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list'] GA
roles/appdevelopmentexperience.serviceAgent Give the App Development Experience service agent access toCloud Platform resources. App Development Experience Service Agent ['container.clusters.get', 'container.clusters.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list'] GA
roles/appengine.appAdmin Full management of App Engine apps (but not storage). App Engine Admin ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.codeViewer Ability to view App Engine app status and deployed source code. App Engine Code Viewer ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.getFileContents', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.appCreator Ability to create the App Engine resource for the project. App Engine Creator ['appengine.applications.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.deployer Necessary permissions to deploy new code to App Engine, and remove old versions. App Engine Deployer ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengineflex.serviceAgent Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts. App Engine flexible environment Service Agent ['billing.accounts.get', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.create', 'compute.addresses.delete', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.create', 'compute.disks.list', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.globalAddresses.create', 'compute.globalAddresses.delete', 'compute.globalAddresses.get', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.use', 'compute.machineTypes.get', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionOperations.get', 'compute.regions.get', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list'] GA
roles/appengine.debugger Ability to read or manage v2 instances. App Engine Managed VM Debug Access ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.memcacheDataAdmin Can get, set, delete, and flush App Engine Memcache items. App Engine Memcache Data Admin ['appengine.applications.get', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.serviceAdmin Can view and change traffic splits, scaling settings, and delete old versions; can't create new versions. App Engine Service Admin ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/appengine.serviceAgent Give App Engine Standard Enviroment service account access to managed resources. Includes access to service accounts. App Engine Standard Environment Service Agent ['appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.aptartifacts.create', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'datastore.databases.get', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'serviceusage.services.enable', 'serviceusage.services.get', 'storage.buckets.create', 'storage.buckets.get'] GA
roles/appengine.appViewer Ability to view App Engine app status. App Engine Viewer ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apphub.admin Full access to App Hub resources. App Hub Admin ['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.setIamPolicy', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.attach', 'apphub.serviceProjectAttachments.create', 'apphub.serviceProjectAttachments.delete', 'apphub.serviceProjectAttachments.detach', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apphub.editor Edit access to App Hub resources. App Hub Editor ['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.list', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/apphub.viewer View access to App Hub resources. App Hub Viewer ['apphub.applications.get', 'apphub.applications.list', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.get', 'apphub.services.list', 'apphub.workloads.get', 'apphub.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/applianceactivation.troubleshooter Grants access to send new commands to run on appliances and view the outputs Appliance troubleshooter ['applianceactivation.rttCommands.create', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/applianceactivation.approver Grants access to approve commands to run on appliances Appliance troubleshooting commands approver ['applianceactivation.rttCommands.approve', 'applianceactivation.rttCommands.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/integrations.integrationAdmin A user that has full access (CRUD) to all integrations. Application Integration Admin ['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.suspensionResolver A role that can resolve suspended integrations. Application Integration Approver ['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.integrationDeployer A developer that can deploy/undeploy integrations to the integration runtime. Application Integration Deployer ['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.integrationEditor A developer that can list, create and update integrations. Application Integration Editor ['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.integrationInvoker A role that can invoke integrations. Application Integration Invoker ['integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.serviceAgent Service agent that grants access to execute an integration. Application Integration Service Agent ['cloudfunctions.functions.invoke', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.connections.get', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'pubsub.schemas.attach', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.jobs.run', 'run.routes.invoke', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/integrations.sfdcInstanceAdmin A user that has full access (CRUD) to all SFDC instances. Application Integration SFDC Instance Admin ['integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.sfdcInstanceEditor A developer that can list, create and update integrations. Application Integration SFDC Instance Editor ['integrations.sfdcChannels.create', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.sfdcInstanceViewer A developer that can list and view SFDC instances. Application Integration SFDC Instance Viewer ['integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.integrationViewer A developer that can list and view integrations. Application Integration Viewer ['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'integrations.testCases.get', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/artifactregistry.admin Administrator access to create and manage repositories. Artifact Registry Administrator ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create'] GA
roles/artifactregistry.createOnPushRepoAdmin Access to manage artifacts in repositories, as well as create new repositories on push Artifact Registry Create-on-Push Repository Administrator ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create'] GA
roles/artifactregistry.createOnPushWriter Access to read and write repository items, as well as create new repositories on push Artifact Registry Create-on-Push Writer ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create'] GA
roles/artifactregistry.reader Access to read repository items. Artifact Registry Reader ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list'] GA
roles/artifactregistry.repoAdmin Access to manage artifacts in repositories. Artifact Registry Repository Administrator ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create'] GA
roles/artifactregistry.serviceAgent Gives the Artifact Registry service account access to managed resources. Artifact Registry Service Agent ['artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.versions.delete', 'pubsub.topics.publish'] GA
roles/artifactregistry.writer Access to read and write repository items. Artifact Registry Writer ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create'] GA
roles/assuredoss.admin Access to use Assured OSS and manage configuration. Assured OSS Admin ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccountKeys.create', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.create', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/assuredoss.projectAdmin Access to use Assured OSS and manage configuration. Assured OSS Project Admin ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list'] BETA
roles/assuredoss.reader Access to use Assured OSS and view Assured OSS configuration. Assured OSS Reader ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/assuredoss.user Access to use Assured OSS. Assured OSS User ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/assuredworkloads.admin Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration Assured Workloads Administrator ['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/assuredworkloads.editor Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration Assured Workloads Editor ['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/assuredworkloads.monitoringServiceAgent Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads. Assured Workloads Monitoring Service Agent ['cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get'] GA
roles/assuredworkloads.reader Grants read access to all Assured Workloads resources and CRM resources - project/folder Assured Workloads Reader ['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/assuredworkloads.serviceAgent Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies. Assured Workloads Service Agent ['cloudkms.cryptoKeys.create', 'cloudkms.keyRings.create', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use'] GA
roles/securitycenter.attackSurfaceManagementScannerServiceAgent Gives Mandiant Attack Surface Management the ability to scan Cloud Platform resources. Attack Surface Management Scanner Service Agent ['apigateway.apiconfigs.get', 'cloudasset.assets.listResource', 'dns.managedZones.list', 'dns.resourceRecordSets.list', 'resourcemanager.projects.get'] GA
roles/auditmanager.admin Full access to Audit Manager resources. Audit Manager Admin ['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.enrollResource', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/auditmanager.serviceAgent Grants Audit Manager Service Agent access to various list/get rpcs of products to perform an audit. Audit Manager Auditing Service Agent ['bigquery.datasets.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudsql.instances.list', 'compute.autoscalers.list', 'compute.backendServices.list', 'compute.disks.list', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.globalForwardingRules.list', 'compute.instanceGroupManagers.list', 'compute.instanceGroups.list', 'compute.instances.list', 'compute.regionSslPolicies.list', 'compute.regionTargetHttpProxies.list', 'compute.regionUrlMaps.list', 'compute.routers.list', 'compute.securityPolicies.list', 'compute.sslCertificates.list', 'compute.sslPolicies.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetSslProxies.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.zones.list', 'container.clusters.list', 'logging.buckets.list', 'monitoring.timeSeries.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'secretmanager.secrets.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list'] GA
roles/auditmanager.auditor Allows creating and viewing an audit report. Audit Manager Auditor ['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/automl.admin Full access to all AutoML resources AutoML Admin ['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] BETA
roles/automl.editor Editor of all AutoML resources AutoML Editor ['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.list', 'automl.models.predict', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] BETA
roles/automl.predictor Predict using models AutoML Predictor ['automl.models.predict', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/automl.serviceAgent AutoML service agent can act as Cloud Storage admin and export BigQuery tables, which can be backed by Cloud Storage and Cloud Bigtable. AutoML Service Agent ['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'serviceusage.services.use', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/automl.viewer Viewer of all AutoML resources AutoML Viewer ['automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.get', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] BETA
roles/autoscaling.metricsWriter Access to write metrics for autoscaling site Autoscaling Metrics Writer ['autoscaling.sites.writeMetrics'] BETA
roles/autoscaling.recommendationsReader Access to read recommendations from autoscaling site Autoscaling Recommendations Reader ['autoscaling.sites.readRecommendations'] BETA
roles/autoscaling.sitesAdmin Full access to all autoscaling site features Autoscaling Site Admin ['autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'autoscaling.sites.setIamPolicy', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/autoscaling.stateWriter Access to write state for autoscaling site Autoscaling State Writer ['autoscaling.sites.writeState'] BETA
roles/backupdr.admin Provides full access to all Backup and DR resources. Backup and DR Admin ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupUser Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup. Backup and DR Backup User ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupvaultAccessor Allows the Backup Appliance permissions to create and manage backups in a backup vault. Backup and DR Backup Vault Accessor ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.backupvaultAdmin Allows the Backup Appliance full administrative control of backup vault resources. Backup and DR Backup Vault Admin ['backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.backupvaultLister Allows the Backup Appliance permission to list backup vaults in a given project. Backup and DR Backup Vault Lister ['backupdr.backupVaults.list'] GA
roles/backupdr.backupvaultViewer Allows read-only permissions to access backup vault resources and backups. Backup and DR Backup Vault Viewer ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.cloudStorageOperator Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage. Backup and DR Cloud Storage Operator ['storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list'] GA
roles/backupdr.computeEngineOperator Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances. Backup and DR Compute Engine Operator ['backupdr.managementServers.createConnection', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.pscInterfaceCreate', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.updateDisplayDevice', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.use', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.mangementServerAccessor Grants the Backup and DR management server access role to Backup Appliances. Backup and DR Management Server Accessor ['backupdr.managementServers.createConnection'] BETA
roles/backupdr.managementServerAccessor Grants the Backup and DR management server access role to Backup Appliances. Backup and DR Management Server Accessor ['backupdr.managementServers.createConnection'] BETA
roles/backupdr.mountUser Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup. Backup and DR Mount User ['backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.restoreUser Allows the user to restore or mount from a backup. This role cannot create a backup plan. Backup and DR Restore User ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.serviceAgent Grants the Backup and DR Service access to protect GCE instances. Backup and DR Service Agent ['compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.user Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console. Backup and DR User ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.userv2 Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing. Backup and DR User V2 ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.viewer Provides read-only access to all Backup and DR resources. Backup and DR Viewer ['backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkebackup.admin Full access to all Backup for GKE resources. Backup for GKE Admin ['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.cancel', 'gkebackup.operations.delete', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkebackup.backupAdmin Allows administrators to manage all BackupPlan and Backup resources. Backup for GKE Backup Admin ['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkebackup.delegatedBackupAdmin Allows administrators to manage Backup resources for specific BackupPlans Backup for GKE Delegated Backup Admin ['gkebackup.backupPlans.get', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list'] GA
roles/gkebackup.delegatedRestoreAdmin Allows administrators to manage Restore resources for specific RestorePlans Backup for GKE Delegated Restore Admin ['gkebackup.restorePlans.get', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list'] GA
roles/gkebackup.restoreAdmin Allows administrators to manage all RestorePlan and Restore resources. Backup for GKE Restore Admin ['gkebackup.backupPlans.get', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/gkebackup.serviceAgent Grants the Backup for GKE Service Account access to managed resources. Backup for GKE Service Agent ['compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.regionOperations.get', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.zoneOperations.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkebackup.operations.get', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.updateLiens'] GA
roles/gkebackup.viewer Read-only access to all Backup for GKE resources. Backup for GKE Viewer ['gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.admin Administrator of Bare Metal Solution resources Bare Metal Solution Admin ['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.editor Editor of Bare Metal Solution resources Bare Metal Solution Editor ['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.instancesadmin Admin of Bare Metal Solution Instance resources Bare Metal Solution Instances Admin ['baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.instancesviewer Viewer of Bare Metal Solution Instance resources Bare Metal Solution Instances Viewer ['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.procurementsadmin Administrator of Bare Metal Solution Procurements Bare Metal Solution Procurements Admin ['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list'] GA
roles/baremetalsolution.procurementseditor Editor of Bare Metal Solution Procurements Bare Metal Solution Procurements Editor ['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list'] GA
roles/baremetalsolution.procurementsviewer Viewer of Bare Metal Solution Procurements Bare Metal Solution Procurements Viewer ['baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list'] GA
roles/baremetalsolution.serviceAgent Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution. Bare Metal Solution Service Agent ['compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.networks.get', 'compute.networks.list', 'compute.projects.get', 'resourcemanager.projects.get'] GA
roles/baremetalsolution.storageadmin Administrator of Bare Metal Solution storage resources Bare Metal Solution Storage Admin ['baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/baremetalsolution.viewer Viewer of Bare Metal Solution resources Bare Metal Solution Viewer ['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/batch.admin Administrator of Batch resources Batch Administrator ['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/batch.agentReporter Reporter of Batch agent states. Batch Agent Reporter ['batch.states.report'] GA
roles/batch.jobsEditor Editor of Batch Jobs Batch Job Editor ['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/batch.jobsViewer Viewer of Batch Jobs, Task Groups and Tasks Batch Job Viewer ['batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/batch.resourceAllowancesEditor Editor of Batch ResourceAllowances Batch ResourceAllowance Editor ['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/batch.resourceAllowancesViewer Viewer of Batch ResourceAllowances Batch ResourceAllowance Viewer ['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/proximitybeacon.attachmentEditor Can create and delete attachments; can list and get a project's beacons; can list a project's namespaces. Beacon Attachment Editor ['proximitybeacon.attachments.create', 'proximitybeacon.attachments.delete', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.namespaces.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/proximitybeacon.attachmentPublisher Grants necessary permissions to use beacons to create attachments in namespaces not owned by this project. Beacon Attachment Publisher ['proximitybeacon.beacons.attach', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/proximitybeacon.attachmentViewer Can view all attachments under a namespace; no beacon or namespace permissions. Beacon Attachment Viewer ['proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/proximitybeacon.beaconEditor Necessary access to register, modify, and view beacons; no attachment or namespace permissions. Beacon Editor ['proximitybeacon.beacons.create', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/biglake.admin Provides full access to all BigLake resources. BigLake Admin ['biglake.catalogs.create', 'biglake.catalogs.delete', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.create', 'biglake.databases.delete', 'biglake.databases.get', 'biglake.databases.list', 'biglake.databases.update', 'biglake.locks.check', 'biglake.locks.create', 'biglake.locks.delete', 'biglake.locks.list', 'biglake.tables.create', 'biglake.tables.delete', 'biglake.tables.get', 'biglake.tables.list', 'biglake.tables.lock', 'biglake.tables.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/biglake.viewer Provides read-only access to all BigLake resources. BigLake Viewer ['biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.get', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.get', 'biglake.tables.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.admin Administer all BigQuery resources and data BigQuery Admin ['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.connectionAdmin BigQuery Connection Admin ['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use'] GA
roles/bigqueryconnection.serviceAgent Gives BigQuery Connection Service access to Cloud SQL instances in user projects. BigQuery Connection Service Agent ['cloudsql.instances.connect', 'cloudsql.instances.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create'] GA
roles/bigquery.connectionUser BigQuery Connection User ['bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.use'] GA
roles/bigquerycontinuousquery.serviceAgent Gives BigQuery Continuous Query access to the service accounts in the user project. BigQuery Continuous Query Service Agent ['iam.serviceAccounts.getAccessToken'] GA
roles/bigquery.dataEditor Access to edit all the contents of datasets BigQuery Data Editor ['bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.dataOwner Full access to datasets and all of their contents BigQuery Data Owner ['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquerydatapolicy.admin Role for managing Data Policies in BigQuery BigQuery Data Policy Admin ['bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update'] GA
roles/bigquerydatapolicy.viewer Role for viewing Data Policies in BigQuery BigQuery Data Policy Viewer ['bigquery.dataPolicies.get', 'bigquery.dataPolicies.list'] GA
roles/bigquerydatatransfer.serviceAgent Gives BigQuery Data Transfer Service access to start bigquery jobs in consumer project. BigQuery Data Transfer Service Agent ['bigquery.config.get', 'bigquery.jobs.create', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.regionOperations.get', 'compute.subnetworks.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'logging.logEntries.route', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.dataViewer Access to view datasets and all of their contents BigQuery Data Viewer ['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.createSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.filteredDataViewer Access to view filtered table data defined by a row access policy BigQuery Filtered Data Viewer ['bigquery.rowAccessPolicies.getFilteredData'] GA
roles/bigquery.jobUser Access to run jobs BigQuery Job User ['bigquery.config.get', 'bigquery.jobs.create', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.bigqueryMaterializedViewAdmin Admin of BigQuery Materialized View Insights and Recommendations. BigQuery Materialized View Recommender Admin ['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewInsights.update', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryMaterializedViewRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.bigqueryMaterializedViewViewer Viewer of BigQuery Materialized View Insights and Recommendations. BigQuery Materialized View Recommender Viewer ['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.metadataViewer Access to view table and dataset metadata BigQuery Metadata Viewer ['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.get', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigqueryomni.serviceAgent Gives BigQuery Omni access to tables in user projects. BigQuery Omni Service Agent ['bigquery.jobs.create', 'bigquery.tables.updateData'] GA
roles/recommender.bigqueryPartitionClusterAdmin Admin of BigQuery Partitioning Clustering recommendations. BigQuery Partitioning Clustering Recommender Admin ['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.update', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.bigqueryTableStatsInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.bigqueryPartitionClusterViewer Viewer of BigQuery Partitioning Clustering recommendations. BigQuery Partitioning Clustering Recommender Viewer ['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/bigquery.readSessionUser Access to create and use read sessions BigQuery Read Session User ['bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountAdmin Billing Account Admin of BigQuery Capacity Commitments insights and recommendations. BigQuery Recommender Billing Account Admin ['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update'] BETA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountViewer Billing Account Viewer of BigQuery Capacity Commitments insights and recommendations. BigQuery Recommender Billing Account Viewer ['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list'] BETA
roles/recommender.bigQueryCapacityCommitmentsProjectAdmin Project Admin of BigQuery Capacity Commitments insights and recommendations. BigQuery Recommender Project Admin ['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.bigQueryCapacityCommitmentsProjectViewer Project Viewer of BigQuery Capacity Commitments insights and recommendations. BigQuery Recommender Project Viewer ['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/bigquery.resourceAdmin Administers BigQuery workloads, including slot assignments, commitments, and reservations. BigQuery Resource Admin ['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.resourceEditor Manages BigQuery workloads, but is unable to create or modify slot commitments. BigQuery Resource Editor ['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.resourceViewer Can view BigQuery workloads, but cannot create or modify slot reservations or commitments. BigQuery Resource Viewer ['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.bigQueryCapacityCommitmentsAdmin Admin of BigQuery Capacity Commitments insights and recommendations. BigQuery Slot Recommender Admin ['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.bigQueryCapacityCommitmentsViewer Viewer of BigQuery Capacity Commitments insights and recommendations. BigQuery Slot Recommender Viewer ['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/bigqueryspark.serviceAgent Gives BigQuery Spark access to the service accounts in the user project. BigQuery Spark Service Agent ['iam.serviceAccounts.getAccessToken'] GA
roles/bigquery.studioAdmin Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin. BigQuery Studio Admin ['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'compute.reservations.get', 'compute.reservations.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.studioUser Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User. BigQuery Studio User ['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'bigquery.config.get', 'bigquery.jobs.create', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigquery.user When applied to a project, access to run queries, create datasets, read dataset metadata, and list tables. When applied to a dataset, access to read dataset metadata and list tables within the dataset. BigQuery User ['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.jobs.create', 'bigquery.jobs.list', 'bigquery.models.list', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.list', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.list', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/bigtable.admin Full access to all Bigtable resources and ability to assign Bigtable IAM roles. Bigtable Administrator ['bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get'] GA
roles/bigtable.reader Read access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families. Bigtable Reader ['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get'] GA
roles/bigtable.user Read and write access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families. Bigtable User ['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get'] GA
roles/bigtable.viewer Read access to metadata for instances, clusters, and tables, including column families. Bigtable Viewer ['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get'] GA
roles/billing.admin Authorized to see and manage all aspects of billing accounts. Billing Account Administrator ['billing.accounts.close', 'billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.move', 'billing.accounts.redeemPromotion', 'billing.accounts.removeFromOrganization', 'billing.accounts.reopen', 'billing.accounts.setIamPolicy', 'billing.accounts.update', 'billing.accounts.updatePaymentInfo', 'billing.accounts.updateUsageExportSpec', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.create', 'billing.resourceAssociations.delete', 'billing.resourceAssociations.list', 'billing.subscriptions.create', 'billing.subscriptions.get', 'billing.subscriptions.list', 'billing.subscriptions.update', 'cloudasset.assets.searchAllResources', 'cloudnotifications.activities.list', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'logging.logEntries.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/billing.costsManager Can view and export cost information of billing accounts. Billing Account Costs Manager ['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.updateUsageExportSpec', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.resourceAssociations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update'] GA
roles/billing.creator Creator of billing accounts. Billing Account Creator ['billing.accounts.create', 'resourcemanager.organizations.get'] GA
roles/recommender.billingAccountCudAdmin Admin of Billing Account Usage Commitment Recommender. Billing Account Usage Commitment Recommender Admin ['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update'] BETA
roles/recommender.billingAccountCudViewer Viewer of Billing Account Usage Commitment Recommender. Billing Account Usage Commitment Recommender Viewer ['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list'] BETA
roles/billing.user Can associate projects with billing accounts Billing Account User ['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.redeemPromotion', 'billing.credits.list', 'billing.resourceAssociations.create'] GA
roles/billing.viewer Can view information about billing accounts. Billing Account Viewer ['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.get', 'billing.budgets.list', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.list', 'billing.subscriptions.get', 'billing.subscriptions.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list'] GA
roles/binaryauthorization.attestorsAdmin Adminstrator of Binary Authorization Attestors Binary Authorization Attestor Admin ['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.setIamPolicy', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.attestorsEditor Editor of Binary Authorization Attestors Binary Authorization Attestor Editor ['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.attestorsVerifier Caller of Binary Authorization Attestors VerifyImageAttested Binary Authorization Attestor Image Verifier ['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.attestorsViewer Viewer of Binary Authorization Attestors Binary Authorization Attestor Viewer ['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.policyAdmin Administrator of Binary Authorization Policy Binary Authorization Policy Administrator ['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.setIamPolicy', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.setIamPolicy', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.policyEditor Editor of Binary Authorization Policy Binary Authorization Policy Editor ['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.policyEvaluator Evaluator of Binary Authorization Policy Binary Authorization Policy Evaluator ['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.policyViewer Viewer of Binary Authorization Policy Binary Authorization Policy Viewer ['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/binaryauthorization.serviceAgent Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures. Binary Authorization Service Agent ['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.update', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.listOccurrences', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.list'] GA
roles/blockchainnodeengine.admin Full access to Blockchain Node Engine resources. Blockchain Node Engine Admin ['blockchainnodeengine.blockchainNodes.create', 'blockchainnodeengine.blockchainNodes.delete', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.blockchainNodes.update', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.cancel', 'blockchainnodeengine.operations.delete', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/blockchainnodeengine.serviceAgent Grants Blockchain Node Engine access to metrics in user project Blockchain Node Engine Service Agent ['monitoring.timeSeries.list'] GA
roles/blockchainnodeengine.viewer Readonly access to Blockchain Node Engine resources. Blockchain Node Engine Viewer ['blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/blockchainvalidatormanager.admin Full access to Blockchain Validator Manager resources. Blockchain Validator Manager Admin ['blockchainvalidatormanager.blockchainValidatorConfigs.create', 'blockchainvalidatormanager.blockchainValidatorConfigs.delete', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.update', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.cancel', 'blockchainvalidatormanager.operations.delete', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/blockchainvalidatormanager.viewer Readonly access to Blockchain Validator Manager resources. Blockchain Validator Viewer ['blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/browser Access to browse GCP resources. Browser ['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list'] GA
roles/privateca.admin Full access to all CA Service resources. CA Service Admin ['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create'] GA
roles/privateca.auditor Read-only access to all CA Service resources. CA Service Auditor ['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/privateca.certificateManager Create certificates and read-only access for CA Service resources. CA Service Certificate Manager ['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.create', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/privateca.certificateRequester Request certificates from CA Service. CA Service Certificate Requester ['privateca.certificates.create'] GA
roles/privateca.templateUser Read, list and use certificate templates. CA Service Certificate Template User ['privateca.certificateTemplates.get', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.use'] GA
roles/privateca.caManager Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources. CA Service Operation Manager ['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.update', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.update', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create'] GA
roles/privateca.poolReader Read CA Pools in CA Service. CA Service Pool Reader ['privateca.caPools.get'] GA
roles/privateca.workloadCertificateRequester Request certificates from CA Service with caller's identity. CA Service Workload Certificate Requester ['privateca.certificates.createForSelf'] GA
roles/capacityplanner.viewer Read-only access to Capacity Planner usage resources Capacity Planner Usage Viewer ['capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'cloudquotas.quotas.get', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.reservations.get', 'compute.reservations.list', 'monitoring.timeSeries.list', 'resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get'] BETA
roles/billing.carbonViewer Carbon Footprint Viewer ['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.list'] GA
roles/carestudio.viewer This role can view all properties of Patients. Care Studio Patients Viewer ['carestudio.patients.get', 'carestudio.patients.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudprivatecatalogproducer.admin Can manage catalog and view its associations. Catalog Admin ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudprivatecatalog.consumer Can browse catalogs in the target resource context. Catalog Consumer ['cloudprivatecatalog.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudprivatecatalogproducer.manager Can manage associations between a catalog and a target resource. Catalog Manager ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudprivatecatalogproducer.orgAdmin Can manage catalog org settings. Catalog Org Admin ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/certificatemanager.editor Edit access to Certificate Manager all resources. Certificate Manager Editor ['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/certificatemanager.owner Full access to Certificate Manager all resources. Certificate Manager Owner ['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.delete', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.cancel', 'certificatemanager.operations.delete', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.delete', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/certificatemanager.serviceAgent Grants Certificate Manager access to services and APIs in the user project. Certificate Manager Service Agent ['certificatemanager.locations.get'] GA
roles/certificatemanager.viewer Read-only access to Certificate Manager all resources. Certificate Manager Viewer ['certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/integrations.certificateViewer A developer that can list and view Certificates. Certificate Viewer ['integrations.certificates.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/chat.owner Can view and modify app configurations Chat Apps Owner ['chat.bots.get', 'chat.bots.update'] GA
roles/chat.reader Can view app configurations Chat Apps Viewer ['chat.bots.get'] GA
roles/chronicle.admin Full access to the Chronicle API services, including global settings. Chronicle API Admin ['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.bigQueryAccess.provide', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessLabels.create', 'chronicle.dataAccessLabels.delete', 'chronicle.dataAccessLabels.get', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessLabels.update', 'chronicle.dataAccessScopes.create', 'chronicle.dataAccessScopes.delete', 'chronicle.dataAccessScopes.get', 'chronicle.dataAccessScopes.list', 'chronicle.dataAccessScopes.permit', 'chronicle.dataAccessScopes.update', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.extensionValidationReports.get', 'chronicle.extensionValidationReports.list', 'chronicle.feedServiceAccounts.fetch', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.create', 'chronicle.feeds.delete', 'chronicle.feeds.disable', 'chronicle.feeds.enable', 'chronicle.feeds.generateSecret', 'chronicle.feeds.get', 'chronicle.feeds.list', 'chronicle.feeds.update', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.generateWorkspaceConnectionToken', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.parserExtensions.activate', 'chronicle.parserExtensions.create', 'chronicle.parserExtensions.delete', 'chronicle.parserExtensions.generateKeyValueMappings', 'chronicle.parserExtensions.get', 'chronicle.parserExtensions.legacySubmitParserExtension', 'chronicle.parserExtensions.list', 'chronicle.parserExtensions.removeSyslog', 'chronicle.parsers.activate', 'chronicle.parsers.activateReleaseCandidate', 'chronicle.parsers.copyPrebuiltParser', 'chronicle.parsers.create', 'chronicle.parsers.deactivate', 'chronicle.parsers.delete', 'chronicle.parsers.generateEventTypesSuggestions', 'chronicle.parsers.get', 'chronicle.parsers.list', 'chronicle.parsers.runParser', 'chronicle.parsingErrors.list', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.validationErrors.list', 'chronicle.validationReports.get', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/chronicle.editor Modify Access to Chronicle API resources. Chronicle API Editor ['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/chronicle.globalDataAccess Grants global access to data i.e. all data can be accessed. Chronicle API Global Data Access ['chronicle.globalDataAccessScopes.permit'] BETA
roles/chronicle.limitedViewer Grants readonly access to Chronicle API resources, excluding Rules and Retrohunts. Chronicle API Limited Viewer ['chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.get', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/chronicle.restrictedDataAccess Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions. Chronicle API Restricted Data Access ['chronicle.dataAccessScopes.permit'] BETA
roles/chronicle.restrictedDataAccessViewer Grants readonly access to Chronicle API resources without global data access scope. Chronicle API Restricted Data Access Viewer ['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.report', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/chronicle.viewer Readonly access to the Chronicle API resources. Chronicle API Viewer ['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/chroniclesm.admin Admins can view and modify Chronicle service details. Chronicle Service Admin ['chroniclesm.gcpAssociations.create', 'chroniclesm.gcpAssociations.delete', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update'] GA
roles/chronicle.serviceAgent Grants Chronicle scoped access to customer project Chronicle Service Agent ['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.datasets.create', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'chronicle.instances.get', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get'] GA
roles/chroniclesm.viewer Viewers can see Chronicle service details but not change them. Chronicle Service Viewer ['chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpSettings.get'] GA
roles/chronicle.soarAdmin Grants admin access to Chronicle SOAR. Chronicle SOAR Admin ['chronicle.instances.soarAdmin', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] BETA
roles/chronicle.soarServiceAgent Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources. Chronicle SOAR Service Agent ['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.list', 'compute.instances.stop', 'compute.instances.updateNetworkInterface', 'compute.networks.updatePolicy', 'compute.zones.list', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'resourcemanager.organizations.getIamPolicy', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.list', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.update', 'securitycenter.sources.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.update'] GA
roles/chronicle.soarThreatManager Grants threat manager access to Chronicle SOAR. Chronicle SOAR Threat Manager ['chronicle.instances.soarThreatManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] BETA
roles/chronicle.soarVulnerabilityManager Grants vulnerability manager access to Chronicle SOAR. Chronicle SOAR Vulnerability Manager ['chronicle.instances.soarVulnerabilityManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] BETA
roles/ciem.serviceAgent Gives CIEM Service Account permission to access GCP resources CIEM Service Agent ['cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'resourcemanager.organizations.get'] GA
roles/accesscontextmanager.gcpAccessAdmin Create, edit, and change Cloud access bindings. Cloud Access Binding Admin ['accesscontextmanager.gcpUserAccessBindings.create', 'accesscontextmanager.gcpUserAccessBindings.delete', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.gcpUserAccessBindings.update'] GA
roles/accesscontextmanager.gcpAccessReader Read access to Cloud access bindings. Cloud Access Binding Reader ['accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list'] GA
roles/cloudaicompanion.serviceAgent Gives Cloud AI Companion components the proper permissions to function. Cloud AI Companion Service Agent ['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use'] GA
roles/alloydb.admin Full access to Cloud AlloyDB all resources. Cloud AlloyDB Admin ['alloydb.backups.create', 'alloydb.backups.createTagBinding', 'alloydb.backups.delete', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.backups.update', 'alloydb.clusters.create', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.delete', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.export', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.import', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.clusters.promote', 'alloydb.clusters.switchover', 'alloydb.clusters.update', 'alloydb.clusters.upgrade', 'alloydb.databases.list', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.executeSql', 'alloydb.instances.failover', 'alloydb.instances.get', 'alloydb.instances.injectFault', 'alloydb.instances.list', 'alloydb.instances.restart', 'alloydb.instances.update', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.cancel', 'alloydb.operations.delete', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.create', 'alloydb.users.delete', 'alloydb.users.get', 'alloydb.users.list', 'alloydb.users.login', 'alloydb.users.update', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/alloydb.client Connectivity access to Cloud AlloyDB instances. Cloud AlloyDB Client ['alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.instances.connect', 'alloydb.instances.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/alloydb.databaseUser Role allowing access to login as a database user. Cloud AlloyDB Database User ['alloydb.clusters.get', 'alloydb.instances.executeSql', 'alloydb.instances.get', 'alloydb.users.login', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/alloydb.viewer Read-only access to Cloud AlloyDB all resources. Cloud AlloyDB Viewer ['alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.export', 'alloydb.clusters.get', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.databases.list', 'alloydb.instances.get', 'alloydb.instances.list', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.get', 'alloydb.users.list', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apigateway_management.serviceAgent Gives Cloud API Gateway service account access to retrieve aService configuration. Cloud API Gateway Management Service Agent ['iam.serviceAccounts.get', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.list', 'servicemanagement.services.update', 'serviceusage.services.get'] GA
roles/apigateway.serviceAgent Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts. Cloud API Gateway Service Agent ['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'servicemanagement.services.check', 'servicemanagement.services.quota', 'servicemanagement.services.report'] GA
roles/apihub.admin Full access to all API hub resources. Cloud API Hub Admin ['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.attributeAdmin Full access to all Cloud API hub attribute's resources. Cloud API hub Attributes Admin ['apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.editor Edit access to most of Cloud API Hub resources. Cloud API Hub Editor ['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.pluginAdmin Full access to all Cloud API hub plugin's resources. Cloud API hub Plugins Admin ['apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.specs.lint', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.provisioningAdmin Full access to Cloud API hub provisioning related resources. Cloud API hub Provisioning Admin ['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apihub.viewer View access to all Cloud API hub resources. Cloud API hub Viewer ['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apis.get', 'apihub.apis.list', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.get', 'apihub.specs.list', 'apihub.styleGuides.get', 'apihub.versions.get', 'apihub.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apigeeregistry.admin Full access to Cloud Apigee Registry Registry and Runtime resources. Cloud Apigee Registry Admin ['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.setIamPolicy', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.setIamPolicy', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.instances.get', 'apigeeregistry.instances.update', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.cancel', 'apigeeregistry.operations.delete', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.setIamPolicy', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.setIamPolicy', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apigeeregistry.editor Edit access to Cloud Apigee Registry Registry resources. Cloud Apigee Registry Editor ['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apigeeregistry.viewer Read-only access to Cloud Apigee Registry Registry resources. Cloud Apigee Registry Viewer ['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/apigeeregistry.worker The role used by Apigee Registry application workers to read and update Apigee Registry Artifacts. Cloud Apigee Registry Worker ['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudAssetInsightsAdmin Admin of all Cloud Asset insights. Cloud Asset Insights Admin ['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.cloudAssetInsightsViewer Viewer of all Cloud Asset insights. Cloud Asset Insights Viewer ['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudasset.owner Full access to cloud assets metadata Cloud Asset Owner ['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.locations.get', 'recommender.locations.list'] GA
roles/cloudasset.serviceAgent Gives Cloud Asset service agent permissions to Cloud Storage and BigQuery for exporting Assets, and permission to publish to Cloud Pub/Sub topics for Asset Real Time Feed. Cloud Asset Service Agent ['bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'pubsub.topics.publish', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get'] GA
roles/cloudasset.viewer Read only access to cloud assets metadata Cloud Asset Viewer ['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list'] GA
roles/beyondcorp.admin Full access to all Cloud BeyondCorp resources. Cloud BeyondCorp Admin ['beyondcorp.appConnections.create', 'beyondcorp.appConnections.delete', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.setIamPolicy', 'beyondcorp.appConnections.update', 'beyondcorp.appConnectors.create', 'beyondcorp.appConnectors.delete', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.reportStatus', 'beyondcorp.appConnectors.setIamPolicy', 'beyondcorp.appConnectors.update', 'beyondcorp.appGateways.create', 'beyondcorp.appGateways.delete', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.setIamPolicy', 'beyondcorp.appGateways.update', 'beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/beyondcorp.clientConnectorAdmin Full access to all BeyondCorp Client Connector resources. Cloud BeyondCorp Client Connector Admin ['beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/beyondcorp.clientConnectorServiceUser Access Client Connector Service Cloud BeyondCorp Client Connector Service User ['beyondcorp.clientConnectorServices.access'] BETA
roles/beyondcorp.clientConnectorViewer Read-only access to all BeyondCorp Client Connector resources. Cloud BeyondCorp Client Connector Viewer ['beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/beyondcorp.partnerServiceDelegateAdmin Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner. Cloud BeyondCorp Partner Service Delegate Admin ['beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.create', 'beyondcorp.partnerTenants.delete', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.partnerTenants.update', 'beyondcorp.proxyConfigs.create', 'beyondcorp.proxyConfigs.delete', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.proxyConfigs.update', 'resourcemanager.organizations.get'] BETA
roles/beyondcorp.partnerServiceDelegateViewer Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner. Cloud BeyondCorp Partner Service Delegate Viewer ['beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'resourcemanager.organizations.get'] BETA
roles/beyondcorp.subscriptionAdmin Full access to all BeyondCorp Subscription resources. Cloud BeyondCorp Subscription Admin ['beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.organizations.get'] BETA
roles/beyondcorp.subscriptionViewer Read-only access to all BeyondCorp Subscription resources. Cloud BeyondCorp Subscription Viewer ['beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get'] BETA
roles/beyondcorp.viewer Read-only access to all Cloud BeyondCorp resources. Cloud BeyondCorp Viewer ['beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudbuild.builds.approver Can approve or reject pending builds. Cloud Build Approver ['cloudbuild.builds.approve', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.connectionAdmin Can manage connections and repositories. Cloud Build Connection Admin ['cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.connectionViewer Can view and list connections and repositories. Cloud Build Connection Viewer ['cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.builds.editor Can create and cancel builds Cloud Build Editor ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.integrationsEditor Can update Integrations Cloud Build Integrations Editor ['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.integrationsOwner Can create/delete Integrations Cloud Build Integrations Owner ['cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'compute.firewalls.create', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regions.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.integrationsViewer Can view Integrations Cloud Build Integrations Viewer ['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.loggingServiceAgent Gives the Cloud Build logging-specific service account access to write logs. Cloud Build Logging Service Agent ['logging.buckets.write'] GA
roles/cloudbuild.readTokenAccessor Can view the connection and access its read-only token. Cloud Build Read Only Token Accessor ['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.get'] GA
roles/cloudbuild.builds.builder Can perform builds Cloud Build Service Account ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.topics.create', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/cloudbuild.serviceAgent Gives Cloud Build service account access to managed resources. Cloud Build Service Agent ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.regionOperations.get', 'compute.subnetworks.get', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'developerconnect.connections.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.networks.access', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/cloudbuild.tokenAccessor Can view the connection and access its read/write and read-only tokens. Cloud Build Token Accessor ['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list'] GA
roles/cloudbuild.builds.viewer Can view builds Cloud Build Viewer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.workerPoolEditor Can update and view WorkerPools Cloud Build WorkerPool Editor ['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.workerPoolOwner Can create, delete, update, and view WorkerPools Cloud Build WorkerPool Owner ['cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.workerPoolUser Can run builds in the WorkerPool Cloud Build WorkerPool User ['cloudbuild.workerpools.use'] GA
roles/cloudbuild.workerPoolViewer Can view WorkerPools Cloud Build WorkerPool Viewer ['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/composer.serviceAgent Cloud Composer API service agent can manage environments. Cloud Composer API Service Agent ['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'cloudaicompanion.entitlements.get', 'cloudnotifications.activities.list', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'composer.dags.get', 'composer.environments.get', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.list', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics'] GA
roles/composer.ServiceAgentV2Ext Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments. Cloud Composer v2 API Service Agent Extension ['iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.setIamPolicy'] GA
roles/cloudcontrolspartner.accessApprovalServiceAgent Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner. Cloud Controls Partner Access Approval Service Agent ['accessapproval.requests.get', 'accessapproval.requests.list'] GA
roles/cloudcontrolspartner.admin Full access to Cloud Controls Partner resources. Cloud Controls Partner Admin ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudcontrolspartner.editor Editor access to Cloud Controls Partner resources. Cloud Controls Partner Editor ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudcontrolspartner.ekmServiceAgent Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information. Cloud Controls Partner EKM Service Agent ['cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.verifyConnectivity'] GA
roles/cloudcontrolspartner.inspectabilityReader Readonly access to Cloud Controls Partner inspectability resources. Cloud Controls Partner Inspectability Reader ['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.platformcontrols.get'] GA
roles/cloudcontrolspartner.monitoringReader Readonly access to Cloud Controls Partner monitoring resources. Cloud Controls Partner Monitoring Reader ['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudcontrolspartner.monitoringServiceAgent Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability. Cloud Controls Partner Monitoring Service Agent ['assuredworkloads.violations.get', 'assuredworkloads.violations.list'] GA
roles/cloudcontrolspartner.reader Readonly access to Cloud Controls Partner resources. Cloud Controls Partner Reader ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudcontrolspartner.supportCaseServiceAgent Gives the Partner Console service account access to support cases for workloads associated with a partner. Cloud Controls Partner Support Case Service Agent ['cloudsupport.techCases.get'] GA
roles/recommender.cloudCostRecommendationAdmin Admin of Cloud Cost General Recommendations Insights and Recommendations. Cloud Cost General Recommendations Recommender Admin ['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralInsights.update', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudCostGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudCostRecommendationViewer Viewer of Cloud Cost General Recommendations Insights and Recommendations. Cloud Cost General Recommendations Recommender Viewer ['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/datafusion.accessor Read-only access to Cloud Data Fusion Instances. Use it on instance level along with the namespace grants to provide access to the specific namespace. Cloud Data Fusion Accessor ['datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/datafusion.admin Full access to Cloud Data Fusion Instances, Namespaces and related resources. Cloud Data Fusion Admin ['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.create', 'datafusion.instances.createTagBinding', 'datafusion.instances.delete', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.instances.restart', 'datafusion.instances.runtime', 'datafusion.instances.setIamPolicy', 'datafusion.instances.update', 'datafusion.instances.upgrade', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.cancel', 'datafusion.operations.delete', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.create', 'datafusion.pipelineConnections.delete', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.update', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datafusion.serviceAgent Gives Cloud Data Fusion service account access to Service Networking, Cloud Dataproc, Cloud Storage, BigQuery, Cloud Spanner, and Cloud Bigtable resources. Cloud Data Fusion API Service Agent ['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalOperations.get', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.update', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.removePeering', 'compute.networks.update', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zones.get', 'compute.zones.list', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.list', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.terminate', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.update', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.update', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicenetworking.services.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.getDdl', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.write', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics'] GA
roles/datafusion.developer Access Cloud Data Fusion Instances, develop and run pipelines. Cloud Data Fusion Developer ['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/datafusion.operator Access Cloud Data Fusion Instances, operate namespaces and related resources. Cloud Data Fusion Operator ['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/datafusion.runner Access to Cloud Data Fusion runtime resources. Cloud Data Fusion Runner ['datafusion.instances.runtime'] GA
roles/datafusion.viewer Read-only access to Cloud Data Fusion Instances, Namespaces and related resources. Cloud Data Fusion Viewer ['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/dataflow.serviceAgent Gives Cloud Dataflow service account access to managed resources. Includes access to service accounts. Cloud Dataflow Service Agent ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create', 'cloudnotifications.activities.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics'] GA
roles/dataplex.serviceAgent Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management. Cloud Dataplex Service Agent ['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.get', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.assets.getIamPolicy', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.projects.search', 'dataplex.zones.getIamPolicy', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.get', 'dataproc.operations.cancel', 'dataproc.operations.get', 'dataproc.operations.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'logging.logEntries.create', 'logging.logEntries.route', 'metastore.services.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update'] GA
roles/datastore.backupSchedulesAdmin Manage backup schedules in Cloud Datastore. Cloud Datastore Backup Schedules Admin ['datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.databases.getMetadata', 'datastore.databases.list'] GA
roles/datastore.backupSchedulesViewer Read access to backup schedules in Cloud Datastore. Cloud Datastore Backup Schedules Viewer ['datastore.backupSchedules.get', 'datastore.backupSchedules.list'] GA
roles/datastore.backupsAdmin Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed. Cloud Datastore Backups Admin ['datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list'] GA
roles/datastore.backupsViewer Read access to metadata about backups in Cloud Datastore. Cloud Datastore Backups Viewer ['datastore.backups.get', 'datastore.backups.list'] GA
roles/datastore.bulkAdmin Full access to manage bulk operations. Cloud Datastore Bulk Admin ['datastore.databases.bulkDelete', 'datastore.databases.getMetadata', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.importExportAdmin Full access to manage imports and exports. Cloud Datastore Import Export Admin ['appengine.applications.get', 'datastore.databases.export', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.indexAdmin Full access to manage index definitions. Cloud Datastore Index Admin ['appengine.applications.get', 'datastore.databases.getMetadata', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.keyVisualizerViewer Full access to Key Visualizer scans. Cloud Datastore Key Visualizer Viewer ['datastore.databases.getMetadata', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.owner Full access to Cloud Datastore. Cloud Datastore Owner ['appengine.applications.get', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.restoreAdmin Restore into Cloud Datastore Databases from Cloud Datastore Backups. Cloud Datastore Restore Admin ['datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.create', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.operations.get', 'datastore.operations.list'] GA
roles/datastore.user Provides read/write access to data in a Cloud Datastore database. Intended for application developers and service accounts. Cloud Datastore User ['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/datastore.viewer Read access to all Cloud Datastore resources. Cloud Datastore Viewer ['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddebugger.agent Cloud Debugger agents are allowed to register and provide debug snapshot data. Cloud Debugger Agent ['clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create'] BETA
roles/clouddebugger.user User Access to Cloud Debugger. Can create, delete and view snapshots and logpoints. Cloud Debugger User ['clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list'] BETA
roles/clouddeploy.admin Full control of Cloud Deploy resources. Cloud Deploy Admin ['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.setIamPolicy', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.approver Permission to approve or reject rollouts. Cloud Deploy Approver ['clouddeploy.config.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.customTargetTypeAdmin Permission to manage CustomTargetType resources Cloud Deploy Custom Target Type Admin ['clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.developer Permission to manage deployment configuration without permission to access operational resources, such as targets. Cloud Deploy Developer ['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.operator Permission to manage deployment configuration. Cloud Deploy Operator ['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.policyAdmin Permission to manage Deploy Policies. Cloud Deploy Policy Admin ['clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddeploy.policyOverrider Permission to override Deploy Policies. Cloud Deploy Policy Overrider ['clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddeploy.releaser Permission to create Cloud Deploy releases and rollouts. Cloud Deploy Releaser ['clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.create', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.jobRunner Permission to execute Cloud Deploy work without permission to deliver to a target. Cloud Deploy Runner ['clouddeploy.config.get', 'logging.logEntries.create', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list'] GA
roles/clouddeploy.serviceAgent Gives Cloud Deploy Service Account access to managed resources. Cloud Deploy Service Agent ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.get'] GA
roles/clouddeploy.viewer Can view Cloud Deploy resources. Cloud Deploy Viewer ['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploymentmanager.serviceAgent Allows Deployment Manager service to actuate resources across DM projects and folders Cloud Deployment Manager Service Agent ['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.update', 'appengine.applications.get', 'appengine.operations.get', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.update', 'bigquery.connections.get', 'bigquery.datasets.create', 'bigquery.datasets.delete', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.update', 'bigquery.jobs.create', 'bigquery.routines.create', 'bigquery.routines.get', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.setCategory', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.instances.create', 'bigtable.instances.delete', 'bigtable.instances.get', 'bigtable.instances.update', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.get', 'bigtable.tables.update', 'billing.resourceAssociations.create', 'billing.resourcebudgets.write', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.update', 'cloudfunctions.operations.get', 'cloudprivatecatalog.targets.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.update', 'cloudsql.backupRuns.create', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.get', 'cloudsql.instances.import', 'cloudsql.instances.restart', 'cloudsql.instances.update', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendBuckets.create', 'compute.backendBuckets.delete', 'compute.backendBuckets.get', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.create', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.get', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.setLabels', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.delete', 'compute.images.deprecate', 'compute.images.get', 'compute.images.setLabels', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.listTagBindings', 'compute.instances.resume', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateDisplayDevice', 'compute.instances.use', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.setLabels', 'compute.interconnects.use', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.use', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.packetMirrorings.create', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.get', 'compute.projects.get', 'compute.projects.setUsageExportBucket', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.get', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.use', 'compute.regions.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.use', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.update', 'compute.routers.use', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.securityPolicies.create', 'compute.securityPolicies.delete', 'compute.securityPolicies.get', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.get', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.delete', 'compute.sslCertificates.get', 'compute.sslPolicies.create', 'compute.sslPolicies.delete', 'compute.sslPolicies.get', 'compute.sslPolicies.use', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.mirror', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.delete', 'compute.targetInstances.get', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.delete', 'compute.targetPools.get', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.update', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.operations.get', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.update', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.update', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'datacatalog.taxonomies.get', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.nodeGroups.create', 'dataproc.operations.get', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.update', 'deploymentmanager.operations.get', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.update', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.policies.delete', 'dns.policies.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'file.instances.create', 'file.instances.delete', 'file.instances.get', 'file.instances.update', 'file.operations.get', 'firebase.projects.get', 'firebase.projects.update', 'firebaseanalytics.resources.googleAnalyticsEdit', 'iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.update', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'iam.serviceAccounts.update', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.update', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'logging.notificationRules.create', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.update', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.update', 'networksecurity.serverTlsPolicies.use', 'pubsub.schemas.attach', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.publish', 'pubsub.topics.update', 'redis.instances.create', 'redis.instances.delete', 'redis.instances.get', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.operations.get', 'resourcemanager.folders.create', 'resourcemanager.folders.delete', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.update', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.create', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.delete', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.update', 'resourcemanager.projects.updateLiens', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicemanagement.services.bind', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.create', 'spanner.databaseOperations.get', 'spanner.databases.create', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.updateDdl', 'spanner.instanceOperations.get', 'spanner.instances.create', 'spanner.instances.delete', 'spanner.instances.get', 'spanner.instances.update', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.update', 'storage.hmacKeys.create', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.operations.get', 'workflows.operations.get', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get'] GA
roles/recommender.cloudDeprecationRecommendationAdmin Admin of Cloud Deprecation General Recommender Insights and Recommendations. Cloud Deprecation General Recommender Admin ['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralInsights.update', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudDeprecationRecommendationViewer Viewer of Cloud Deprecation General Recommender Insights and Recommendations. Cloud Deprecation General Recommender Viewer ['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/dns.serviceAgent Gives Cloud DNS Service Agent access to Cloud Platform resources. Cloud DNS Service Agent ['compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalOperations.get', 'compute.healthChecks.get'] GA
roles/domains.admin Full access to Cloud Domains Registrations and related resources. Cloud Domains Admin ['domains.locations.get', 'domains.locations.list', 'domains.operations.cancel', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.configureContact', 'domains.registrations.configureDns', 'domains.registrations.configureManagement', 'domains.registrations.create', 'domains.registrations.createTagBinding', 'domains.registrations.delete', 'domains.registrations.deleteTagBinding', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'domains.registrations.setIamPolicy', 'domains.registrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/domains.viewer Read-only access to Cloud Domains Registrations and related resources. Cloud Domains Viewer ['domains.locations.get', 'domains.locations.list', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/endpoints.serviceAgent Gives the Cloud Endpoints service account access to Endpoints services and the ability to act as a service controller. Cloud Endpoints Service Agent ['servicemanagement.services.check', 'servicemanagement.services.get', 'servicemanagement.services.quota', 'servicemanagement.services.report'] GA
roles/file.editor Read-write access to Filestore instances and related resources. Cloud Filestore Editor ['file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update'] BETA
roles/file.serviceAgent Gives Cloud Filestore service account access to managed resources. Cloud Filestore Service Agent ['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.routes.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/file.viewer Read-only access to Filestore instances and related resources. Cloud Filestore Viewer ['file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.locations.get', 'file.locations.list', 'file.operations.get', 'file.operations.list', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings'] BETA
roles/firewallinsights.serviceAgent Gives Cloud Firewall Insights service agent permissions to retrieve Firewall, VM and route resources on user behalf. Cloud Firewall Insights Service Agent ['compute.backendServices.list', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.healthChecks.list', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.list', 'compute.instanceGroups.list', 'compute.instances.get', 'compute.instances.list', 'compute.networks.getEffectiveFirewalls', 'compute.networks.list', 'compute.projects.get', 'compute.regionTargetTcpProxies.list', 'compute.routers.list', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.list', 'compute.targetPools.list', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.vpnTunnels.list'] GA
roles/cloudfunctions.admin Full access to functions, operations and locations. Cloud Functions Admin ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.developer Read and write access to all functions-related resources. Cloud Functions Developer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.invoker Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead. Cloud Functions Invoker ['cloudfunctions.functions.invoke'] GA
roles/cloudfunctions.serviceAgent Gives Cloud Functions service account access to managed resources. Cloud Functions Service Agent ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'compute.globalOperations.get', 'compute.networks.access', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebasedatabase.instances.get', 'firebasedatabase.instances.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/cloudfunctions.viewer Read-only access to functions and locations. Cloud Functions Viewer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/ids.admin Full access to Cloud IDS all resources. Cloud IDS Admin ['ids.endpoints.create', 'ids.endpoints.delete', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.setIamPolicy', 'ids.endpoints.update', 'ids.locations.get', 'ids.locations.list', 'ids.operations.cancel', 'ids.operations.delete', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/ids.viewer Read-only access to Cloud IDS all resources. Cloud IDS Viewer ['ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.locations.get', 'ids.locations.list', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/config.admin Full access to Cloud Infrastructure Manager resources. Cloud Infrastructure Manager Admin ['config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.deleteState', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.list', 'config.deployments.lock', 'config.deployments.setIamPolicy', 'config.deployments.unlock', 'config.deployments.update', 'config.deployments.updateState', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.export', 'config.previews.get', 'config.previews.list', 'config.previews.upload', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.getState', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/config.agent Required permissions to make Cloud Infrastructure Manager work with the user-specified service account Cloud Infrastructure Manager Agent ['cloudbuild.connections.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.list', 'cloudquotas.quotas.get', 'config.artifacts.import', 'config.deployments.deleteState', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.updateState', 'config.previews.upload', 'config.revisions.getState', 'logging.logEntries.create', 'monitoring.timeSeries.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] BETA
roles/config.viewer Read-only access to Cloud Infrastructure Manager resources. Cloud Infrastructure Manager Viewer ['config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.get', 'config.locations.list', 'config.operations.get', 'config.operations.list', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudiot.admin Full control of all Cloud IoT resources and permissions. Cloud IoT Admin ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.getIamPolicy', 'cloudiot.registries.list', 'cloudiot.registries.setIamPolicy', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update'] GA
roles/cloudiot.serviceAgent Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs. Cloud IoT Core Service Agent ['logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish'] GA
roles/cloudiot.deviceController Access to update the device configuration, but not to create or delete devices. Cloud IoT Device Controller ['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudiot.editor Read-write access to all Cloud IoT resources. Cloud IoT Editor ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update'] GA
roles/cloudiot.provisioner Access to create and delete devices from registries, but not to modify the registries, and enable devices to publish to topics associated with IoT registry. Cloud IoT Provisioner ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudiot.viewer Read-only access to all Cloud IoT resources. Cloud IoT Viewer ['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudkms.admin Enables management of crypto resources. Cloud KMS Admin ['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.destroy', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.restore', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.locations.optOutKeyDeletionMsa', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'resourcemanager.projects.get'] GA
roles/cloudkms.autokeyAdmin Enables management of AutokeyConfig. Cloud KMS Autokey Admin ['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.projects.showEffectiveAutokeyConfig'] GA
roles/cloudkms.autokeyUser Grants ability to use KeyHandle resources. Cloud KMS Autokey User ['cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig'] GA
roles/cloudkms.cryptoOperator Enables all Crypto Operations. Cloud KMS Crypto Operator ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.cryptoKeyDecrypter Enables Decrypt operations Cloud KMS CryptoKey Decrypter ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.cryptoKeyDecrypterViaDelegation Enables Decrypt operations via other GCP services Cloud KMS CryptoKey Decrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.cryptoKeyEncrypter Enables Encrypt operations Cloud KMS CryptoKey Encrypter ['cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.cryptoKeyEncrypterViaDelegation Enables Encrypt operations via other GCP services Cloud KMS CryptoKey Encrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.cryptoKeyEncrypterDecrypter Enables Encrypt and Decrypt operations Cloud KMS CryptoKey Encrypter/Decrypter ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation Enables Encrypt and Decrypt operations via other GCP services Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.publicKeyViewer Enables GetPublicKey operations Cloud KMS CryptoKey Public Key Viewer ['cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.signer Enables Sign operations Cloud KMS CryptoKey Signer ['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.signerVerifier Enables Sign, Verify, and GetPublicKey operations Cloud KMS CryptoKey Signer/Verifier ['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.verifier Enables Verify and GetPublicKey operations Cloud KMS CryptoKey Verifier ['cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.ekmConnectionsAdmin Enables management of EkmConnections. Cloud KMS EkmConnections Admin ['cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.verifyConnectivity', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.expertRawAesCbc Enables raw AES-CBC keys management. Cloud KMS Expert Raw AES-CBC Key Manager ['cloudkms.cryptoKeyVersions.manageRawAesCbcKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.expertRawAesCtr Enables raw AES-CTR keys management. Cloud KMS Expert Raw AES-CTR Key Manager ['cloudkms.cryptoKeyVersions.manageRawAesCtrKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.expertRawPKCS1 Enables raw PKCS#1 keys management. Cloud KMS Expert Raw PKCS#1 Key Manager ['cloudkms.cryptoKeyVersions.manageRawPKCS1Keys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.importer Enables ImportCryptoKeyVersion, CreateImportJob, ListImportJobs, and GetImportJob operations Cloud KMS Importer ['cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.importJobs.useToImport', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkmskacls.serviceAgent Grants Cloud KMS KACLS Service Agent access to KMS resource permissions to perform DEK encryption/decryption. Cloud KMS KACLS Service Agent ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeys.get'] GA
roles/cloudkms.orgServiceAgent Gives Cloud KMS organization-level service account access to managed resources. Cloud KMS Organization Service Agent ['cloudasset.assets.searchAllResources'] GA
roles/cloudkms.protectedResourcesViewer Enables viewing protected resources. Cloud KMS Protected Resources Viewer ['cloudkms.protectedResources.search'] GA
roles/cloudkms.serviceAgent Gives Cloud KMS service account access to managed resources. Cloud KMS Service Agent ['cloudasset.assets.listCloudkmsCryptoKeys'] GA
roles/cloudkms.viewer Enables Get and List operations. Cloud KMS Viewer ['cloudkms.autokeyConfigs.get', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.get', 'cloudkms.keyRings.list', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'resourcemanager.projects.get'] GA
roles/lifesciences.admin Full control of Cloud Life Sciences resources. Cloud Life Sciences Admin ['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run'] BETA
roles/lifesciences.editor Access to read and edit Cloud Life Sciences resources. Cloud Life Sciences Editor ['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run'] BETA
roles/lifesciences.serviceAgent Gives Cloud Life Sciences Service Account access to compute resources. Includes access to service accounts. Cloud Life Sciences Service Agent ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use'] GA
roles/lifesciences.viewer Access to read Cloud Life Sciences resources. Cloud Life Sciences Viewer ['lifesciences.operations.get', 'lifesciences.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/lifesciences.workflowsRunner Full access to operate on Cloud Life Sciences workflows. Cloud Life Sciences Workflows Runner ['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run'] BETA
roles/logging.serviceAgent Grants a Cloud Logging Service Account the ability to create and link datasets. Cloud Logging Service Agent ['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.link'] GA
roles/recommender.cloudManageabilityRecommendationAdmin Admin of Cloud Manageability General Recommendations Insights and Recommendations. Cloud Manageability General Recommendations Recommender Admin ['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralInsights.update', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudManageabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudManageabilityRecommendationViewer Viewer of Cloud Manageability General Recommendations Insights and Recommendations. Cloud Manageability General Recommendations Recommender Viewer ['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/managedidentities.serviceAgent Gives Managed Identities service account access to managed resources. Cloud Managed Identities Service Agent ['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/memcache.admin Full access to Memcached instances and related resources. Cloud Memorystore Memcached Admin ['compute.networks.list', 'memcache.instances.applyParameters', 'memcache.instances.applySoftwareUpdate', 'memcache.instances.create', 'memcache.instances.delete', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.rescheduleMaintenance', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.instances.upgrade', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/memcache.editor Read-Write access to Memcached instances and related resources. Cloud Memorystore Memcached Editor ['memcache.instances.applyParameters', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/memcache.serviceAgent Gives Cloud Memorystore Memcached service account access to managed resource Cloud Memorystore Memcached Service Agent ['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/memcache.viewer Read-only access to Memcached instances and related resources. Cloud Memorystore Memcached Viewer ['memcache.instances.get', 'memcache.instances.list', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/redis.admin Full access to Redis instances and related resources. Cloud Memorystore Redis Admin ['compute.networks.list', 'networkconnectivity.serviceConnectionPolicies.list', 'redis.clusters.connect', 'redis.clusters.create', 'redis.clusters.delete', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.create', 'redis.instances.createTagBinding', 'redis.instances.delete', 'redis.instances.deleteTagBinding', 'redis.instances.export', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.getAuthString', 'redis.instances.import', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.instances.rescheduleMaintenance', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.instances.upgrade', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use'] GA
roles/redis.dbConnectionUser Access to connecting to Redis Server db. Cloud Memorystore Redis Db Connection User ['redis.clusters.connect'] BETA
roles/redis.editor Read-Write access to Redis instances and related resources. Cloud Memorystore Redis Editor ['compute.networks.list', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.list', 'redis.instances.update', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use'] GA
roles/redis.serviceAgent Gives Cloud Memorystore Redis service account access to managed resource Cloud Memorystore Redis Service Agent ['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/redis.viewer Read-only access to Redis instances and related resources. Cloud Memorystore Redis Viewer ['redis.clusters.get', 'redis.clusters.list', 'redis.instances.get', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.locations.get', 'redis.locations.list', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use'] GA
roles/memorystore.serviceAgent Gives Cloud Memorystore service account access to managed resource Cloud Memorystore Service Agent ['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudoptimization.admin Administrator of Cloud Optimization AI resources Cloud Optimization AI Admin ['cloudoptimization.operations.create', 'cloudoptimization.operations.get'] GA
roles/cloudoptimization.editor Editor of Cloud Optimization AI resources Cloud Optimization AI Editor ['cloudoptimization.operations.create', 'cloudoptimization.operations.get'] GA
roles/cloudoptimization.viewer Viewer of Cloud Optimization AI resources Cloud Optimization AI Viewer ['cloudoptimization.operations.get'] GA
roles/cloudoptimization.serviceAgent Grants Cloud Optimization Service Account access to read and write data in the user project. Cloud Optimization Service Agent ['storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/osconfig.serviceAgent Grants OS Config Service Account access to Google Compute Engine instances. Cloud OS Config Service Agent ['cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listPatchDeployments', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.list', 'compute.instances.setMetadata', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.zones.get', 'compute.zones.list', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'iam.serviceAccounts.actAs', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/recommender.cloudPerformanceRecommendationAdmin Admin of Cloud Performance General Recommendations Insights and Recommendations. Cloud Performance General Recommendations Recommender Admin ['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralInsights.update', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudPerformanceRecommendationViewer Viewer of Cloud Performance General Recommendations Insights and Recommendations. Cloud Performance General Recommendations Recommender Viewer ['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudprofiler.agent Cloud Profiler agents are allowed to register and provide the profiling data. Cloud Profiler Agent ['cloudprofiler.profiles.create', 'cloudprofiler.profiles.update'] GA
roles/cloudprofiler.user Cloud Profiler users are allowed to query and view the profiling data. Cloud Profiler User ['cloudprofiler.profiles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/pubsub.serviceAgent Grants Cloud Pub/Sub Service Account access to manage resources. Cloud Pub/Sub Service Agent ['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudquotas.admin Full access to Cloud Quotas resources. Cloud Quotas Admin ['cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudquotas.viewer Readonly access to Cloud Quotas resources. Cloud Quotas Viewer ['cloudquotas.quotas.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudReliabilityRecommendationAdmin Admin of Cloud Reliability General Recommendations Insights and Recommendations. Cloud Reliability General Recommendations Recommender Admin ['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralInsights.update', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudReliabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/recommender.cloudReliabilityRecommendationViewer Viewer of Cloud Reliability General Recommendations Insights and Recommendations. Cloud Reliability General Recommendations Recommender Viewer ['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/run.admin Full control over all Cloud Run resources. Cloud Run Admin ['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list'] GA
roles/run.builder Can build Cloud Run functions and source deployed services. Cloud Run Builder ['artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'logging.logEntries.create', 'source.repos.get', 'storage.objects.get'] BETA
roles/run.developer Read and write access to all Cloud Run resources. Cloud Run Developer ['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list'] GA
roles/run.invoker Can invoke Cloud Run services and execute Cloud Run jobs. Cloud Run Invoker ['run.jobs.run', 'run.routes.invoke'] GA
roles/serverless.serviceAgent Gives Cloud Run service account access to managed resources. Cloud Run Service Agent ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/run.serviceAgent Gives Cloud Run service account access to managed resources. Cloud Run Service Agent ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'networkservices.meshes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/run.sourceDeveloper Deploy and manage Cloud Run source deployed resources. Cloud Run Source Developer ['artifactregistry.repositories.create', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'ev