roles/accessapproval.approver
Ability to view or act on access approval requests and view configuration.
Access Approval Approver
['accessapproval.requests.approve', 'accessapproval.requests.dismiss', 'accessapproval.requests.get', 'accessapproval.requests.invalidate', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accessapproval.configEditor
Ability to update the Access Approval configuration
Access Approval Config Editor
['accessapproval.serviceAccounts.get', 'accessapproval.settings.delete', 'accessapproval.settings.get', 'accessapproval.settings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accessapproval.invalidator
Ability to invalidate existing approved approval requests
Access Approval Invalidator
['accessapproval.requests.invalidate', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accessapproval.viewer
Ability to view access approval requests and configuration
Access Approval Viewer
['accessapproval.requests.get', 'accessapproval.requests.list', 'accessapproval.serviceAccounts.get', 'accessapproval.settings.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accesscontextmanager.policyAdmin
Full access to policies, access levels, access zones and authorized orgs descs.
Access Context Manager Admin
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.setIamPolicy', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accesscontextmanager.policyEditor
Edit access to policies. Create, edit, and change access levels, access zones and authorized orgs descs.
Access Context Manager Editor
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.accessLevels.replaceAll', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.authorizedOrgsDescs.create', 'accesscontextmanager.authorizedOrgsDescs.delete', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.authorizedOrgsDescs.update', 'accesscontextmanager.policies.create', 'accesscontextmanager.policies.delete', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.policies.update', 'accesscontextmanager.servicePerimeters.commit', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'accesscontextmanager.servicePerimeters.replaceAll', 'accesscontextmanager.servicePerimeters.update', 'cloudasset.assets.searchAllResources', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/accesscontextmanager.policyReader
Read access to policies, access levels, access zones and authorized orgs descs.
Access Context Manager Reader
['accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.list', 'accesscontextmanager.authorizedOrgsDescs.get', 'accesscontextmanager.authorizedOrgsDescs.list', 'accesscontextmanager.policies.get', 'accesscontextmanager.policies.getIamPolicy', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/axt.admin
Enable Access Transparency for Organization
Access Transparency Admin
['axt.labels.get', 'axt.labels.set', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/actions.Admin
Access to edit and deploy an action
Actions Admin
['actions.agent.claimContentProvider', 'actions.agent.get', 'actions.agent.update', 'actions.agentVersions.create', 'actions.agentVersions.delete', 'actions.agentVersions.deploy', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'firebase.projects.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/actions.Viewer
Access to view an action
Actions Viewer
['actions.agent.get', 'actions.agentVersions.get', 'actions.agentVersions.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/policyanalyzer.activityAnalysisViewer
Viewer user that can read all activity analysis.
Activity Analysis Viewer
['policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query', 'policyanalyzer.serviceAccountLastAuthenticationActivities.query']
Copy Permissions
BETA
roles/serviceconsumermanagement.tenancyUnitsAdmin
Administrate tenancy units
Admin of Tenancy Units
['serviceconsumermanagement.tenancyu.addResource', 'serviceconsumermanagement.tenancyu.create', 'serviceconsumermanagement.tenancyu.delete', 'serviceconsumermanagement.tenancyu.list', 'serviceconsumermanagement.tenancyu.removeResource']
Copy Permissions
BETA
roles/advisorynotifications.admin
Grants write access to settings in Advisory Notifications
Advisory Notifications Admin
['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'advisorynotifications.settings.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/advisorynotifications.viewer
Grants view access in Advisory Notifications
Advisory Notifications Viewer
['advisorynotifications.notifications.get', 'advisorynotifications.notifications.list', 'advisorynotifications.settings.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.admin
Full access to AI Platform.
AI Platform Admin
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.operations.cancel', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.developer
Access to create training and prediction jobs, models and versions, send online prediction requests.
AI Platform Developer
['ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.create', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.create', 'ml.studies.delete', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.studies.setIamPolicy', 'ml.trials.create', 'ml.trials.delete', 'ml.trials.get', 'ml.trials.list', 'ml.trials.update', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/ml.jobOwner
Full access to the job.
AI Platform Job Owner
['ml.jobs.cancel', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.getIamPolicy', 'ml.jobs.list', 'ml.jobs.setIamPolicy', 'ml.jobs.update']
Copy Permissions
GA
roles/ml.modelOwner
Full access to the model and its versions.
AI Platform Model Owner
['ml.models.create', 'ml.models.delete', 'ml.models.get', 'ml.models.getIamPolicy', 'ml.models.list', 'ml.models.predict', 'ml.models.setIamPolicy', 'ml.models.update', 'ml.versions.create', 'ml.versions.delete', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict', 'ml.versions.update']
Copy Permissions
GA
roles/ml.modelUser
Permissions to read the model and its versions, and use them for prediction.
AI Platform Model User
['ml.models.get', 'ml.models.predict', 'ml.versions.get', 'ml.versions.list', 'ml.versions.predict']
Copy Permissions
GA
roles/notebooks.serviceAgent
Provide access for notebooks service agent to manage notebook instances in user projects
AI Platform Notebooks Service Agent
['aiplatform.customJobs.cancel', 'aiplatform.customJobs.create', 'aiplatform.customJobs.get', 'aiplatform.customJobs.list', 'aiplatform.notebookExecutionJobs.create', 'aiplatform.notebookExecutionJobs.delete', 'aiplatform.notebookExecutionJobs.get', 'aiplatform.notebookExecutionJobs.list', 'aiplatform.operations.list', 'aiplatform.pipelineJobs.create', 'aiplatform.schedules.create', 'aiplatform.schedules.delete', 'aiplatform.schedules.get', 'aiplatform.schedules.list', 'aiplatform.schedules.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.commitments.get', 'compute.commitments.list', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.futureReservations.get', 'compute.futureReservations.getIamPolicy', 'compute.futureReservations.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.getIamPolicy', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEdgeSecurityServices.get', 'compute.networkEdgeSecurityServices.list', 'compute.networkEdgeSecurityServices.listEffectiveTags', 'compute.networkEdgeSecurityServices.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeGroups.getIamPolicy', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.nodeTemplates.getIamPolicy', 'compute.nodeTemplates.list', 'compute.nodeTypes.get', 'compute.nodeTypes.list', 'compute.organizations.listAssociations', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicAdvertisedPrefixes.get', 'compute.publicAdvertisedPrefixes.list', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.getIamPolicy', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshotSettings.get', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.validate', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.getIamPolicy', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataproc.clusters.get', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.list', 'ml.jobs.create', 'ml.jobs.get', 'ml.jobs.list', 'notebooks.environments.create', 'notebooks.environments.delete', 'notebooks.environments.get', 'notebooks.environments.getIamPolicy', 'notebooks.environments.list', 'notebooks.environments.setIamPolicy', 'notebooks.executions.create', 'notebooks.executions.delete', 'notebooks.executions.get', 'notebooks.executions.getIamPolicy', 'notebooks.executions.list', 'notebooks.executions.setIamPolicy', 'notebooks.instances.checkUpgradability', 'notebooks.instances.create', 'notebooks.instances.delete', 'notebooks.instances.diagnose', 'notebooks.instances.get', 'notebooks.instances.getHealth', 'notebooks.instances.getIamPolicy', 'notebooks.instances.list', 'notebooks.instances.reset', 'notebooks.instances.setAccelerator', 'notebooks.instances.setIamPolicy', 'notebooks.instances.setLabels', 'notebooks.instances.setMachineType', 'notebooks.instances.start', 'notebooks.instances.stop', 'notebooks.instances.update', 'notebooks.instances.updateConfig', 'notebooks.instances.updateShieldInstanceConfig', 'notebooks.instances.upgrade', 'notebooks.instances.use', 'notebooks.locations.get', 'notebooks.locations.list', 'notebooks.operations.cancel', 'notebooks.operations.delete', 'notebooks.operations.get', 'notebooks.operations.list', 'notebooks.runtimes.create', 'notebooks.runtimes.delete', 'notebooks.runtimes.diagnose', 'notebooks.runtimes.get', 'notebooks.runtimes.getIamPolicy', 'notebooks.runtimes.list', 'notebooks.runtimes.reset', 'notebooks.runtimes.setIamPolicy', 'notebooks.runtimes.start', 'notebooks.runtimes.stop', 'notebooks.runtimes.switch', 'notebooks.runtimes.update', 'notebooks.runtimes.upgrade', 'notebooks.schedules.create', 'notebooks.schedules.delete', 'notebooks.schedules.get', 'notebooks.schedules.getIamPolicy', 'notebooks.schedules.list', 'notebooks.schedules.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/ml.operationOwner
Full access to the operation.
AI Platform Operation Owner
['ml.operations.cancel', 'ml.operations.get', 'ml.operations.list']
Copy Permissions
GA
roles/ml.serviceAgent
AI Platform service agent can act as log writer, Cloud Storage admin, Artifact Registry Reader, BigQuery writer, and service account access token creator.
AI Platform Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.update', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.updateData', 'firebase.projects.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logEntries.route', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions
GA
roles/ml.viewer
Read-only access to AI Platform resources.
AI Platform Viewer
['ml.jobs.get', 'ml.jobs.list', 'ml.locations.get', 'ml.locations.list', 'ml.models.get', 'ml.models.list', 'ml.operations.get', 'ml.operations.list', 'ml.projects.getConfig', 'ml.studies.get', 'ml.studies.getIamPolicy', 'ml.studies.list', 'ml.trials.get', 'ml.trials.list', 'ml.versions.get', 'ml.versions.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/recommender.alloydbAdmin
Admin of AlloyDB insights and recommendations.
AlloyDB Recommender Admin
['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.alloydbViewer
Viewer of AlloyDB insights and recommendations.
AlloyDB Recommender Viewer
['recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/alloydb.serviceAgent
Gives the AlloyDB service account permission to manage customer resources
AlloyDB Service Agent
['alloydb.clusters.list']
Copy Permissions
GA
roles/analyticshub.admin
Administer Data Exchanges and Listings
Analytics Hub Admin
['analyticshub.dataExchanges.create', 'analyticshub.dataExchanges.delete', 'analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.setIamPolicy', 'analyticshub.dataExchanges.update', 'analyticshub.dataExchanges.viewSubscriptions', 'analyticshub.listings.create', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/analyticshub.listingAdmin
Grants full control over the Listing, including updating, deleting and setting ACLs
Analytics Hub Listing Admin
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.delete', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.setIamPolicy', 'analyticshub.listings.update', 'analyticshub.listings.viewSubscriptions', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/analyticshub.publisher
Can publish to Data Exchanges thus creating Listings
Analytics Hub Publisher
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.create', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/analyticshub.subscriber
Can browse Data Exchanges and subscribe to Listings
Analytics Hub Subscriber
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.dataExchanges.subscribe', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.listings.subscribe', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/analyticshub.subscriptionOwner
Grants full control over the Subscription, including updating and deleting
Analytics Hub Subscription Owner
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'analyticshub.subscriptions.create', 'analyticshub.subscriptions.delete', 'analyticshub.subscriptions.get', 'analyticshub.subscriptions.list', 'analyticshub.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/analyticshub.viewer
Can browse Data Exchanges and Listings
Analytics Hub Viewer
['analyticshub.dataExchanges.get', 'analyticshub.dataExchanges.getIamPolicy', 'analyticshub.dataExchanges.list', 'analyticshub.listings.get', 'analyticshub.listings.getIamPolicy', 'analyticshub.listings.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/androidmanagement.user
Full access to manage devices.
Android Management User
['androidmanagement.enterprises.manage', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/anthosaudit.serviceAgent
Gives the Anthos Audit service agent access toCloud Platform resources.
Anthos Audit Service Agent
['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions
GA
roles/anthosconfigmanagement.serviceAgent
Gives the Anthos Config Management service agent access toCloud Platform resources.
Anthos Config Management Service Agent
['container.clusters.get', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions
GA
roles/anthosidentityservice.serviceAgent
Gives the Anthos Identity service agent access to Cloud Platform resources.
Anthos Identity Service Agent
['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions
GA
roles/gkemulticloud.admin
Admin access to Anthos Multi-cloud resources.
Anthos Multi-cloud Admin
['gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.getAdminKubeconfig', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.getAdminKubeconfig', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkemulticloud.containerServiceAgent
Grants the Anthos Multi-Cloud Container Service Account access to manage resources.
Anthos Multi-Cloud Container Service Agent
['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'cloudnotifications.activities.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list']
Copy Permissions
GA
roles/gkemulticloud.controlPlaneMachineServiceAgent
Grants the Anthos Multi-Cloud Control Plane Machine Service Account access to manage resources.
Anthos Multi-Cloud Control Plane Machine Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use']
Copy Permissions
GA
roles/gkemulticloud.nodePoolMachineServiceAgent
Grants the Anthos Multi-Cloud Node Pool Machine Service Account access to manage resources.
Anthos Multi-Cloud Node Pool Machine Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use']
Copy Permissions
GA
roles/gkemulticloud.serviceAgent
Grants the Anthos Multi-Cloud Service Account access to manage resources.
Anthos Multi-Cloud Service Agent
['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureNodePools.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkemulticloud.telemetryWriter
Grant access to write cluster telemetry data such as logs, metrics, and resource metadata.
Anthos Multi-cloud Telemetry Writer
['logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'opsconfigmonitoring.resourceMetadata.write']
Copy Permissions
GA
roles/gkemulticloud.viewer
Viewer access to Anthos Multi-cloud resources.
Anthos Multi-cloud Viewer
['gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/anthospolicycontroller.serviceAgent
Gives the Anthos Policy Controller service agent access toCloud Platform resources.
Anthos Policy Controller Service Agent
['gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions
GA
roles/anthos.serviceAgent
Gives the Anthos service agent access to Cloud Platformresources.
Anthos Service Agent
['gkehub.features.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/anthosservicemesh.serviceAgent
Gives the Anthos Service Mesh service agent access to Cloud Platform resources.
Anthos Service Mesh Service Agent
['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.use', 'compute.networks.updatePolicy', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regions.list', 'compute.zones.list', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.get', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.deployments.get', 'container.deployments.list', 'container.events.get', 'container.events.list', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.list', 'container.jobs.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.get', 'container.namespaces.list', 'container.operations.get', 'container.pods.get', 'container.pods.list', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.get', 'container.services.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list', 'logging.logEntries.create', 'meshconfig.projects.init', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'serviceusage.services.get', 'serviceusage.services.use', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics', 'workloadcertificate.locations.get', 'workloadcertificate.locations.list', 'workloadcertificate.operations.get', 'workloadcertificate.workloadCertificateFeature.get', 'workloadcertificate.workloadRegistrations.create', 'workloadcertificate.workloadRegistrations.get', 'workloadcertificate.workloadRegistrations.list']
Copy Permissions
GA
roles/anthossupport.serviceAgent
Gives the Anthos Support Service Agent access to Cloud Platform resource.
Anthos Support Service Agent
['gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.scopes.get', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get']
Copy Permissions
GA
roles/serviceusage.apiKeysAdmin
Ability to create, delete, update, get and list API keys for a project.
API Keys Admin
['apikeys.keys.create', 'apikeys.keys.delete', 'apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup', 'apikeys.keys.undelete', 'apikeys.keys.update', 'orgpolicy.policy.get', 'serviceusage.apiKeys.regenerate', 'serviceusage.apiKeys.revert']
Copy Permissions
GA
roles/serviceusage.apiKeysViewer
Ability to get and list API keys for a project.
API Keys Viewer
['apikeys.keys.get', 'apikeys.keys.getKeyString', 'apikeys.keys.list', 'apikeys.keys.lookup']
Copy Permissions
GA
roles/apim.admin
Full access to API Management resources.
API Management Admin
['apim.apiObservations.batchEditTags', 'apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.create', 'apim.observationJobs.delete', 'apim.observationJobs.disable', 'apim.observationJobs.enable', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.create', 'apim.observationSources.delete', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.cancel', 'apim.operations.delete', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apim.viewer
Readonly access to API Management resources.
API Management Viewer
['apim.apiObservations.get', 'apim.apiObservations.list', 'apim.apiOperations.get', 'apim.apiOperations.list', 'apim.locations.get', 'apim.locations.list', 'apim.locations.listApiObservationTags', 'apim.observationJobs.get', 'apim.observationJobs.list', 'apim.observationSources.get', 'apim.observationSources.list', 'apim.operations.get', 'apim.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.runtimeProjectServiceAgent
Gives API-Hub Service Account access to runtime project resources.
API-Hub Runtime Project Service Agent
['apigee.deployments.list', 'apigee.envgroupattachments.list', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.organizations.get', 'apigee.proxyrevisions.get']
Copy Permissions
GA
roles/apigateway.admin
Full access to ApiGateway and related resources.
ApiGateway Admin
['apigateway.apiconfigs.create', 'apigateway.apiconfigs.delete', 'apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apiconfigs.setIamPolicy', 'apigateway.apiconfigs.update', 'apigateway.apis.create', 'apigateway.apis.delete', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.apis.setIamPolicy', 'apigateway.apis.update', 'apigateway.gateways.create', 'apigateway.gateways.delete', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.gateways.setIamPolicy', 'apigateway.gateways.update', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.cancel', 'apigateway.operations.delete', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/apigateway.viewer
Read-only access to ApiGateway and related resources.
ApiGateway Viewer
['apigateway.apiconfigs.get', 'apigateway.apiconfigs.getIamPolicy', 'apigateway.apiconfigs.list', 'apigateway.apis.get', 'apigateway.apis.getIamPolicy', 'apigateway.apis.list', 'apigateway.gateways.get', 'apigateway.gateways.getIamPolicy', 'apigateway.gateways.list', 'apigateway.locations.get', 'apigateway.locations.list', 'apigateway.operations.get', 'apigateway.operations.list', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/apigee.analyticsAgent
Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization
Apigee Analytics Agent
['apigee.datalocation.get', 'apigee.environments.getDataLocation', 'apigee.runtimeconfigs.get']
Copy Permissions
GA
roles/apigee.analyticsEditor
Analytics editor for an Apigee Organization
Apigee Analytics Editor
['apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.analyticsViewer
Analytics viewer for an Apigee Organization
Apigee Analytics Viewer
['apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.queries.get', 'apigee.queries.list', 'apigee.reports.get', 'apigee.reports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.apiAdminV2
Full read/write access to all apigee API resources
Apigee API Admin
['apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.deployments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.apiReaderV2
Reader of apigee resources
Apigee API Reader
['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigeeconnect.Admin
Admin of Apigee Connect
Apigee Connect Admin
['apigeeconnect.connections.list']
Copy Permissions
GA
roles/apigeeconnect.Agent
Ability to set up Apigee Connect agent between external clusters and Google.
Apigee Connect Agent
['apigeeconnect.endpoints.connect']
Copy Permissions
GA
roles/apigee.deploymentInvoker
Invoker of deployments in the apigee runtime
Apigee Deployment Invoker
['apigee.deployments.invoke']
Copy Permissions
GA
roles/apigee.developerAdmin
Developer admin of apigee resources
Apigee Developer Admin
['apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.environments.get', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.hoststats.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.get', 'apigee.rateplans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.environmentAdmin
Full read/write access to apigee environment resources, including deployments.
Apigee Environment Admin
['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.ingressconfigs.get', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeIntegrationAdminRole
A user that has full access to all Apigee integrations.
Apigee Integration Admin
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeSuspensionResolver
A role that can approve / reject Apigee integrations that contain a suspension/wait task.
Apigee Integration Approver
['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeIntegrationDeployerRole
A developer that can deploy/undeploy Apigee integrations to the integration runtime.
Apigee Integration Deployer
['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeIntegrationEditorRole
A developer that can list, create and update Apigee integrations.
Apigee Integration Editor
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeIntegrationInvokerRole
A role that can invoke Apigee integrations.
Apigee Integration Invoker
['connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.apigeeIntegrationsViewer
A developer that can list and view Apigee integrations.
Apigee Integration Viewer
['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.monetizationAdmin
All permissions related to monetization
Apigee Monetization Admin
['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.admin
Full access to all apigee resource features
Apigee Organization Admin
['apigee.addonsconfig.get', 'apigee.addonsconfig.update', 'apigee.apiproductattributes.createOrUpdateAll', 'apigee.apiproductattributes.delete', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproductattributes.update', 'apigee.apiproducts.create', 'apigee.apiproducts.delete', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.apiproducts.update', 'apigee.appgroupapps.create', 'apigee.appgroupapps.delete', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroupapps.manage', 'apigee.appgroups.create', 'apigee.appgroups.delete', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appgroups.update', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.get', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.create', 'apigee.archivedeployments.delete', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.archivedeployments.update', 'apigee.archivedeployments.upload', 'apigee.caches.delete', 'apigee.caches.list', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.datacollectors.create', 'apigee.datacollectors.delete', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datacollectors.update', 'apigee.datalocation.get', 'apigee.datastores.create', 'apigee.datastores.delete', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.datastores.update', 'apigee.deployments.create', 'apigee.deployments.delete', 'apigee.deployments.get', 'apigee.deployments.getIamPolicy', 'apigee.deployments.invoke', 'apigee.deployments.list', 'apigee.deployments.setIamPolicy', 'apigee.deployments.update', 'apigee.developerappattributes.createOrUpdateAll', 'apigee.developerappattributes.delete', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerappattributes.update', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developerattributes.createOrUpdateAll', 'apigee.developerattributes.delete', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerattributes.update', 'apigee.developerbalances.adjust', 'apigee.developerbalances.get', 'apigee.developerbalances.update', 'apigee.developermonetizationconfigs.get', 'apigee.developermonetizationconfigs.update', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developers.update', 'apigee.developersubscriptions.create', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.developersubscriptions.update', 'apigee.endpointattachments.create', 'apigee.endpointattachments.delete', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.create', 'apigee.envgroupattachments.delete', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.create', 'apigee.envgroups.delete', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.envgroups.update', 'apigee.environments.create', 'apigee.environments.delete', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.environments.manageRuntime', 'apigee.environments.setIamPolicy', 'apigee.environments.update', 'apigee.exports.create', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.attachSharedFlow', 'apigee.flowhooks.detachSharedFlow', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.create', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.create', 'apigee.instanceattachments.delete', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.create', 'apigee.instances.delete', 'apigee.instances.get', 'apigee.instances.list', 'apigee.instances.reportStatus', 'apigee.instances.update', 'apigee.keystorealiases.create', 'apigee.keystorealiases.delete', 'apigee.keystorealiases.exportCertificate', 'apigee.keystorealiases.generateCSR', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystorealiases.update', 'apigee.keystores.create', 'apigee.keystores.delete', 'apigee.keystores.export', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.create', 'apigee.keyvaluemapentries.delete', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemapentries.update', 'apigee.keyvaluemaps.create', 'apigee.keyvaluemaps.delete', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.maskconfigs.update', 'apigee.nataddresses.activate', 'apigee.nataddresses.create', 'apigee.nataddresses.delete', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.create', 'apigee.organizations.delete', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.organizations.update', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'apigee.projects.migrate', 'apigee.projects.previewMigration', 'apigee.projects.update', 'apigee.proxies.create', 'apigee.proxies.delete', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxies.update', 'apigee.proxyrevisions.delete', 'apigee.proxyrevisions.deploy', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.proxyrevisions.undeploy', 'apigee.proxyrevisions.update', 'apigee.queries.create', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.create', 'apigee.rateplans.delete', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.rateplans.update', 'apigee.references.create', 'apigee.references.delete', 'apigee.references.get', 'apigee.references.list', 'apigee.references.update', 'apigee.reports.create', 'apigee.reports.delete', 'apigee.reports.get', 'apigee.reports.list', 'apigee.reports.update', 'apigee.resourcefiles.create', 'apigee.resourcefiles.delete', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.resourcefiles.update', 'apigee.runtimeconfigs.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.setupcontexts.update', 'apigee.sharedflowrevisions.delete', 'apigee.sharedflowrevisions.deploy', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflowrevisions.undeploy', 'apigee.sharedflowrevisions.update', 'apigee.sharedflows.create', 'apigee.sharedflows.delete', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.create', 'apigee.targetservers.delete', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.targetservers.update', 'apigee.traceconfig.get', 'apigee.traceconfig.update', 'apigee.traceconfigoverrides.create', 'apigee.traceconfigoverrides.delete', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.traceconfigoverrides.update', 'apigee.tracesessions.create', 'apigee.tracesessions.delete', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.portalAdmin
Portal admin for an Apigee Organization
Apigee Portal Admin
['apigee.entitlements.get', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.create', 'apigee.portals.delete', 'apigee.portals.get', 'apigee.portals.list', 'apigee.portals.update', 'apigee.projectorganizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.readOnlyAdmin
Viewer of all apigee resources
Apigee Read-only Admin
['apigee.addonsconfig.get', 'apigee.apiproductattributes.get', 'apigee.apiproductattributes.list', 'apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appgroupapps.get', 'apigee.appgroupapps.list', 'apigee.appgroups.get', 'apigee.appgroups.list', 'apigee.appkeys.get', 'apigee.apps.get', 'apigee.apps.list', 'apigee.archivedeployments.download', 'apigee.archivedeployments.get', 'apigee.archivedeployments.list', 'apigee.caches.list', 'apigee.canaryevaluations.get', 'apigee.datacollectors.get', 'apigee.datacollectors.list', 'apigee.datalocation.get', 'apigee.datastores.get', 'apigee.datastores.list', 'apigee.deployments.get', 'apigee.deployments.list', 'apigee.developerappattributes.get', 'apigee.developerappattributes.list', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerattributes.get', 'apigee.developerattributes.list', 'apigee.developerbalances.get', 'apigee.developermonetizationconfigs.get', 'apigee.developers.get', 'apigee.developers.list', 'apigee.developersubscriptions.get', 'apigee.developersubscriptions.list', 'apigee.endpointattachments.get', 'apigee.endpointattachments.list', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.getIamPolicy', 'apigee.environments.getStats', 'apigee.environments.list', 'apigee.exports.get', 'apigee.exports.list', 'apigee.flowhooks.getSharedFlow', 'apigee.flowhooks.list', 'apigee.hostqueries.get', 'apigee.hostqueries.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.hoststats.get', 'apigee.ingressconfigs.get', 'apigee.instanceattachments.get', 'apigee.instanceattachments.list', 'apigee.instances.get', 'apigee.instances.list', 'apigee.keystorealiases.get', 'apigee.keystorealiases.list', 'apigee.keystores.get', 'apigee.keystores.list', 'apigee.keyvaluemapentries.get', 'apigee.keyvaluemapentries.list', 'apigee.keyvaluemaps.list', 'apigee.maskconfigs.get', 'apigee.nataddresses.get', 'apigee.nataddresses.list', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.portals.get', 'apigee.portals.list', 'apigee.projectorganizations.get', 'apigee.proxies.get', 'apigee.proxies.list', 'apigee.proxyrevisions.get', 'apigee.proxyrevisions.list', 'apigee.queries.get', 'apigee.queries.list', 'apigee.rateplans.get', 'apigee.rateplans.list', 'apigee.references.get', 'apigee.references.list', 'apigee.reports.get', 'apigee.reports.list', 'apigee.resourcefiles.get', 'apigee.resourcefiles.list', 'apigee.runtimeconfigs.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'apigee.setupcontexts.get', 'apigee.sharedflowrevisions.get', 'apigee.sharedflowrevisions.list', 'apigee.sharedflows.get', 'apigee.sharedflows.list', 'apigee.targetservers.get', 'apigee.targetservers.list', 'apigee.traceconfig.get', 'apigee.traceconfigoverrides.get', 'apigee.traceconfigoverrides.list', 'apigee.tracesessions.get', 'apigee.tracesessions.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.runtimeAgent
Curated set of permissions for a runtime agent to access Apigee Organization resources
Apigee Runtime Agent
['apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.entitlements.get', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.projectorganizations.get', 'apigee.runtimeconfigs.get']
Copy Permissions
GA
roles/apigee.securityAdmin
Security admin for an Apigee Organization
Apigee Security Admin
['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.create', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.create', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActions.update', 'apigee.securityActionsConfig.get', 'apigee.securityActionsConfig.update', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.create', 'apigee.securityFeedback.delete', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityIncidents.update', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfileEnvironments.create', 'apigee.securityProfileEnvironments.delete', 'apigee.securityProfiles.create', 'apigee.securityProfiles.delete', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfiles.update', 'apigee.securityProfilesV2.create', 'apigee.securityProfilesV2.delete', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securityProfilesV2.update', 'apigee.securitySettings.get', 'apigee.securitySettings.update', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.create', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.securityViewer
Security viewer for an Apigee Organization
Apigee Security Viewer
['apigee.addonsconfig.get', 'apigee.entitlements.get', 'apigee.envgroupattachments.get', 'apigee.envgroupattachments.list', 'apigee.envgroups.get', 'apigee.envgroups.list', 'apigee.environments.get', 'apigee.environments.list', 'apigee.hostsecurityreports.get', 'apigee.hostsecurityreports.list', 'apigee.organizations.get', 'apigee.organizations.list', 'apigee.projectorganizations.get', 'apigee.securityActions.get', 'apigee.securityActions.list', 'apigee.securityActionsConfig.get', 'apigee.securityAssessmentResults.compute', 'apigee.securityFeedback.get', 'apigee.securityFeedback.list', 'apigee.securityIncidents.get', 'apigee.securityIncidents.list', 'apigee.securityProfileEnvironments.computeScore', 'apigee.securityProfiles.get', 'apigee.securityProfiles.list', 'apigee.securityProfilesV2.get', 'apigee.securityProfilesV2.list', 'apigee.securitySettings.get', 'apigee.securityStats.queryTabularStats', 'apigee.securityStats.queryTimeSeriesStats', 'apigee.securityreports.get', 'apigee.securityreports.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apigee.serviceAgent
Service agent that grants access to Apigee resources - API Products, Developers, Developer Apps, and App Keys.
Apigee Service Agent
['apigee.apiproducts.get', 'apigee.apiproducts.list', 'apigee.appkeys.create', 'apigee.appkeys.delete', 'apigee.appkeys.manage', 'apigee.apps.get', 'apigee.canaryevaluations.create', 'apigee.canaryevaluations.get', 'apigee.developerapps.create', 'apigee.developerapps.delete', 'apigee.developerapps.get', 'apigee.developerapps.list', 'apigee.developerapps.manage', 'apigee.developers.create', 'apigee.developers.delete', 'apigee.developers.get', 'apigee.environments.get', 'apigee.environments.getDataLocation', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get', 'apigee.instances.reportStatus', 'apigee.operations.get', 'apigee.operations.list', 'apigee.organizations.get', 'apigee.proxyrevisions.get', 'apigee.runtimeconfigs.get', 'cloudtrace.traces.patch', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.views.create', 'logging.views.get', 'logging.views.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions
GA
roles/apigee.synchronizerManager
Curated set of permissions for a Synchronizer to manage environments in an Apigee Organization
Apigee Synchronizer Manager
['apigee.environments.get', 'apigee.environments.manageRuntime', 'apigee.ingressconfigs.get']
Copy Permissions
GA
roles/apim.apiDiscoveryServiceAgent
Gives APIM the ability to manage resources in consumer project
APIM API Discovery Service Agent
['compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.globalOperations.get', 'compute.networks.use', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.subnetworks.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list']
Copy Permissions
GA
roles/appdevelopmentexperience.serviceAgent
Give the App Development Experience service agent access toCloud Platform resources.
App Development Experience Service Agent
['container.clusters.get', 'container.clusters.update', 'gkehub.features.get', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.memberships.get', 'gkehub.memberships.list']
Copy Permissions
GA
roles/appengine.appAdmin
Full management of App Engine apps (but not storage).
App Engine Admin
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.codeViewer
Ability to view App Engine app status and deployed source code.
App Engine Code Viewer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.getFileContents', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.appCreator
Ability to create the App Engine resource for the project.
App Engine Creator
['appengine.applications.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.deployer
Necessary permissions to deploy new code to App Engine, and remove old versions.
App Engine Deployer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengineflex.serviceAgent
Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts.
App Engine flexible environment Service Agent
['billing.accounts.get', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.create', 'compute.addresses.delete', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.create', 'compute.disks.list', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.globalAddresses.create', 'compute.globalAddresses.delete', 'compute.globalAddresses.get', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.use', 'compute.machineTypes.get', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionOperations.get', 'compute.regions.get', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions
GA
roles/appengine.debugger
Ability to read or manage v2 instances.
App Engine Managed VM Debug Access
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.memcacheDataAdmin
Can get, set, delete, and flush App Engine Memcache items.
App Engine Memcache Data Admin
['appengine.applications.get', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.serviceAdmin
Can view and change traffic splits, scaling settings, and delete old versions; can't create new versions.
App Engine Service Admin
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/appengine.serviceAgent
Give App Engine Standard Enviroment service account access to managed resources. Includes access to service accounts.
App Engine Standard Environment Service Agent
['appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.aptartifacts.create', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'datastore.databases.get', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'serviceusage.services.enable', 'serviceusage.services.get', 'storage.buckets.create', 'storage.buckets.get']
Copy Permissions
GA
roles/appengine.appViewer
Ability to view App Engine app status.
App Engine Viewer
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apphub.admin
Full access to App Hub resources.
App Hub Admin
['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.getIamPolicy', 'apphub.applications.list', 'apphub.applications.setIamPolicy', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.attach', 'apphub.serviceProjectAttachments.create', 'apphub.serviceProjectAttachments.delete', 'apphub.serviceProjectAttachments.detach', 'apphub.serviceProjectAttachments.get', 'apphub.serviceProjectAttachments.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apphub.editor
Edit access to App Hub resources.
App Hub Editor
['apphub.applications.create', 'apphub.applications.delete', 'apphub.applications.get', 'apphub.applications.list', 'apphub.applications.update', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredServices.register', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.discoveredWorkloads.register', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.cancel', 'apphub.operations.delete', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.create', 'apphub.services.delete', 'apphub.services.get', 'apphub.services.list', 'apphub.services.update', 'apphub.workloads.create', 'apphub.workloads.delete', 'apphub.workloads.get', 'apphub.workloads.list', 'apphub.workloads.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/apphub.viewer
View access to App Hub resources.
App Hub Viewer
['apphub.applications.get', 'apphub.applications.list', 'apphub.discoveredServices.get', 'apphub.discoveredServices.list', 'apphub.discoveredWorkloads.get', 'apphub.discoveredWorkloads.list', 'apphub.locations.get', 'apphub.locations.list', 'apphub.operations.get', 'apphub.operations.list', 'apphub.serviceProjectAttachments.lookup', 'apphub.services.get', 'apphub.services.list', 'apphub.workloads.get', 'apphub.workloads.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/applianceactivation.troubleshooter
Grants access to send new commands to run on appliances and view the outputs
Appliance troubleshooter
['applianceactivation.rttCommands.create', 'applianceactivation.rttCommands.get', 'applianceactivation.rttCommands.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/applianceactivation.approver
Grants access to approve commands to run on appliances
Appliance troubleshooting commands approver
['applianceactivation.rttCommands.approve', 'applianceactivation.rttCommands.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/integrations.integrationAdmin
A user that has full access (CRUD) to all integrations.
Application Integration Admin
['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.suspensionResolver
A role that can resolve suspended integrations.
Application Integration Approver
['integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.integrationDeployer
A developer that can deploy/undeploy integrations to the integration runtime.
Application Integration Deployer
['integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.integrationEditor
A developer that can list, create and update integrations.
Application Integration Editor
['integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.authConfigs.create', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.get', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.testCases.create', 'integrations.testCases.delete', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'integrations.testCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.integrationInvoker
A role that can invoke integrations.
Application Integration Invoker
['integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.executions.cancel', 'integrations.executions.get', 'integrations.executions.list', 'integrations.executions.replay', 'integrations.integrationVersions.get', 'integrations.integrationVersions.invoke', 'integrations.integrationVersions.list', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.testCases.get', 'integrations.testCases.invoke', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.serviceAgent
Service agent that grants access to execute an integration.
Application Integration Service Agent
['cloudfunctions.functions.invoke', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'connectors.actions.execute', 'connectors.actions.list', 'connectors.connections.executeSqlQuery', 'connectors.connections.get', 'connectors.entities.create', 'connectors.entities.delete', 'connectors.entities.deleteEntitiesWithConditions', 'connectors.entities.get', 'connectors.entities.list', 'connectors.entities.update', 'connectors.entities.updateEntitiesWithConditions', 'connectors.entityTypes.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'integrations.apigeeAuthConfigs.create', 'integrations.apigeeAuthConfigs.delete', 'integrations.apigeeAuthConfigs.get', 'integrations.apigeeAuthConfigs.list', 'integrations.apigeeAuthConfigs.update', 'integrations.apigeeCertificates.create', 'integrations.apigeeCertificates.delete', 'integrations.apigeeCertificates.get', 'integrations.apigeeCertificates.list', 'integrations.apigeeCertificates.update', 'integrations.apigeeExecutions.list', 'integrations.apigeeIntegrationVers.create', 'integrations.apigeeIntegrationVers.delete', 'integrations.apigeeIntegrationVers.deploy', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrationVers.update', 'integrations.apigeeIntegrations.invoke', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.create', 'integrations.apigeeSfdcChannels.delete', 'integrations.apigeeSfdcChannels.get', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcChannels.update', 'integrations.apigeeSfdcInstances.create', 'integrations.apigeeSfdcInstances.delete', 'integrations.apigeeSfdcInstances.get', 'integrations.apigeeSfdcInstances.list', 'integrations.apigeeSfdcInstances.update', 'integrations.apigeeSuspensions.lift', 'integrations.apigeeSuspensions.list', 'integrations.apigeeSuspensions.resolve', 'integrations.authConfigs.create', 'integrations.authConfigs.delete', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.authConfigs.update', 'integrations.certificates.create', 'integrations.certificates.delete', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.certificates.update', 'integrations.executions.list', 'integrations.integrationVersions.create', 'integrations.integrationVersions.delete', 'integrations.integrationVersions.deploy', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrationVersions.update', 'integrations.integrations.create', 'integrations.integrations.delete', 'integrations.integrations.deploy', 'integrations.integrations.get', 'integrations.integrations.invoke', 'integrations.integrations.list', 'integrations.integrations.update', 'integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'integrations.suspensions.lift', 'integrations.suspensions.list', 'integrations.suspensions.resolve', 'pubsub.schemas.attach', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.jobs.run', 'run.routes.invoke', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/integrations.sfdcInstanceAdmin
A user that has full access (CRUD) to all SFDC instances.
Application Integration SFDC Instance Admin
['integrations.sfdcChannels.create', 'integrations.sfdcChannels.delete', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.delete', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.sfdcInstanceEditor
A developer that can list, create and update integrations.
Application Integration SFDC Instance Editor
['integrations.sfdcChannels.create', 'integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcChannels.update', 'integrations.sfdcInstances.create', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'integrations.sfdcInstances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.sfdcInstanceViewer
A developer that can list and view SFDC instances.
Application Integration SFDC Instance Viewer
['integrations.sfdcChannels.get', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.get', 'integrations.sfdcInstances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.integrationViewer
A developer that can list and view integrations.
Application Integration Viewer
['integrations.apigeeAuthConfigs.list', 'integrations.apigeeCertificates.list', 'integrations.apigeeIntegrationVers.get', 'integrations.apigeeIntegrationVers.list', 'integrations.apigeeIntegrations.list', 'integrations.apigeeSfdcChannels.list', 'integrations.apigeeSfdcInstances.list', 'integrations.authConfigs.get', 'integrations.authConfigs.list', 'integrations.certificates.get', 'integrations.certificates.list', 'integrations.executions.get', 'integrations.executions.list', 'integrations.integrationVersions.get', 'integrations.integrationVersions.list', 'integrations.integrations.generateOpenApiSpec', 'integrations.integrations.get', 'integrations.integrations.list', 'integrations.sfdcChannels.list', 'integrations.sfdcInstances.list', 'integrations.testCases.get', 'integrations.testCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/artifactregistry.admin
Administrator access to create and manage repositories.
Artifact Registry Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions
GA
roles/artifactregistry.createOnPushRepoAdmin
Access to manage artifacts in repositories, as well as create new repositories on push
Artifact Registry Create-on-Push Repository Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions
GA
roles/artifactregistry.createOnPushWriter
Access to read and write repository items, as well as create new repositories on push
Artifact Registry Create-on-Push Writer
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create']
Copy Permissions
GA
roles/artifactregistry.reader
Access to read repository items.
Artifact Registry Reader
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list']
Copy Permissions
GA
roles/artifactregistry.repoAdmin
Access to manage artifacts in repositories.
Artifact Registry Repository Administrator
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create']
Copy Permissions
GA
roles/artifactregistry.serviceAgent
Gives the Artifact Registry service account access to managed resources.
Artifact Registry Service Agent
['artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.versions.delete', 'pubsub.topics.publish']
Copy Permissions
GA
roles/artifactregistry.writer
Access to read and write repository items.
Artifact Registry Writer
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create']
Copy Permissions
GA
roles/assuredoss.admin
Access to use Assured OSS and manage configuration.
Assured OSS Admin
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccountKeys.create', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.create', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/assuredoss.projectAdmin
Access to use Assured OSS and manage configuration.
Assured OSS Project Admin
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.customers.create', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.cancel', 'assuredoss.operations.delete', 'assuredoss.operations.get', 'assuredoss.operations.list', 'iam.serviceAccounts.create', 'iam.serviceAccounts.get', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
BETA
roles/assuredoss.reader
Access to use Assured OSS and view Assured OSS configuration.
Assured OSS Reader
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.config.get', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/assuredoss.user
Access to use Assured OSS.
Assured OSS User
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'assuredoss.locations.get', 'assuredoss.locations.list', 'assuredoss.metadata.get', 'assuredoss.metadata.list', 'assuredoss.operations.get', 'assuredoss.operations.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/assuredworkloads.admin
Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
Assured Workloads Administrator
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/assuredworkloads.editor
Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration
Assured Workloads Editor
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.updates.update', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.violations.update', 'assuredworkloads.workload.create', 'assuredworkloads.workload.delete', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'assuredworkloads.workload.update', 'axt.labels.set', 'bigquery.config.update', 'logging.settings.update', 'orgpolicy.policies.create', 'orgpolicy.policies.delete', 'orgpolicy.policies.list', 'orgpolicy.policies.update', 'orgpolicy.policy.get', 'orgpolicy.policy.set', 'resourcemanager.folders.create', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/assuredworkloads.monitoringServiceAgent
Gives the Assured Workloads service account access to create CAIS feed and monitor Assured Workloads.
Assured Workloads Monitoring Service Agent
['cloudasset.assets.exportResource', 'cloudasset.assets.listResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get']
Copy Permissions
GA
roles/assuredworkloads.reader
Grants read access to all Assured Workloads resources and CRM resources - project/folder
Assured Workloads Reader
['assuredworkloads.operations.get', 'assuredworkloads.operations.list', 'assuredworkloads.updates.list', 'assuredworkloads.violations.get', 'assuredworkloads.violations.list', 'assuredworkloads.workload.get', 'assuredworkloads.workload.list', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/assuredworkloads.serviceAgent
Gives the Assured Workloads service account access to create KMS keyrings and keys, monitor Assured Workloads and read Organization Policies.
Assured Workloads Service Agent
['cloudkms.cryptoKeys.create', 'cloudkms.keyRings.create', 'orgpolicy.policies.list', 'orgpolicy.policy.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use']
Copy Permissions
GA
roles/securitycenter.attackSurfaceManagementScannerServiceAgent
Gives Mandiant Attack Surface Management the ability to scan Cloud Platform resources.
Attack Surface Management Scanner Service Agent
['apigateway.apiconfigs.get', 'cloudasset.assets.listResource', 'dns.managedZones.list', 'dns.resourceRecordSets.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/auditmanager.admin
Full access to Audit Manager resources.
Audit Manager Admin
['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.enrollResource', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/auditmanager.serviceAgent
Grants Audit Manager Service Agent access to various list/get rpcs of products to perform an audit.
Audit Manager Auditing Service Agent
['bigquery.datasets.get', 'cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudsql.instances.list', 'compute.autoscalers.list', 'compute.backendServices.list', 'compute.disks.list', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.globalForwardingRules.list', 'compute.instanceGroupManagers.list', 'compute.instanceGroups.list', 'compute.instances.list', 'compute.regionSslPolicies.list', 'compute.regionTargetHttpProxies.list', 'compute.regionUrlMaps.list', 'compute.routers.list', 'compute.securityPolicies.list', 'compute.sslCertificates.list', 'compute.sslPolicies.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetSslProxies.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.zones.list', 'container.clusters.list', 'logging.buckets.list', 'monitoring.timeSeries.list', 'orgpolicy.policy.get', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'secretmanager.secrets.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list']
Copy Permissions
GA
roles/auditmanager.auditor
Allows creating and viewing an audit report.
Audit Manager Auditor
['auditmanager.auditReports.generate', 'auditmanager.auditReports.get', 'auditmanager.auditReports.list', 'auditmanager.auditScopeReports.generate', 'auditmanager.billingSettings.get', 'auditmanager.controlReports.get', 'auditmanager.controlReports.list', 'auditmanager.controls.list', 'auditmanager.findings.get', 'auditmanager.findings.list', 'auditmanager.locations.get', 'auditmanager.locations.list', 'auditmanager.operations.get', 'auditmanager.operations.list', 'auditmanager.resourceEnrollmentStatuses.get', 'auditmanager.resourceEnrollmentStatuses.list', 'cloudasset.assets.searchAllResources', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/automl.admin
Full access to all AutoML resources
AutoML Admin
['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.getIamPolicy', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.setIamPolicy', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.getIamPolicy', 'automl.locations.list', 'automl.locations.setIamPolicy', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.getIamPolicy', 'automl.models.list', 'automl.models.predict', 'automl.models.setIamPolicy', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
BETA
roles/automl.editor
Editor of all AutoML resources
AutoML Editor
['automl.annotationSpecs.create', 'automl.annotationSpecs.delete', 'automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotationSpecs.update', 'automl.annotations.approve', 'automl.annotations.create', 'automl.annotations.list', 'automl.annotations.manipulate', 'automl.annotations.reject', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.columnSpecs.update', 'automl.datasets.create', 'automl.datasets.delete', 'automl.datasets.export', 'automl.datasets.get', 'automl.datasets.import', 'automl.datasets.list', 'automl.datasets.update', 'automl.examples.delete', 'automl.examples.get', 'automl.examples.list', 'automl.examples.update', 'automl.files.delete', 'automl.files.list', 'automl.humanAnnotationTasks.create', 'automl.humanAnnotationTasks.delete', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.create', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.create', 'automl.models.delete', 'automl.models.deploy', 'automl.models.export', 'automl.models.get', 'automl.models.list', 'automl.models.predict', 'automl.models.undeploy', 'automl.operations.cancel', 'automl.operations.delete', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'automl.tableSpecs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
BETA
roles/automl.predictor
Predict using models
AutoML Predictor
['automl.models.predict', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/automl.serviceAgent
AutoML service agent can act as Cloud Storage admin and export BigQuery tables, which can be backed by Cloud Storage and Cloud Bigtable.
AutoML Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.tables.create', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'serviceusage.services.use', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/automl.viewer
Viewer of all AutoML resources
AutoML Viewer
['automl.annotationSpecs.get', 'automl.annotationSpecs.list', 'automl.annotations.list', 'automl.columnSpecs.get', 'automl.columnSpecs.list', 'automl.datasets.get', 'automl.datasets.list', 'automl.examples.get', 'automl.examples.list', 'automl.files.list', 'automl.humanAnnotationTasks.get', 'automl.humanAnnotationTasks.list', 'automl.locations.get', 'automl.locations.list', 'automl.modelEvaluations.get', 'automl.modelEvaluations.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'automl.operations.list', 'automl.tableSpecs.get', 'automl.tableSpecs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
BETA
roles/autoscaling.metricsWriter
Access to write metrics for autoscaling site
Autoscaling Metrics Writer
['autoscaling.sites.writeMetrics']
Copy Permissions
BETA
roles/autoscaling.recommendationsReader
Access to read recommendations from autoscaling site
Autoscaling Recommendations Reader
['autoscaling.sites.readRecommendations']
Copy Permissions
BETA
roles/autoscaling.sitesAdmin
Full access to all autoscaling site features
Autoscaling Site Admin
['autoscaling.sites.getIamPolicy', 'autoscaling.sites.readRecommendations', 'autoscaling.sites.setIamPolicy', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/autoscaling.stateWriter
Access to write state for autoscaling site
Autoscaling State Writer
['autoscaling.sites.writeState']
Copy Permissions
BETA
roles/backupdr.admin
Provides full access to all Backup and DR resources.
Backup and DR Admin
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupUser
Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.
Backup and DR Backup User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupvaultAccessor
Allows the Backup Appliance permissions to create and manage backups in a backup vault.
Backup and DR Backup Vault Accessor
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.backupvaultAdmin
Allows the Backup Appliance full administrative control of backup vault resources.
Backup and DR Backup Vault Admin
['backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.backupvaultLister
Allows the Backup Appliance permission to list backup vaults in a given project.
Backup and DR Backup Vault Lister
['backupdr.backupVaults.list']
Copy Permissions
GA
roles/backupdr.backupvaultViewer
Allows read-only permissions to access backup vault resources and backups.
Backup and DR Backup Vault Viewer
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.cloudStorageOperator
Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.
Backup and DR Cloud Storage Operator
['storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/backupdr.computeEngineOperator
Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.
Backup and DR Compute Engine Operator
['backupdr.managementServers.createConnection', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.pscInterfaceCreate', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.updateDisplayDevice', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.use', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.mangementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions
BETA
roles/backupdr.managementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions
BETA
roles/backupdr.mountUser
Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.
Backup and DR Mount User
['backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.restoreUser
Allows the user to restore or mount from a backup. This role cannot create a backup plan.
Backup and DR Restore User
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.serviceAgent
Grants the Backup and DR Service access to protect GCE instances.
Backup and DR Service Agent
['compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.user
Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.
Backup and DR User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.userv2
Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.
Backup and DR User V2
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.viewer
Provides read-only access to all Backup and DR resources.
Backup and DR Viewer
['backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkebackup.admin
Full access to all Backup for GKE resources.
Backup for GKE Admin
['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.cancel', 'gkebackup.operations.delete', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkebackup.backupAdmin
Allows administrators to manage all BackupPlan and Backup resources.
Backup for GKE Backup Admin
['gkebackup.backupPlans.create', 'gkebackup.backupPlans.delete', 'gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backupPlans.setIamPolicy', 'gkebackup.backupPlans.update', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkebackup.delegatedBackupAdmin
Allows administrators to manage Backup resources for specific BackupPlans
Backup for GKE Delegated Backup Admin
['gkebackup.backupPlans.get', 'gkebackup.backups.create', 'gkebackup.backups.delete', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.backups.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list']
Copy Permissions
GA
roles/gkebackup.delegatedRestoreAdmin
Allows administrators to manage Restore resources for specific RestorePlans
Backup for GKE Delegated Restore Admin
['gkebackup.restorePlans.get', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list']
Copy Permissions
GA
roles/gkebackup.restoreAdmin
Allows administrators to manage all RestorePlan and Restore resources.
Backup for GKE Restore Admin
['gkebackup.backupPlans.get', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.create', 'gkebackup.restorePlans.delete', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restorePlans.setIamPolicy', 'gkebackup.restorePlans.update', 'gkebackup.restores.create', 'gkebackup.restores.delete', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.restores.update', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/gkebackup.serviceAgent
Grants the Backup for GKE Service Account access to managed resources.
Backup for GKE Service Agent
['compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.regionOperations.get', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.zoneOperations.get', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'gkebackup.operations.get', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'resourcemanager.projects.updateLiens']
Copy Permissions
GA
roles/gkebackup.viewer
Read-only access to all Backup for GKE resources.
Backup for GKE Viewer
['gkebackup.backupPlans.get', 'gkebackup.backupPlans.getIamPolicy', 'gkebackup.backupPlans.list', 'gkebackup.backups.get', 'gkebackup.backups.getBackupIndex', 'gkebackup.backups.list', 'gkebackup.locations.get', 'gkebackup.locations.list', 'gkebackup.operations.get', 'gkebackup.operations.list', 'gkebackup.restorePlans.get', 'gkebackup.restorePlans.getIamPolicy', 'gkebackup.restorePlans.list', 'gkebackup.restores.get', 'gkebackup.restores.list', 'gkebackup.volumeBackups.get', 'gkebackup.volumeBackups.list', 'gkebackup.volumeRestores.get', 'gkebackup.volumeRestores.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.admin
Administrator of Bare Metal Solution resources
Bare Metal Solution Admin
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.editor
Editor of Bare Metal Solution resources
Bare Metal Solution Editor
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.maintenanceevents.addProposal', 'baremetalsolution.maintenanceevents.approve', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.create', 'baremetalsolution.networks.delete', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.networks.rename', 'baremetalsolution.networks.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.sshKeys.create', 'baremetalsolution.sshKeys.delete', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.instancesadmin
Admin of Bare Metal Solution Instance resources
Bare Metal Solution Instances Admin
['baremetalsolution.instances.attachNetwork', 'baremetalsolution.instances.attachVolume', 'baremetalsolution.instances.create', 'baremetalsolution.instances.detachLun', 'baremetalsolution.instances.detachNetwork', 'baremetalsolution.instances.detachVolume', 'baremetalsolution.instances.disableInteractiveSerialConsole', 'baremetalsolution.instances.enableInteractiveSerialConsole', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.instances.rename', 'baremetalsolution.instances.reset', 'baremetalsolution.instances.start', 'baremetalsolution.instances.stop', 'baremetalsolution.instances.update', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.instancesviewer
Viewer of Bare Metal Solution Instance resources
Bare Metal Solution Instances Viewer
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.procurementsadmin
Administrator of Bare Metal Solution Procurements
Bare Metal Solution Procurements Admin
['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions
GA
roles/baremetalsolution.procurementseditor
Editor of Bare Metal Solution Procurements
Bare Metal Solution Procurements Editor
['baremetalsolution.pods.list', 'baremetalsolution.procurements.create', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions
GA
roles/baremetalsolution.procurementsviewer
Viewer of Bare Metal Solution Procurements
Bare Metal Solution Procurements Viewer
['baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list']
Copy Permissions
GA
roles/baremetalsolution.serviceAgent
Gives permission to manage network resources such as interconnect pairing keys, required for Bare Metal Solution.
Bare Metal Solution Service Agent
['compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.networks.get', 'compute.networks.list', 'compute.projects.get', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/baremetalsolution.storageadmin
Administrator of Bare Metal Solution storage resources
Bare Metal Solution Storage Admin
['baremetalsolution.luns.create', 'baremetalsolution.luns.delete', 'baremetalsolution.luns.evict', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.luns.update', 'baremetalsolution.nfsshares.create', 'baremetalsolution.nfsshares.delete', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.nfsshares.rename', 'baremetalsolution.nfsshares.update', 'baremetalsolution.operations.get', 'baremetalsolution.pods.list', 'baremetalsolution.snapshotschedulepolicies.create', 'baremetalsolution.snapshotschedulepolicies.delete', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.snapshotschedulepolicies.update', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.create', 'baremetalsolution.volumes.delete', 'baremetalsolution.volumes.evict', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumes.rename', 'baremetalsolution.volumes.resize', 'baremetalsolution.volumes.update', 'baremetalsolution.volumesnapshots.create', 'baremetalsolution.volumesnapshots.delete', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'baremetalsolution.volumesnapshots.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/baremetalsolution.viewer
Viewer of Bare Metal Solution resources
Bare Metal Solution Viewer
['baremetalsolution.instancequotas.list', 'baremetalsolution.instances.get', 'baremetalsolution.instances.list', 'baremetalsolution.luns.get', 'baremetalsolution.luns.list', 'baremetalsolution.maintenanceevents.get', 'baremetalsolution.maintenanceevents.list', 'baremetalsolution.networkquotas.list', 'baremetalsolution.networks.get', 'baremetalsolution.networks.list', 'baremetalsolution.nfsshares.get', 'baremetalsolution.nfsshares.list', 'baremetalsolution.operations.get', 'baremetalsolution.osimages.list', 'baremetalsolution.pods.list', 'baremetalsolution.procurements.get', 'baremetalsolution.procurements.list', 'baremetalsolution.skus.list', 'baremetalsolution.snapshotschedulepolicies.get', 'baremetalsolution.snapshotschedulepolicies.list', 'baremetalsolution.sshKeys.list', 'baremetalsolution.storageaggregatepools.list', 'baremetalsolution.volumequotas.list', 'baremetalsolution.volumes.get', 'baremetalsolution.volumes.list', 'baremetalsolution.volumesnapshots.get', 'baremetalsolution.volumesnapshots.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/batch.admin
Administrator of Batch resources
Batch Administrator
['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/batch.agentReporter
Reporter of Batch agent states.
Batch Agent Reporter
['batch.states.report']
Copy Permissions
GA
roles/batch.jobsEditor
Editor of Batch Jobs
Batch Job Editor
['batch.jobs.create', 'batch.jobs.delete', 'batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/batch.jobsViewer
Viewer of Batch Jobs, Task Groups and Tasks
Batch Job Viewer
['batch.jobs.get', 'batch.jobs.list', 'batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.tasks.get', 'batch.tasks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/batch.resourceAllowancesEditor
Editor of Batch ResourceAllowances
Batch ResourceAllowance Editor
['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.create', 'batch.resourceAllowances.delete', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'batch.resourceAllowances.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/batch.resourceAllowancesViewer
Viewer of Batch ResourceAllowances
Batch ResourceAllowance Viewer
['batch.locations.get', 'batch.locations.list', 'batch.operations.get', 'batch.operations.list', 'batch.resourceAllowances.get', 'batch.resourceAllowances.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/proximitybeacon.attachmentEditor
Can create and delete attachments; can list and get a project's beacons; can list a project's namespaces.
Beacon Attachment Editor
['proximitybeacon.attachments.create', 'proximitybeacon.attachments.delete', 'proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.namespaces.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/proximitybeacon.attachmentPublisher
Grants necessary permissions to use beacons to create attachments in namespaces not owned by this project.
Beacon Attachment Publisher
['proximitybeacon.beacons.attach', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/proximitybeacon.attachmentViewer
Can view all attachments under a namespace; no beacon or namespace permissions.
Beacon Attachment Viewer
['proximitybeacon.attachments.get', 'proximitybeacon.attachments.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/proximitybeacon.beaconEditor
Necessary access to register, modify, and view beacons; no attachment or namespace permissions.
Beacon Editor
['proximitybeacon.beacons.create', 'proximitybeacon.beacons.get', 'proximitybeacon.beacons.list', 'proximitybeacon.beacons.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/biglake.admin
Provides full access to all BigLake resources.
BigLake Admin
['biglake.catalogs.create', 'biglake.catalogs.delete', 'biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.create', 'biglake.databases.delete', 'biglake.databases.get', 'biglake.databases.list', 'biglake.databases.update', 'biglake.locks.check', 'biglake.locks.create', 'biglake.locks.delete', 'biglake.locks.list', 'biglake.tables.create', 'biglake.tables.delete', 'biglake.tables.get', 'biglake.tables.list', 'biglake.tables.lock', 'biglake.tables.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/biglake.viewer
Provides read-only access to all BigLake resources.
BigLake Viewer
['biglake.catalogs.get', 'biglake.catalogs.list', 'biglake.databases.get', 'biglake.databases.list', 'biglake.locks.list', 'biglake.tables.get', 'biglake.tables.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.admin
Administer all BigQuery resources and data
BigQuery Admin
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.connectionAdmin
BigQuery Connection Admin
['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use']
Copy Permissions
GA
roles/bigqueryconnection.serviceAgent
Gives BigQuery Connection Service access to Cloud SQL instances in user projects.
BigQuery Connection Service Agent
['cloudsql.instances.connect', 'cloudsql.instances.get', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create']
Copy Permissions
GA
roles/bigquery.connectionUser
BigQuery Connection User
['bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.use']
Copy Permissions
GA
roles/bigquerycontinuousquery.serviceAgent
Gives BigQuery Continuous Query access to the service accounts in the user project.
BigQuery Continuous Query Service Agent
['iam.serviceAccounts.getAccessToken']
Copy Permissions
GA
roles/bigquery.dataEditor
Access to edit all the contents of datasets
BigQuery Data Editor
['bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.dataOwner
Full access to datasets and all of their contents
BigQuery Data Owner
['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquerydatapolicy.admin
Role for managing Data Policies in BigQuery
BigQuery Data Policy Admin
['bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update']
Copy Permissions
GA
roles/bigquerydatapolicy.viewer
Role for viewing Data Policies in BigQuery
BigQuery Data Policy Viewer
['bigquery.dataPolicies.get', 'bigquery.dataPolicies.list']
Copy Permissions
GA
roles/bigquerydatatransfer.serviceAgent
Gives BigQuery Data Transfer Service access to start bigquery jobs in consumer project.
BigQuery Data Transfer Service Agent
['bigquery.config.get', 'bigquery.jobs.create', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.regionOperations.get', 'compute.subnetworks.use', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'logging.logEntries.route', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.dataViewer
Access to view datasets and all of their contents
BigQuery Data Viewer
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.createSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.replicateData', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.filteredDataViewer
Access to view filtered table data defined by a row access policy
BigQuery Filtered Data Viewer
['bigquery.rowAccessPolicies.getFilteredData']
Copy Permissions
GA
roles/bigquery.jobUser
Access to run jobs
BigQuery Job User
['bigquery.config.get', 'bigquery.jobs.create', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.bigqueryMaterializedViewAdmin
Admin of BigQuery Materialized View Insights and Recommendations.
BigQuery Materialized View Recommender Admin
['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewInsights.update', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.bigqueryMaterializedViewRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.bigqueryMaterializedViewViewer
Viewer of BigQuery Materialized View Insights and Recommendations.
BigQuery Materialized View Recommender Viewer
['recommender.bigqueryMaterializedViewInsights.get', 'recommender.bigqueryMaterializedViewInsights.list', 'recommender.bigqueryMaterializedViewRecommendations.get', 'recommender.bigqueryMaterializedViewRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.metadataViewer
Access to view table and dataset metadata
BigQuery Metadata Viewer
['bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.get', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigqueryomni.serviceAgent
Gives BigQuery Omni access to tables in user projects.
BigQuery Omni Service Agent
['bigquery.jobs.create', 'bigquery.tables.updateData']
Copy Permissions
GA
roles/recommender.bigqueryPartitionClusterAdmin
Admin of BigQuery Partitioning Clustering recommendations.
BigQuery Partitioning Clustering Recommender Admin
['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryPartitionClusterRecommendations.update', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'recommender.bigqueryTableStatsInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.bigqueryPartitionClusterViewer
Viewer of BigQuery Partitioning Clustering recommendations.
BigQuery Partitioning Clustering Recommender Viewer
['recommender.bigqueryPartitionClusterRecommendations.get', 'recommender.bigqueryPartitionClusterRecommendations.list', 'recommender.bigqueryTableStatsInsights.get', 'recommender.bigqueryTableStatsInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/bigquery.readSessionUser
Access to create and use read sessions
BigQuery Read Session User
['bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountAdmin
Billing Account Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Billing Account Admin
['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update']
Copy Permissions
BETA
roles/recommender.bigQueryCapacityCommitmentsBillingAccountViewer
Billing Account Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Billing Account Viewer
['billing.accounts.get', 'billing.accounts.list', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list']
Copy Permissions
BETA
roles/recommender.bigQueryCapacityCommitmentsProjectAdmin
Project Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Project Admin
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.bigQueryCapacityCommitmentsProjectViewer
Project Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Recommender Project Viewer
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/bigquery.resourceAdmin
Administers BigQuery workloads, including slot assignments, commitments, and reservations.
BigQuery Resource Admin
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.resourceEditor
Manages BigQuery workloads, but is unable to create or modify slot commitments.
BigQuery Resource Editor
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.resourceViewer
Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.
BigQuery Resource Viewer
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.bigQueryCapacityCommitmentsAdmin
Admin of BigQuery Capacity Commitments insights and recommendations.
BigQuery Slot Recommender Admin
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsInsights.update', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.bigQueryCapacityCommitmentsViewer
Viewer of BigQuery Capacity Commitments insights and recommendations.
BigQuery Slot Recommender Viewer
['recommender.bigqueryCapacityCommitmentsInsights.get', 'recommender.bigqueryCapacityCommitmentsInsights.list', 'recommender.bigqueryCapacityCommitmentsRecommendations.get', 'recommender.bigqueryCapacityCommitmentsRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/bigqueryspark.serviceAgent
Gives BigQuery Spark access to the service accounts in the user project.
BigQuery Spark Service Agent
['iam.serviceAccounts.getAccessToken']
Copy Permissions
GA
roles/bigquery.studioAdmin
Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.
BigQuery Studio Admin
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.create', 'aiplatform.notebookRuntimeTemplates.delete', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimeTemplates.setIamPolicy', 'aiplatform.notebookRuntimeTemplates.update', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.delete', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.notebookRuntimes.start', 'aiplatform.notebookRuntimes.update', 'aiplatform.notebookRuntimes.upgrade', 'aiplatform.operations.list', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'compute.reservations.get', 'compute.reservations.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.studioUser
Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.
BigQuery Studio User
['aiplatform.notebookRuntimeTemplates.apply', 'aiplatform.notebookRuntimeTemplates.get', 'aiplatform.notebookRuntimeTemplates.getIamPolicy', 'aiplatform.notebookRuntimeTemplates.list', 'aiplatform.notebookRuntimes.assign', 'aiplatform.notebookRuntimes.get', 'aiplatform.notebookRuntimes.list', 'aiplatform.operations.list', 'bigquery.config.get', 'bigquery.jobs.create', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigquery.user
When applied to a project, access to run queries, create datasets, read dataset metadata, and list tables. When applied to a dataset, access to read dataset metadata and list tables within the dataset.
BigQuery User
['bigquery.bireservations.get', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.config.get', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.jobs.create', 'bigquery.jobs.list', 'bigquery.models.list', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.routines.list', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.tables.list', 'bigquery.transfers.get', 'bigquerymigration.translation.translate', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/bigtable.admin
Full access to all Bigtable resources and ability to assign Bigtable IAM roles.
Bigtable Administrator
['bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/bigtable.reader
Read access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families.
Bigtable Reader
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/bigtable.user
Read and write access to data in existing tables; read access to metadata for instances, clusters, and tables, including column families.
Bigtable User
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.ping', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/bigtable.viewer
Read access to metadata for instances, clusters, and tables, including column families.
Bigtable Viewer
['bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.list', 'bigtable.backups.get', 'bigtable.backups.list', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.hotTablets.list', 'bigtable.instances.get', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.list', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/billing.admin
Authorized to see and manage all aspects of billing accounts.
Billing Account Administrator
['billing.accounts.close', 'billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.move', 'billing.accounts.redeemPromotion', 'billing.accounts.removeFromOrganization', 'billing.accounts.reopen', 'billing.accounts.setIamPolicy', 'billing.accounts.update', 'billing.accounts.updatePaymentInfo', 'billing.accounts.updateUsageExportSpec', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.create', 'billing.resourceAssociations.delete', 'billing.resourceAssociations.list', 'billing.subscriptions.create', 'billing.subscriptions.get', 'billing.subscriptions.list', 'billing.subscriptions.update', 'cloudasset.assets.searchAllResources', 'cloudnotifications.activities.list', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'compute.commitments.create', 'compute.commitments.get', 'compute.commitments.list', 'compute.commitments.update', 'compute.commitments.updateReservations', 'consumerprocurement.accounts.create', 'consumerprocurement.accounts.delete', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.grant', 'consumerprocurement.consents.list', 'consumerprocurement.consents.revoke', 'consumerprocurement.events.get', 'consumerprocurement.events.list', 'consumerprocurement.licensePools.assign', 'consumerprocurement.licensePools.enumerateLicensedUsers', 'consumerprocurement.licensePools.get', 'consumerprocurement.licensePools.unassign', 'consumerprocurement.licensePools.update', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orderAttributions.update', 'consumerprocurement.orders.cancel', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'consumerprocurement.orders.modify', 'consumerprocurement.orders.place', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'logging.logEntries.list', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.privateLogEntries.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.computeAddressIdleResourceRecommendations.get', 'recommender.computeAddressIdleResourceRecommendations.list', 'recommender.computeDiskIdleResourceRecommendations.get', 'recommender.computeDiskIdleResourceRecommendations.list', 'recommender.computeImageIdleResourceRecommendations.get', 'recommender.computeImageIdleResourceRecommendations.list', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.get', 'recommender.computeInstanceGroupManagerMachineTypeRecommendations.list', 'recommender.computeInstanceIdleResourceRecommendations.get', 'recommender.computeInstanceIdleResourceRecommendations.list', 'recommender.computeInstanceMachineTypeRecommendations.get', 'recommender.computeInstanceMachineTypeRecommendations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.resourcemanagerProjectUtilizationRecommendations.get', 'recommender.resourcemanagerProjectUtilizationRecommendations.list', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentInsights.update', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommendations.update', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.spendBasedCommitmentRecommenderConfig.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/billing.costsManager
Can view and export cost information of billing accounts.
Billing Account Costs Manager
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.accounts.updateUsageExportSpec', 'billing.budgets.create', 'billing.budgets.delete', 'billing.budgets.get', 'billing.budgets.list', 'billing.budgets.update', 'billing.resourceAssociations.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costInsights.update']
Copy Permissions
GA
roles/billing.creator
Creator of billing accounts.
Billing Account Creator
['billing.accounts.create', 'resourcemanager.organizations.get']
Copy Permissions
GA
roles/recommender.billingAccountCudAdmin
Admin of Billing Account Usage Commitment Recommender.
Billing Account Usage Commitment Recommender Admin
['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.commitmentUtilizationInsights.update', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list', 'recommender.usageCommitmentRecommendations.update']
Copy Permissions
BETA
roles/recommender.billingAccountCudViewer
Viewer of Billing Account Usage Commitment Recommender.
Billing Account Usage Commitment Recommender Viewer
['billing.accounts.get', 'billing.accounts.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list']
Copy Permissions
BETA
roles/billing.user
Can associate projects with billing accounts
Billing Account User
['billing.accounts.get', 'billing.accounts.getIamPolicy', 'billing.accounts.list', 'billing.accounts.redeemPromotion', 'billing.credits.list', 'billing.resourceAssociations.create']
Copy Permissions
GA
roles/billing.viewer
Can view information about billing accounts.
Billing Account Viewer
['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.getIamPolicy', 'billing.accounts.getPaymentInfo', 'billing.accounts.getPricing', 'billing.accounts.getSpendingInformation', 'billing.accounts.getUsageExportSpec', 'billing.accounts.list', 'billing.billingAccountPrice.get', 'billing.billingAccountPrices.list', 'billing.billingAccountServices.get', 'billing.billingAccountServices.list', 'billing.billingAccountSkuGroupSkus.get', 'billing.billingAccountSkuGroupSkus.list', 'billing.billingAccountSkuGroups.get', 'billing.billingAccountSkuGroups.list', 'billing.billingAccountSkus.get', 'billing.billingAccountSkus.list', 'billing.budgets.get', 'billing.budgets.list', 'billing.credits.list', 'billing.finOpsBenchmarkInformation.get', 'billing.finOpsHealthInformation.get', 'billing.resourceAssociations.list', 'billing.subscriptions.get', 'billing.subscriptions.list', 'commerceoffercatalog.agreements.get', 'commerceoffercatalog.agreements.list', 'commerceoffercatalog.documents.get', 'commerceoffercatalog.documents.list', 'commerceoffercatalog.offers.get', 'consumerprocurement.accounts.get', 'consumerprocurement.accounts.list', 'consumerprocurement.consents.check', 'consumerprocurement.consents.list', 'consumerprocurement.orderAttributions.get', 'consumerprocurement.orderAttributions.list', 'consumerprocurement.orders.get', 'consumerprocurement.orders.list', 'dataprocessing.datasources.get', 'dataprocessing.datasources.list', 'dataprocessing.groupcontrols.get', 'dataprocessing.groupcontrols.list', 'recommender.commitmentUtilizationInsights.get', 'recommender.commitmentUtilizationInsights.list', 'recommender.costInsights.get', 'recommender.costInsights.list', 'recommender.costRecommendations.listAll', 'recommender.costRecommendations.summarizeAll', 'recommender.spendBasedCommitmentInsights.get', 'recommender.spendBasedCommitmentInsights.list', 'recommender.spendBasedCommitmentRecommendations.get', 'recommender.spendBasedCommitmentRecommendations.list', 'recommender.spendBasedCommitmentRecommenderConfig.get', 'recommender.usageCommitmentRecommendations.get', 'recommender.usageCommitmentRecommendations.list']
Copy Permissions
GA
roles/binaryauthorization.attestorsAdmin
Adminstrator of Binary Authorization Attestors
Binary Authorization Attestor Admin
['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.getIamPolicy', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.setIamPolicy', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.attestorsEditor
Editor of Binary Authorization Attestors
Binary Authorization Attestor Editor
['binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.attestorsVerifier
Caller of Binary Authorization Attestors VerifyImageAttested
Binary Authorization Attestor Image Verifier
['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.attestorsViewer
Viewer of Binary Authorization Attestors
Binary Authorization Attestor Viewer
['binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.policyAdmin
Administrator of Binary Authorization Policy
Binary Authorization Policy Administrator
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.getIamPolicy', 'binaryauthorization.continuousValidationConfig.setIamPolicy', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.getIamPolicy', 'binaryauthorization.policy.setIamPolicy', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.policyEditor
Editor of Binary Authorization Policy
Binary Authorization Policy Editor
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.continuousValidationConfig.update', 'binaryauthorization.platformPolicies.create', 'binaryauthorization.platformPolicies.delete', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.platformPolicies.replace', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'binaryauthorization.policy.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.policyEvaluator
Evaluator of Binary Authorization Policy
Binary Authorization Policy Evaluator
['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.policyViewer
Viewer of Binary Authorization Policy
Binary Authorization Policy Viewer
['binaryauthorization.continuousValidationConfig.get', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/binaryauthorization.serviceAgent
Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.
Binary Authorization Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.verifyImageAttested', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'cloudasset.assets.exportResource', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.update', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.listOccurrences', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.list']
Copy Permissions
GA
roles/blockchainnodeengine.admin
Full access to Blockchain Node Engine resources.
Blockchain Node Engine Admin
['blockchainnodeengine.blockchainNodes.create', 'blockchainnodeengine.blockchainNodes.delete', 'blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.blockchainNodes.update', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.cancel', 'blockchainnodeengine.operations.delete', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/blockchainnodeengine.serviceAgent
Grants Blockchain Node Engine access to metrics in user project
Blockchain Node Engine Service Agent
['monitoring.timeSeries.list']
Copy Permissions
GA
roles/blockchainnodeengine.viewer
Readonly access to Blockchain Node Engine resources.
Blockchain Node Engine Viewer
['blockchainnodeengine.blockchainNodes.get', 'blockchainnodeengine.blockchainNodes.list', 'blockchainnodeengine.locations.get', 'blockchainnodeengine.locations.list', 'blockchainnodeengine.operations.get', 'blockchainnodeengine.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/blockchainvalidatormanager.admin
Full access to Blockchain Validator Manager resources.
Blockchain Validator Manager Admin
['blockchainvalidatormanager.blockchainValidatorConfigs.create', 'blockchainvalidatormanager.blockchainValidatorConfigs.delete', 'blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.blockchainValidatorConfigs.update', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.cancel', 'blockchainvalidatormanager.operations.delete', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/blockchainvalidatormanager.viewer
Readonly access to Blockchain Validator Manager resources.
Blockchain Validator Viewer
['blockchainvalidatormanager.blockchainValidatorConfigs.get', 'blockchainvalidatormanager.blockchainValidatorConfigs.list', 'blockchainvalidatormanager.locations.get', 'blockchainvalidatormanager.locations.list', 'blockchainvalidatormanager.operations.get', 'blockchainvalidatormanager.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/browser
Access to browse GCP resources.
Browser
['resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/privateca.admin
Full access to all CA Service resources.
CA Service Admin
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.setIamPolicy', 'privateca.caPools.update', 'privateca.caPools.use', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.setIamPolicy', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.create', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.setIamPolicy', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.setIamPolicy', 'privateca.certificateTemplates.update', 'privateca.certificateTemplates.use', 'privateca.certificates.create', 'privateca.certificates.createForSelf', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.setIamPolicy', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.cancel', 'privateca.operations.delete', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.setIamPolicy', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create']
Copy Permissions
GA
roles/privateca.auditor
Read-only access to all CA Service resources.
CA Service Auditor
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/privateca.certificateManager
Create certificates and read-only access for CA Service resources.
CA Service Certificate Manager
['privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificates.create', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/privateca.certificateRequester
Request certificates from CA Service.
CA Service Certificate Requester
['privateca.certificates.create']
Copy Permissions
GA
roles/privateca.templateUser
Read, list and use certificate templates.
CA Service Certificate Template User
['privateca.certificateTemplates.get', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.use']
Copy Permissions
GA
roles/privateca.caManager
Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.
CA Service Operation Manager
['privateca.caPools.create', 'privateca.caPools.delete', 'privateca.caPools.get', 'privateca.caPools.getIamPolicy', 'privateca.caPools.list', 'privateca.caPools.update', 'privateca.certificateAuthorities.create', 'privateca.certificateAuthorities.delete', 'privateca.certificateAuthorities.get', 'privateca.certificateAuthorities.getIamPolicy', 'privateca.certificateAuthorities.list', 'privateca.certificateAuthorities.update', 'privateca.certificateRevocationLists.get', 'privateca.certificateRevocationLists.getIamPolicy', 'privateca.certificateRevocationLists.list', 'privateca.certificateRevocationLists.update', 'privateca.certificateTemplates.create', 'privateca.certificateTemplates.delete', 'privateca.certificateTemplates.get', 'privateca.certificateTemplates.getIamPolicy', 'privateca.certificateTemplates.list', 'privateca.certificateTemplates.update', 'privateca.certificates.get', 'privateca.certificates.getIamPolicy', 'privateca.certificates.list', 'privateca.certificates.update', 'privateca.locations.get', 'privateca.locations.list', 'privateca.operations.get', 'privateca.operations.list', 'privateca.reusableConfigs.create', 'privateca.reusableConfigs.delete', 'privateca.reusableConfigs.get', 'privateca.reusableConfigs.getIamPolicy', 'privateca.reusableConfigs.list', 'privateca.reusableConfigs.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create']
Copy Permissions
GA
roles/privateca.poolReader
Read CA Pools in CA Service.
CA Service Pool Reader
['privateca.caPools.get']
Copy Permissions
GA
roles/privateca.workloadCertificateRequester
Request certificates from CA Service with caller's identity.
CA Service Workload Certificate Requester
['privateca.certificates.createForSelf']
Copy Permissions
GA
roles/capacityplanner.viewer
Read-only access to Capacity Planner usage resources
Capacity Planner Usage Viewer
['capacityplanner.forecasts.list', 'capacityplanner.usageHistories.list', 'capacityplanner.usageHistories.summarize', 'cloudquotas.quotas.get', 'compute.futureReservations.get', 'compute.futureReservations.list', 'compute.reservations.get', 'compute.reservations.list', 'monitoring.timeSeries.list', 'resourcemanager.folders.get', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get']
Copy Permissions
BETA
roles/billing.carbonViewer
Carbon Footprint Viewer
['billing.accounts.get', 'billing.accounts.getCarbonInformation', 'billing.accounts.list']
Copy Permissions
GA
roles/carestudio.viewer
This role can view all properties of Patients.
Care Studio Patients Viewer
['carestudio.patients.get', 'carestudio.patients.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudprivatecatalogproducer.admin
Can manage catalog and view its associations.
Catalog Admin
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudprivatecatalog.consumer
Can browse catalogs in the target resource context.
Catalog Consumer
['cloudprivatecatalog.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudprivatecatalogproducer.manager
Can manage associations between a catalog and a target resource.
Catalog Manager
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudprivatecatalogproducer.orgAdmin
Can manage catalog org settings.
Catalog Org Admin
['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/certificatemanager.editor
Edit access to Certificate Manager all resources.
Certificate Manager Editor
['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/certificatemanager.owner
Full access to Certificate Manager all resources.
Certificate Manager Owner
['certificatemanager.certissuanceconfigs.create', 'certificatemanager.certissuanceconfigs.delete', 'certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certissuanceconfigs.update', 'certificatemanager.certissuanceconfigs.use', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.cancel', 'certificatemanager.operations.delete', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.create', 'certificatemanager.trustconfigs.delete', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'certificatemanager.trustconfigs.update', 'certificatemanager.trustconfigs.use', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/certificatemanager.serviceAgent
Grants Certificate Manager access to services and APIs in the user project.
Certificate Manager Service Agent
['certificatemanager.locations.get']
Copy Permissions
GA
roles/certificatemanager.viewer
Read-only access to Certificate Manager all resources.
Certificate Manager Viewer
['certificatemanager.certissuanceconfigs.get', 'certificatemanager.certissuanceconfigs.list', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.locations.get', 'certificatemanager.locations.list', 'certificatemanager.operations.get', 'certificatemanager.operations.list', 'certificatemanager.trustconfigs.get', 'certificatemanager.trustconfigs.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/integrations.certificateViewer
A developer that can list and view Certificates.
Certificate Viewer
['integrations.certificates.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/chat.owner
Can view and modify app configurations
Chat Apps Owner
['chat.bots.get', 'chat.bots.update']
Copy Permissions
GA
roles/chat.reader
Can view app configurations
Chat Apps Viewer
['chat.bots.get']
Copy Permissions
GA
roles/chronicle.admin
Full access to the Chronicle API services, including global settings.
Chronicle API Admin
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.bigQueryAccess.provide', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessLabels.create', 'chronicle.dataAccessLabels.delete', 'chronicle.dataAccessLabels.get', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessLabels.update', 'chronicle.dataAccessScopes.create', 'chronicle.dataAccessScopes.delete', 'chronicle.dataAccessScopes.get', 'chronicle.dataAccessScopes.list', 'chronicle.dataAccessScopes.permit', 'chronicle.dataAccessScopes.update', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.extensionValidationReports.get', 'chronicle.extensionValidationReports.list', 'chronicle.feedServiceAccounts.fetch', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.create', 'chronicle.feeds.delete', 'chronicle.feeds.disable', 'chronicle.feeds.enable', 'chronicle.feeds.generateSecret', 'chronicle.feeds.get', 'chronicle.feeds.list', 'chronicle.feeds.update', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.generateWorkspaceConnectionToken', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.parserExtensions.activate', 'chronicle.parserExtensions.create', 'chronicle.parserExtensions.delete', 'chronicle.parserExtensions.generateKeyValueMappings', 'chronicle.parserExtensions.get', 'chronicle.parserExtensions.legacySubmitParserExtension', 'chronicle.parserExtensions.list', 'chronicle.parserExtensions.removeSyslog', 'chronicle.parsers.activate', 'chronicle.parsers.activateReleaseCandidate', 'chronicle.parsers.copyPrebuiltParser', 'chronicle.parsers.create', 'chronicle.parsers.deactivate', 'chronicle.parsers.delete', 'chronicle.parsers.generateEventTypesSuggestions', 'chronicle.parsers.get', 'chronicle.parsers.list', 'chronicle.parsers.runParser', 'chronicle.parsingErrors.list', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.validationErrors.list', 'chronicle.validationReports.get', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/chronicle.editor
Modify Access to Chronicle API resources.
Chronicle API Editor
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/chronicle.globalDataAccess
Grants global access to data i.e. all data can be accessed.
Chronicle API Global Data Access
['chronicle.globalDataAccessScopes.permit']
Copy Permissions
BETA
roles/chronicle.limitedViewer
Grants readonly access to Chronicle API resources, excluding Rules and Retrohunts.
Chronicle API Limited Viewer
['chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.get', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/chronicle.restrictedDataAccess
Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions.
Chronicle API Restricted Data Access
['chronicle.dataAccessScopes.permit']
Copy Permissions
BETA
roles/chronicle.restrictedDataAccessViewer
Grants readonly access to Chronicle API resources without global data access scope.
Chronicle API Restricted Data Access Viewer
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.report', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/chronicle.viewer
Readonly access to the Chronicle API resources.
Chronicle API Viewer
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/chroniclesm.admin
Admins can view and modify Chronicle service details.
Chronicle Service Admin
['chroniclesm.gcpAssociations.create', 'chroniclesm.gcpAssociations.delete', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update']
Copy Permissions
GA
roles/chronicle.serviceAgent
Grants Chronicle scoped access to customer project
Chronicle Service Agent
['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.datasets.create', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'chronicle.instances.get', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get']
Copy Permissions
GA
roles/chroniclesm.viewer
Viewers can see Chronicle service details but not change them.
Chronicle Service Viewer
['chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpSettings.get']
Copy Permissions
GA
roles/chronicle.soarAdmin
Grants admin access to Chronicle SOAR.
Chronicle SOAR Admin
['chronicle.instances.soarAdmin', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions
BETA
roles/chronicle.soarServiceAgent
Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources.
Chronicle SOAR Service Agent
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.list', 'compute.instances.stop', 'compute.instances.updateNetworkInterface', 'compute.networks.updatePolicy', 'compute.zones.list', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'resourcemanager.organizations.getIamPolicy', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.list', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.update', 'securitycenter.sources.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.update']
Copy Permissions
GA
roles/chronicle.soarThreatManager
Grants threat manager access to Chronicle SOAR.
Chronicle SOAR Threat Manager
['chronicle.instances.soarThreatManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions
BETA
roles/chronicle.soarVulnerabilityManager
Grants vulnerability manager access to Chronicle SOAR.
Chronicle SOAR Vulnerability Manager
['chronicle.instances.soarVulnerabilityManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list']
Copy Permissions
BETA
roles/ciem.serviceAgent
Gives CIEM Service Account permission to access GCP resources
CIEM Service Agent
['cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'resourcemanager.organizations.get']
Copy Permissions
GA
roles/accesscontextmanager.gcpAccessAdmin
Create, edit, and change Cloud access bindings.
Cloud Access Binding Admin
['accesscontextmanager.gcpUserAccessBindings.create', 'accesscontextmanager.gcpUserAccessBindings.delete', 'accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list', 'accesscontextmanager.gcpUserAccessBindings.update']
Copy Permissions
GA
roles/accesscontextmanager.gcpAccessReader
Read access to Cloud access bindings.
Cloud Access Binding Reader
['accesscontextmanager.gcpUserAccessBindings.get', 'accesscontextmanager.gcpUserAccessBindings.list']
Copy Permissions
GA
roles/cloudaicompanion.serviceAgent
Gives Cloud AI Companion components the proper permissions to function.
Cloud AI Companion Service Agent
['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use']
Copy Permissions
GA
roles/alloydb.admin
Full access to Cloud AlloyDB all resources.
Cloud AlloyDB Admin
['alloydb.backups.create', 'alloydb.backups.createTagBinding', 'alloydb.backups.delete', 'alloydb.backups.deleteTagBinding', 'alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.backups.update', 'alloydb.clusters.create', 'alloydb.clusters.createTagBinding', 'alloydb.clusters.delete', 'alloydb.clusters.deleteTagBinding', 'alloydb.clusters.export', 'alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.clusters.import', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.clusters.promote', 'alloydb.clusters.switchover', 'alloydb.clusters.update', 'alloydb.clusters.upgrade', 'alloydb.databases.list', 'alloydb.instances.connect', 'alloydb.instances.create', 'alloydb.instances.delete', 'alloydb.instances.executeSql', 'alloydb.instances.failover', 'alloydb.instances.get', 'alloydb.instances.injectFault', 'alloydb.instances.list', 'alloydb.instances.restart', 'alloydb.instances.update', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.cancel', 'alloydb.operations.delete', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.create', 'alloydb.users.delete', 'alloydb.users.get', 'alloydb.users.list', 'alloydb.users.login', 'alloydb.users.update', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceInsights.update', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterPerformanceRecommendations.update', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityInsights.update', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'recommender.alloydbClusterReliabilityRecommendations.update', 'recommender.alloydbInstanceSecurityInsights.get', 'recommender.alloydbInstanceSecurityInsights.list', 'recommender.alloydbInstanceSecurityInsights.update', 'recommender.alloydbInstanceSecurityRecommendations.get', 'recommender.alloydbInstanceSecurityRecommendations.list', 'recommender.alloydbInstanceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/alloydb.client
Connectivity access to Cloud AlloyDB instances.
Cloud AlloyDB Client
['alloydb.clusters.generateClientCertificate', 'alloydb.clusters.get', 'alloydb.instances.connect', 'alloydb.instances.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/alloydb.databaseUser
Role allowing access to login as a database user.
Cloud AlloyDB Database User
['alloydb.clusters.get', 'alloydb.instances.executeSql', 'alloydb.instances.get', 'alloydb.users.login', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/alloydb.viewer
Read-only access to Cloud AlloyDB all resources.
Cloud AlloyDB Viewer
['alloydb.backups.get', 'alloydb.backups.list', 'alloydb.backups.listEffectiveTags', 'alloydb.backups.listTagBindings', 'alloydb.clusters.export', 'alloydb.clusters.get', 'alloydb.clusters.list', 'alloydb.clusters.listEffectiveTags', 'alloydb.clusters.listTagBindings', 'alloydb.databases.list', 'alloydb.instances.get', 'alloydb.instances.list', 'alloydb.locations.get', 'alloydb.locations.list', 'alloydb.operations.get', 'alloydb.operations.list', 'alloydb.supportedDatabaseFlags.get', 'alloydb.supportedDatabaseFlags.list', 'alloydb.users.get', 'alloydb.users.list', 'cloudaicompanion.entitlements.get', 'recommender.alloydbClusterPerformanceInsights.get', 'recommender.alloydbClusterPerformanceInsights.list', 'recommender.alloydbClusterPerformanceRecommendations.get', 'recommender.alloydbClusterPerformanceRecommendations.list', 'recommender.alloydbClusterReliabilityInsights.get', 'recommender.alloydbClusterReliabilityInsights.list', 'recommender.alloydbClusterReliabilityRecommendations.get', 'recommender.alloydbClusterReliabilityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apigateway_management.serviceAgent
Gives Cloud API Gateway service account access to retrieve aService configuration.
Cloud API Gateway Management Service Agent
['iam.serviceAccounts.get', 'servicemanagement.services.create', 'servicemanagement.services.delete', 'servicemanagement.services.get', 'servicemanagement.services.list', 'servicemanagement.services.update', 'serviceusage.services.get']
Copy Permissions
GA
roles/apigateway.serviceAgent
Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.
Cloud API Gateway Service Agent
['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'servicemanagement.services.check', 'servicemanagement.services.quota', 'servicemanagement.services.report']
Copy Permissions
GA
roles/apihub.admin
Full access to all API hub resources.
Cloud API Hub Admin
['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.locations2.searchResources', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.attributeAdmin
Full access to all Cloud API hub attribute's resources.
Cloud API hub Attributes Admin
['apihub.attributes.create', 'apihub.attributes.delete', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.attributes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.editor
Edit access to most of Cloud API Hub resources.
Cloud API Hub Editor
['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apiOperations.update', 'apihub.apis.create', 'apihub.apis.delete', 'apihub.apis.get', 'apihub.apis.list', 'apihub.apis.update', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.definitions.update', 'apihub.dependencies.create', 'apihub.dependencies.delete', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.dependencies.update', 'apihub.deployments.create', 'apihub.deployments.delete', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.deployments.update', 'apihub.externalApis.create', 'apihub.externalApis.delete', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.externalApis.update', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.deregister', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.llmEnablements.register', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.create', 'apihub.specs.delete', 'apihub.specs.get', 'apihub.specs.lint', 'apihub.specs.list', 'apihub.specs.update', 'apihub.styleGuides.get', 'apihub.versions.create', 'apihub.versions.delete', 'apihub.versions.get', 'apihub.versions.list', 'apihub.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.pluginAdmin
Full access to all Cloud API hub plugin's resources.
Cloud API hub Plugins Admin
['apihub.plugins.disable', 'apihub.plugins.enable', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.specs.lint', 'apihub.styleGuides.get', 'apihub.styleGuides.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.provisioningAdmin
Full access to Cloud API hub provisioning related resources.
Cloud API hub Provisioning Admin
['apihub.apiHubInstances.create', 'apihub.apiHubInstances.delete', 'apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.hostProjectRegistrations.create', 'apihub.hostProjectRegistrations.delete', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.hostProjectRegistrations.register', 'apihub.operations.cancel', 'apihub.operations.delete', 'apihub.operations.get', 'apihub.operations.list', 'apihub.runTimeProjectAttachments.attach', 'apihub.runTimeProjectAttachments.create', 'apihub.runTimeProjectAttachments.delete', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.runTimeProjectAttachments.lookup', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apihub.viewer
View access to all Cloud API hub resources.
Cloud API hub Viewer
['apihub.apiHubInstances.get', 'apihub.apiHubInstances.list', 'apihub.apiOperations.get', 'apihub.apiOperations.list', 'apihub.apis.get', 'apihub.apis.list', 'apihub.attributes.get', 'apihub.attributes.list', 'apihub.definitions.get', 'apihub.definitions.list', 'apihub.dependencies.get', 'apihub.dependencies.list', 'apihub.deployments.get', 'apihub.deployments.list', 'apihub.externalApis.get', 'apihub.externalApis.list', 'apihub.hostProjectRegistrations.get', 'apihub.hostProjectRegistrations.list', 'apihub.llmEnablements.get', 'apihub.llmEnablements.list', 'apihub.locations.searchResources', 'apihub.operations.get', 'apihub.operations.list', 'apihub.plugins.get', 'apihub.plugins.list', 'apihub.runTimeProjectAttachments.get', 'apihub.runTimeProjectAttachments.list', 'apihub.specs.get', 'apihub.specs.list', 'apihub.styleGuides.get', 'apihub.versions.get', 'apihub.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apigeeregistry.admin
Full access to Cloud Apigee Registry Registry and Runtime resources.
Cloud Apigee Registry Admin
['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.setIamPolicy', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.setIamPolicy', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.instances.get', 'apigeeregistry.instances.update', 'apigeeregistry.locations.get', 'apigeeregistry.locations.list', 'apigeeregistry.operations.cancel', 'apigeeregistry.operations.delete', 'apigeeregistry.operations.get', 'apigeeregistry.operations.list', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.setIamPolicy', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.setIamPolicy', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apigeeregistry.editor
Edit access to Cloud Apigee Registry Registry resources.
Cloud Apigee Registry Editor
['apigeeregistry.apis.create', 'apigeeregistry.apis.delete', 'apigeeregistry.apis.get', 'apigeeregistry.apis.getIamPolicy', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.getIamPolicy', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.create', 'apigeeregistry.deployments.delete', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.create', 'apigeeregistry.specs.delete', 'apigeeregistry.specs.get', 'apigeeregistry.specs.getIamPolicy', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.create', 'apigeeregistry.versions.delete', 'apigeeregistry.versions.get', 'apigeeregistry.versions.getIamPolicy', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apigeeregistry.viewer
Read-only access to Cloud Apigee Registry Registry resources.
Cloud Apigee Registry Viewer
['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/apigeeregistry.worker
The role used by Apigee Registry application workers to read and update Apigee Registry Artifacts.
Cloud Apigee Registry Worker
['apigeeregistry.apis.get', 'apigeeregistry.apis.list', 'apigeeregistry.apis.update', 'apigeeregistry.artifacts.create', 'apigeeregistry.artifacts.delete', 'apigeeregistry.artifacts.get', 'apigeeregistry.artifacts.list', 'apigeeregistry.artifacts.update', 'apigeeregistry.deployments.get', 'apigeeregistry.deployments.list', 'apigeeregistry.deployments.update', 'apigeeregistry.specs.get', 'apigeeregistry.specs.list', 'apigeeregistry.specs.update', 'apigeeregistry.versions.get', 'apigeeregistry.versions.list', 'apigeeregistry.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudAssetInsightsAdmin
Admin of all Cloud Asset insights.
Cloud Asset Insights Admin
['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.cloudAssetInsightsViewer
Viewer of all Cloud Asset insights.
Cloud Asset Insights Viewer
['recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudasset.owner
Full access to cloud assets metadata
Cloud Asset Owner
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.locations.get', 'recommender.locations.list']
Copy Permissions
GA
roles/cloudasset.serviceAgent
Gives Cloud Asset service agent permissions to Cloud Storage and BigQuery for exporting Assets, and permission to publish to Cloud Pub/Sub topics for Asset Real Time Feed.
Cloud Asset Service Agent
['bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'pubsub.topics.publish', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get']
Copy Permissions
GA
roles/cloudasset.viewer
Read only access to cloud assets metadata
Cloud Asset Viewer
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list']
Copy Permissions
GA
roles/beyondcorp.admin
Full access to all Cloud BeyondCorp resources.
Cloud BeyondCorp Admin
['beyondcorp.appConnections.create', 'beyondcorp.appConnections.delete', 'beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnections.setIamPolicy', 'beyondcorp.appConnections.update', 'beyondcorp.appConnectors.create', 'beyondcorp.appConnectors.delete', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appConnectors.reportStatus', 'beyondcorp.appConnectors.setIamPolicy', 'beyondcorp.appConnectors.update', 'beyondcorp.appGateways.create', 'beyondcorp.appGateways.delete', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.appGateways.setIamPolicy', 'beyondcorp.appGateways.update', 'beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/beyondcorp.clientConnectorAdmin
Full access to all BeyondCorp Client Connector resources.
Cloud BeyondCorp Client Connector Admin
['beyondcorp.clientConnectorServices.create', 'beyondcorp.clientConnectorServices.delete', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientConnectorServices.setIamPolicy', 'beyondcorp.clientConnectorServices.update', 'beyondcorp.clientGateways.create', 'beyondcorp.clientGateways.delete', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.clientGateways.setIamPolicy', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/beyondcorp.clientConnectorServiceUser
Access Client Connector Service
Cloud BeyondCorp Client Connector Service User
['beyondcorp.clientConnectorServices.access']
Copy Permissions
BETA
roles/beyondcorp.clientConnectorViewer
Read-only access to all BeyondCorp Client Connector resources.
Cloud BeyondCorp Client Connector Viewer
['beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/beyondcorp.partnerServiceDelegateAdmin
Delegates access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.
Cloud BeyondCorp Partner Service Delegate Admin
['beyondcorp.operations.cancel', 'beyondcorp.operations.delete', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.partnerTenants.create', 'beyondcorp.partnerTenants.delete', 'beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.partnerTenants.update', 'beyondcorp.proxyConfigs.create', 'beyondcorp.proxyConfigs.delete', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'beyondcorp.proxyConfigs.update', 'resourcemanager.organizations.get']
Copy Permissions
BETA
roles/beyondcorp.partnerServiceDelegateViewer
Delegates read-only access to all BeyondCorp partner service resources to a BeyondCorp Enterprise partner.
Cloud BeyondCorp Partner Service Delegate Viewer
['beyondcorp.partnerTenants.get', 'beyondcorp.partnerTenants.list', 'beyondcorp.proxyConfigs.get', 'beyondcorp.proxyConfigs.list', 'resourcemanager.organizations.get']
Copy Permissions
BETA
roles/beyondcorp.subscriptionAdmin
Full access to all BeyondCorp Subscription resources.
Cloud BeyondCorp Subscription Admin
['beyondcorp.subscriptions.create', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'beyondcorp.subscriptions.terminate', 'beyondcorp.subscriptions.update', 'resourcemanager.organizations.get']
Copy Permissions
BETA
roles/beyondcorp.subscriptionViewer
Read-only access to all BeyondCorp Subscription resources.
Cloud BeyondCorp Subscription Viewer
['beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get']
Copy Permissions
BETA
roles/beyondcorp.viewer
Read-only access to all Cloud BeyondCorp resources.
Cloud BeyondCorp Viewer
['beyondcorp.appConnections.get', 'beyondcorp.appConnections.getIamPolicy', 'beyondcorp.appConnections.list', 'beyondcorp.appConnectors.get', 'beyondcorp.appConnectors.getIamPolicy', 'beyondcorp.appConnectors.list', 'beyondcorp.appGateways.get', 'beyondcorp.appGateways.getIamPolicy', 'beyondcorp.appGateways.list', 'beyondcorp.clientConnectorServices.get', 'beyondcorp.clientConnectorServices.getIamPolicy', 'beyondcorp.clientConnectorServices.list', 'beyondcorp.clientGateways.get', 'beyondcorp.clientGateways.getIamPolicy', 'beyondcorp.clientGateways.list', 'beyondcorp.locations.get', 'beyondcorp.locations.list', 'beyondcorp.operations.get', 'beyondcorp.operations.list', 'beyondcorp.subscriptions.get', 'beyondcorp.subscriptions.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudbuild.builds.approver
Can approve or reject pending builds.
Cloud Build Approver
['cloudbuild.builds.approve', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.connectionAdmin
Can manage connections and repositories.
Cloud Build Connection Admin
['cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.connectionViewer
Can view and list connections and repositories.
Cloud Build Connection Viewer
['cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.builds.editor
Can create and cancel builds
Cloud Build Editor
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.integrationsEditor
Can update Integrations
Cloud Build Integrations Editor
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.integrationsOwner
Can create/delete Integrations
Cloud Build Integrations Owner
['cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'compute.firewalls.create', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regions.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.integrationsViewer
Can view Integrations
Cloud Build Integrations Viewer
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.loggingServiceAgent
Gives the Cloud Build logging-specific service account access to write logs.
Cloud Build Logging Service Agent
['logging.buckets.write']
Copy Permissions
GA
roles/cloudbuild.readTokenAccessor
Can view the connection and access its read-only token.
Cloud Build Read Only Token Accessor
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.get']
Copy Permissions
GA
roles/cloudbuild.builds.builder
Can perform builds
Cloud Build Service Account
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.topics.create', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/cloudbuild.serviceAgent
Gives Cloud Build service account access to managed resources.
Cloud Build Service Agent
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.regionOperations.get', 'compute.subnetworks.get', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'developerconnect.connections.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.networks.access', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/cloudbuild.tokenAccessor
Can view the connection and access its read/write and read-only tokens.
Cloud Build Token Accessor
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list']
Copy Permissions
GA
roles/cloudbuild.builds.viewer
Can view builds
Cloud Build Viewer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.workerPoolEditor
Can update and view WorkerPools
Cloud Build WorkerPool Editor
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.workerPoolOwner
Can create, delete, update, and view WorkerPools
Cloud Build WorkerPool Owner
['cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudbuild.workerPoolUser
Can run builds in the WorkerPool
Cloud Build WorkerPool User
['cloudbuild.workerpools.use']
Copy Permissions
GA
roles/cloudbuild.workerPoolViewer
Can view WorkerPools
Cloud Build WorkerPool Viewer
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/composer.serviceAgent
Cloud Composer API service agent can manage environments.
Cloud Composer API Service Agent
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.update', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'cloudaicompanion.entitlements.get', 'cloudnotifications.activities.list', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'composer.dags.get', 'composer.environments.get', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'deploymentmanager.compositeTypes.create', 'deploymentmanager.compositeTypes.delete', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.compositeTypes.list', 'deploymentmanager.compositeTypes.update', 'deploymentmanager.deployments.cancelPreview', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.stop', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.resources.get', 'deploymentmanager.resources.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.getType', 'deploymentmanager.typeProviders.list', 'deploymentmanager.typeProviders.listTypes', 'deploymentmanager.typeProviders.update', 'deploymentmanager.types.create', 'deploymentmanager.types.delete', 'deploymentmanager.types.get', 'deploymentmanager.types.list', 'deploymentmanager.types.update', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.list', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions
GA
roles/composer.ServiceAgentV2Ext
Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.
Cloud Composer v2 API Service Agent Extension
['iam.serviceAccounts.getIamPolicy', 'iam.serviceAccounts.setIamPolicy']
Copy Permissions
GA
roles/cloudcontrolspartner.accessApprovalServiceAgent
Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner.
Cloud Controls Partner Access Approval Service Agent
['accessapproval.requests.get', 'accessapproval.requests.list']
Copy Permissions
GA
roles/cloudcontrolspartner.admin
Full access to Cloud Controls Partner resources.
Cloud Controls Partner Admin
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list']
Copy Permissions
GA
roles/cloudcontrolspartner.editor
Editor access to Cloud Controls Partner resources.
Cloud Controls Partner Editor
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions
GA
roles/cloudcontrolspartner.ekmServiceAgent
Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information.
Cloud Controls Partner EKM Service Agent
['cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.verifyConnectivity']
Copy Permissions
GA
roles/cloudcontrolspartner.inspectabilityReader
Readonly access to Cloud Controls Partner inspectability resources.
Cloud Controls Partner Inspectability Reader
['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.platformcontrols.get']
Copy Permissions
GA
roles/cloudcontrolspartner.monitoringReader
Readonly access to Cloud Controls Partner monitoring resources.
Cloud Controls Partner Monitoring Reader
['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions
GA
roles/cloudcontrolspartner.monitoringServiceAgent
Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability.
Cloud Controls Partner Monitoring Service Agent
['assuredworkloads.violations.get', 'assuredworkloads.violations.list']
Copy Permissions
GA
roles/cloudcontrolspartner.reader
Readonly access to Cloud Controls Partner resources.
Cloud Controls Partner Reader
['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list']
Copy Permissions
GA
roles/cloudcontrolspartner.supportCaseServiceAgent
Gives the Partner Console service account access to support cases for workloads associated with a partner.
Cloud Controls Partner Support Case Service Agent
['cloudsupport.techCases.get']
Copy Permissions
GA
roles/recommender.cloudCostRecommendationAdmin
Admin of Cloud Cost General Recommendations Insights and Recommendations.
Cloud Cost General Recommendations Recommender Admin
['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralInsights.update', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.cloudCostGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudCostRecommendationViewer
Viewer of Cloud Cost General Recommendations Insights and Recommendations.
Cloud Cost General Recommendations Recommender Viewer
['recommender.cloudCostGeneralInsights.get', 'recommender.cloudCostGeneralInsights.list', 'recommender.cloudCostGeneralRecommendations.get', 'recommender.cloudCostGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/datafusion.accessor
Read-only access to Cloud Data Fusion Instances. Use it on instance level along with the namespace grants to provide access to the specific namespace.
Cloud Data Fusion Accessor
['datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/datafusion.admin
Full access to Cloud Data Fusion Instances, Namespaces and related resources.
Cloud Data Fusion Admin
['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.create', 'datafusion.instances.createTagBinding', 'datafusion.instances.delete', 'datafusion.instances.deleteTagBinding', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.instances.restart', 'datafusion.instances.runtime', 'datafusion.instances.setIamPolicy', 'datafusion.instances.update', 'datafusion.instances.upgrade', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.cancel', 'datafusion.operations.delete', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.create', 'datafusion.pipelineConnections.delete', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.update', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datafusion.serviceAgent
Gives Cloud Data Fusion service account access to Service Networking, Cloud Dataproc, Cloud Storage, BigQuery, Cloud Spanner, and Cloud Bigtable resources.
Cloud Data Fusion API Service Agent
['bigquery.config.get', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigtable.appProfiles.create', 'bigtable.appProfiles.delete', 'bigtable.appProfiles.get', 'bigtable.appProfiles.list', 'bigtable.appProfiles.update', 'bigtable.authorizedViews.create', 'bigtable.authorizedViews.createTagBinding', 'bigtable.authorizedViews.delete', 'bigtable.authorizedViews.deleteTagBinding', 'bigtable.authorizedViews.get', 'bigtable.authorizedViews.getIamPolicy', 'bigtable.authorizedViews.list', 'bigtable.authorizedViews.listEffectiveTags', 'bigtable.authorizedViews.listTagBindings', 'bigtable.authorizedViews.mutateRows', 'bigtable.authorizedViews.readRows', 'bigtable.authorizedViews.sampleRowKeys', 'bigtable.authorizedViews.setIamPolicy', 'bigtable.authorizedViews.update', 'bigtable.backups.create', 'bigtable.backups.delete', 'bigtable.backups.get', 'bigtable.backups.getIamPolicy', 'bigtable.backups.list', 'bigtable.backups.read', 'bigtable.backups.restore', 'bigtable.backups.setIamPolicy', 'bigtable.backups.update', 'bigtable.clusters.create', 'bigtable.clusters.delete', 'bigtable.clusters.get', 'bigtable.clusters.list', 'bigtable.clusters.update', 'bigtable.hotTablets.list', 'bigtable.instances.create', 'bigtable.instances.createTagBinding', 'bigtable.instances.delete', 'bigtable.instances.deleteTagBinding', 'bigtable.instances.executeQuery', 'bigtable.instances.get', 'bigtable.instances.getIamPolicy', 'bigtable.instances.list', 'bigtable.instances.listEffectiveTags', 'bigtable.instances.listTagBindings', 'bigtable.instances.ping', 'bigtable.instances.setIamPolicy', 'bigtable.instances.update', 'bigtable.keyvisualizer.get', 'bigtable.keyvisualizer.list', 'bigtable.locations.list', 'bigtable.tables.checkConsistency', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.generateConsistencyToken', 'bigtable.tables.get', 'bigtable.tables.getIamPolicy', 'bigtable.tables.list', 'bigtable.tables.mutateRows', 'bigtable.tables.readRows', 'bigtable.tables.sampleRowKeys', 'bigtable.tables.setIamPolicy', 'bigtable.tables.undelete', 'bigtable.tables.update', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalOperations.get', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceSettings.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.update', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.removePeering', 'compute.networks.update', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zones.get', 'compute.zones.list', 'dataform.locations.get', 'dataform.locations.list', 'dataform.repositories.create', 'dataform.repositories.list', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.list', 'dataproc.autoscalingPolicies.update', 'dataproc.autoscalingPolicies.use', 'dataproc.batches.analyze', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.delete', 'dataproc.batches.get', 'dataproc.batches.list', 'dataproc.batches.sparkApplicationRead', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.clusters.list', 'dataproc.clusters.start', 'dataproc.clusters.stop', 'dataproc.clusters.update', 'dataproc.clusters.use', 'dataproc.jobs.cancel', 'dataproc.jobs.create', 'dataproc.jobs.delete', 'dataproc.jobs.get', 'dataproc.jobs.list', 'dataproc.jobs.update', 'dataproc.nodeGroups.create', 'dataproc.nodeGroups.get', 'dataproc.nodeGroups.update', 'dataproc.operations.cancel', 'dataproc.operations.delete', 'dataproc.operations.get', 'dataproc.operations.list', 'dataproc.sessionTemplates.create', 'dataproc.sessionTemplates.delete', 'dataproc.sessionTemplates.get', 'dataproc.sessionTemplates.list', 'dataproc.sessionTemplates.update', 'dataproc.sessions.create', 'dataproc.sessions.delete', 'dataproc.sessions.get', 'dataproc.sessions.list', 'dataproc.sessions.sparkApplicationRead', 'dataproc.sessions.terminate', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'dataproc.workflowTemplates.instantiate', 'dataproc.workflowTemplates.instantiateInline', 'dataproc.workflowTemplates.list', 'dataproc.workflowTemplates.update', 'dataprocrm.nodePools.create', 'dataprocrm.nodePools.delete', 'dataprocrm.nodePools.deleteNodes', 'dataprocrm.nodePools.get', 'dataprocrm.nodePools.list', 'dataprocrm.nodePools.resize', 'dataprocrm.nodes.get', 'dataprocrm.nodes.heartbeat', 'dataprocrm.nodes.list', 'dataprocrm.nodes.update', 'dataprocrm.operations.get', 'dataprocrm.operations.list', 'dataprocrm.workloads.cancel', 'dataprocrm.workloads.create', 'dataprocrm.workloads.delete', 'dataprocrm.workloads.get', 'dataprocrm.workloads.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.list', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.list', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.list', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.list', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.list', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.list', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.list', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpfilters.get', 'networkservices.httpfilters.list', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicenetworking.services.get', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'spanner.databaseOperations.cancel', 'spanner.databaseOperations.get', 'spanner.databaseOperations.list', 'spanner.databases.beginOrRollbackReadWriteTransaction', 'spanner.databases.beginPartitionedDmlTransaction', 'spanner.databases.beginReadOnlyTransaction', 'spanner.databases.changequorum', 'spanner.databases.getDdl', 'spanner.databases.list', 'spanner.databases.partitionQuery', 'spanner.databases.partitionRead', 'spanner.databases.read', 'spanner.databases.select', 'spanner.databases.updateDdl', 'spanner.databases.updateTag', 'spanner.databases.write', 'spanner.instanceConfigs.get', 'spanner.instanceConfigs.list', 'spanner.instancePartitions.get', 'spanner.instancePartitions.list', 'spanner.instances.get', 'spanner.instances.list', 'spanner.instances.listEffectiveTags', 'spanner.instances.listTagBindings', 'spanner.sessions.create', 'spanner.sessions.delete', 'spanner.sessions.get', 'spanner.sessions.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions
GA
roles/datafusion.developer
Access Cloud Data Fusion Instances, develop and run pipelines.
Cloud Data Fusion Developer
['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.preview', 'datafusion.pipelines.update', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/datafusion.operator
Access Cloud Data Fusion Instances, operate namespaces and related resources.
Cloud Data Fusion Operator
['datafusion.artifacts.create', 'datafusion.artifacts.delete', 'datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.artifacts.update', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.namespaces.provisionCredential', 'datafusion.namespaces.readRepository', 'datafusion.namespaces.setServiceAccount', 'datafusion.namespaces.unsetServiceAccount', 'datafusion.namespaces.updateRepositoryMetadata', 'datafusion.namespaces.writeRepository', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelineConnections.use', 'datafusion.pipelines.create', 'datafusion.pipelines.delete', 'datafusion.pipelines.execute', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.pipelines.update', 'datafusion.profiles.create', 'datafusion.profiles.delete', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.profiles.update', 'datafusion.secureKeys.create', 'datafusion.secureKeys.delete', 'datafusion.secureKeys.getSecret', 'datafusion.secureKeys.list', 'datafusion.secureKeys.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/datafusion.runner
Access to Cloud Data Fusion runtime resources.
Cloud Data Fusion Runner
['datafusion.instances.runtime']
Copy Permissions
GA
roles/datafusion.viewer
Read-only access to Cloud Data Fusion Instances, Namespaces and related resources.
Cloud Data Fusion Viewer
['datafusion.artifacts.get', 'datafusion.artifacts.list', 'datafusion.instances.get', 'datafusion.instances.getIamPolicy', 'datafusion.instances.list', 'datafusion.instances.listEffectiveTags', 'datafusion.instances.listTagBindings', 'datafusion.locations.get', 'datafusion.locations.list', 'datafusion.operations.get', 'datafusion.operations.list', 'datafusion.pipelineConnections.get', 'datafusion.pipelineConnections.list', 'datafusion.pipelines.get', 'datafusion.pipelines.list', 'datafusion.profiles.get', 'datafusion.profiles.list', 'datafusion.secureKeys.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataflow.serviceAgent
Gives Cloud Dataflow service account access to managed resources. Includes access to service accounts.
Cloud Dataflow Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create', 'cloudnotifications.activities.list', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'dataflow.jobs.cancel', 'dataflow.jobs.create', 'dataflow.jobs.get', 'dataflow.jobs.list', 'dataflow.jobs.snapshot', 'dataflow.jobs.updateContents', 'dataflow.messages.list', 'dataflow.metrics.get', 'dataflow.snapshots.delete', 'dataflow.snapshots.get', 'dataflow.snapshots.list', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.projects.search', 'dns.networks.targetWithPeeringZone', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.buckets.create', 'logging.buckets.createTagBinding', 'logging.buckets.delete', 'logging.buckets.deleteTagBinding', 'logging.buckets.get', 'logging.buckets.list', 'logging.buckets.listEffectiveTags', 'logging.buckets.listTagBindings', 'logging.buckets.undelete', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.list', 'logging.exclusions.update', 'logging.links.create', 'logging.links.delete', 'logging.links.get', 'logging.links.list', 'logging.locations.get', 'logging.locations.list', 'logging.logEntries.create', 'logging.logEntries.route', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.list', 'logging.logMetrics.update', 'logging.logServiceIndexes.list', 'logging.logServices.list', 'logging.logs.list', 'logging.notificationRules.create', 'logging.notificationRules.delete', 'logging.notificationRules.get', 'logging.notificationRules.list', 'logging.notificationRules.update', 'logging.operations.cancel', 'logging.operations.get', 'logging.operations.list', 'logging.settings.get', 'logging.settings.update', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.list', 'logging.sinks.update', 'logging.sqlAlerts.create', 'logging.sqlAlerts.update', 'logging.views.create', 'logging.views.delete', 'logging.views.get', 'logging.views.getIamPolicy', 'logging.views.list', 'logging.views.update', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'observability.scopes.get', 'opsconfigmonitoring.resourceMetadata.list', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.dataflowDiagnosticsInsights.get', 'recommender.dataflowDiagnosticsInsights.list', 'recommender.dataflowDiagnosticsInsights.update', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions
GA
roles/dataplex.serviceAgent
Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.
Cloud Dataplex Service Agent
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.get', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.assets.getIamPolicy', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.projects.search', 'dataplex.zones.getIamPolicy', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.get', 'dataproc.operations.cancel', 'dataproc.operations.get', 'dataproc.operations.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'logging.logEntries.create', 'logging.logEntries.route', 'metastore.services.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions
GA
roles/datastore.backupSchedulesAdmin
Manage backup schedules in Cloud Datastore.
Cloud Datastore Backup Schedules Admin
['datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.databases.getMetadata', 'datastore.databases.list']
Copy Permissions
GA
roles/datastore.backupSchedulesViewer
Read access to backup schedules in Cloud Datastore.
Cloud Datastore Backup Schedules Viewer
['datastore.backupSchedules.get', 'datastore.backupSchedules.list']
Copy Permissions
GA
roles/datastore.backupsAdmin
Read/Write access to metadata about backups in Cloud Datastore but restore is not allowed.
Cloud Datastore Backups Admin
['datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list']
Copy Permissions
GA
roles/datastore.backupsViewer
Read access to metadata about backups in Cloud Datastore.
Cloud Datastore Backups Viewer
['datastore.backups.get', 'datastore.backups.list']
Copy Permissions
GA
roles/datastore.bulkAdmin
Full access to manage bulk operations.
Cloud Datastore Bulk Admin
['datastore.databases.bulkDelete', 'datastore.databases.getMetadata', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.importExportAdmin
Full access to manage imports and exports.
Cloud Datastore Import Export Admin
['appengine.applications.get', 'datastore.databases.export', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.operations.cancel', 'datastore.operations.get', 'datastore.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.indexAdmin
Full access to manage index definitions.
Cloud Datastore Index Admin
['appengine.applications.get', 'datastore.databases.getMetadata', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.keyVisualizerViewer
Full access to Key Visualizer scans.
Cloud Datastore Key Visualizer Viewer
['datastore.databases.getMetadata', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.owner
Full access to Cloud Datastore.
Cloud Datastore Owner
['appengine.applications.get', 'datastore.backupSchedules.create', 'datastore.backupSchedules.delete', 'datastore.backupSchedules.get', 'datastore.backupSchedules.list', 'datastore.backupSchedules.update', 'datastore.backups.delete', 'datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.bulkDelete', 'datastore.databases.create', 'datastore.databases.createTagBinding', 'datastore.databases.delete', 'datastore.databases.deleteTagBinding', 'datastore.databases.export', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.import', 'datastore.databases.list', 'datastore.databases.listEffectiveTags', 'datastore.databases.listTagBindings', 'datastore.databases.update', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.create', 'datastore.indexes.delete', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.indexes.update', 'datastore.keyVisualizerScans.get', 'datastore.keyVisualizerScans.list', 'datastore.locations.get', 'datastore.locations.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.operations.cancel', 'datastore.operations.delete', 'datastore.operations.get', 'datastore.operations.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.restoreAdmin
Restore into Cloud Datastore Databases from Cloud Datastore Backups.
Cloud Datastore Restore Admin
['datastore.backups.get', 'datastore.backups.list', 'datastore.backups.restoreDatabase', 'datastore.databases.create', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.operations.get', 'datastore.operations.list']
Copy Permissions
GA
roles/datastore.user
Provides read/write access to data in a Cloud Datastore database. Intended for application developers and service accounts.
Cloud Datastore User
['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.allocateIds', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/datastore.viewer
Read access to all Cloud Datastore resources.
Cloud Datastore Viewer
['appengine.applications.get', 'datastore.databases.get', 'datastore.databases.getMetadata', 'datastore.databases.list', 'datastore.entities.get', 'datastore.entities.list', 'datastore.indexes.get', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddebugger.agent
Cloud Debugger agents are allowed to register and provide debug snapshot data.
Cloud Debugger Agent
['clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create']
Copy Permissions
BETA
roles/clouddebugger.user
User Access to Cloud Debugger. Can create, delete and view snapshots and logpoints.
Cloud Debugger User
['clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list']
Copy Permissions
BETA
roles/clouddeploy.admin
Full control of Cloud Deploy resources.
Cloud Deploy Admin
['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.setIamPolicy', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.approver
Permission to approve or reject rollouts.
Cloud Deploy Approver
['clouddeploy.config.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.customTargetTypeAdmin
Permission to manage CustomTargetType resources
Cloud Deploy Custom Target Type Admin
['clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.developer
Permission to manage deployment configuration without permission to access operational resources, such as targets.
Cloud Deploy Developer
['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.operator
Permission to manage deployment configuration.
Cloud Deploy Operator
['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.policyAdmin
Permission to manage Deploy Policies.
Cloud Deploy Policy Admin
['clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/clouddeploy.policyOverrider
Permission to override Deploy Policies.
Cloud Deploy Policy Overrider
['clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/clouddeploy.releaser
Permission to create Cloud Deploy releases and rollouts.
Cloud Deploy Releaser
['clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.create', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploy.jobRunner
Permission to execute Cloud Deploy work without permission to deliver to a target.
Cloud Deploy Runner
['clouddeploy.config.get', 'logging.logEntries.create', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/clouddeploy.serviceAgent
Gives Cloud Deploy Service Account access to managed resources.
Cloud Deploy Service Agent
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.get']
Copy Permissions
GA
roles/clouddeploy.viewer
Can view Cloud Deploy resources.
Cloud Deploy Viewer
['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/clouddeploymentmanager.serviceAgent
Allows Deployment Manager service to actuate resources across DM projects and folders
Cloud Deployment Manager Service Agent
['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.update', 'appengine.applications.get', 'appengine.operations.get', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.update', 'bigquery.connections.get', 'bigquery.datasets.create', 'bigquery.datasets.delete', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.update', 'bigquery.jobs.create', 'bigquery.routines.create', 'bigquery.routines.get', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.setCategory', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.instances.create', 'bigtable.instances.delete', 'bigtable.instances.get', 'bigtable.instances.update', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.get', 'bigtable.tables.update', 'billing.resourceAssociations.create', 'billing.resourcebudgets.write', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.update', 'cloudfunctions.operations.get', 'cloudprivatecatalog.targets.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.update', 'cloudsql.backupRuns.create', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.get', 'cloudsql.instances.import', 'cloudsql.instances.restart', 'cloudsql.instances.update', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendBuckets.create', 'compute.backendBuckets.delete', 'compute.backendBuckets.get', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.create', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.get', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.setLabels', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.delete', 'compute.images.deprecate', 'compute.images.get', 'compute.images.setLabels', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.listTagBindings', 'compute.instances.resume', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateDisplayDevice', 'compute.instances.use', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.setLabels', 'compute.interconnects.use', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.use', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.packetMirrorings.create', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.get', 'compute.projects.get', 'compute.projects.setUsageExportBucket', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.get', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.use', 'compute.regions.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.use', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.update', 'compute.routers.use', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.securityPolicies.create', 'compute.securityPolicies.delete', 'compute.securityPolicies.get', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.get', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.delete', 'compute.sslCertificates.get', 'compute.sslPolicies.create', 'compute.sslPolicies.delete', 'compute.sslPolicies.get', 'compute.sslPolicies.use', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.mirror', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.delete', 'compute.targetInstances.get', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.delete', 'compute.targetPools.get', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.update', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.operations.get', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.update', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.update', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'datacatalog.taxonomies.get', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.nodeGroups.create', 'dataproc.operations.get', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.update', 'deploymentmanager.operations.get', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.update', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.policies.delete', 'dns.policies.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'file.instances.create', 'file.instances.delete', 'file.instances.get', 'file.instances.update', 'file.operations.get', 'firebase.projects.get', 'firebase.projects.update', 'firebaseanalytics.resources.googleAnalyticsEdit', 'iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.update', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'iam.serviceAccounts.update', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.update', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'logging.notificationRules.create', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.update', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.update', 'networksecurity.serverTlsPolicies.use', 'pubsub.schemas.attach', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.publish', 'pubsub.topics.update', 'redis.instances.create', 'redis.instances.delete', 'redis.instances.get', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.operations.get', 'resourcemanager.folders.create', 'resourcemanager.folders.delete', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.update', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.create', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.delete', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.update', 'resourcemanager.projects.updateLiens', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicemanagement.services.bind', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.create', 'spanner.databaseOperations.get', 'spanner.databases.create', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.updateDdl', 'spanner.instanceOperations.get', 'spanner.instances.create', 'spanner.instances.delete', 'spanner.instances.get', 'spanner.instances.update', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.update', 'storage.hmacKeys.create', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.operations.get', 'workflows.operations.get', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get']
Copy Permissions
GA
roles/recommender.cloudDeprecationRecommendationAdmin
Admin of Cloud Deprecation General Recommender Insights and Recommendations.
Cloud Deprecation General Recommender Admin
['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralInsights.update', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.cloudDeprecationGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudDeprecationRecommendationViewer
Viewer of Cloud Deprecation General Recommender Insights and Recommendations.
Cloud Deprecation General Recommender Viewer
['recommender.cloudDeprecationGeneralInsights.get', 'recommender.cloudDeprecationGeneralInsights.list', 'recommender.cloudDeprecationGeneralRecommendations.get', 'recommender.cloudDeprecationGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/dns.serviceAgent
Gives Cloud DNS Service Agent access to Cloud Platform resources.
Cloud DNS Service Agent
['compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalOperations.get', 'compute.healthChecks.get']
Copy Permissions
GA
roles/domains.admin
Full access to Cloud Domains Registrations and related resources.
Cloud Domains Admin
['domains.locations.get', 'domains.locations.list', 'domains.operations.cancel', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.configureContact', 'domains.registrations.configureDns', 'domains.registrations.configureManagement', 'domains.registrations.create', 'domains.registrations.createTagBinding', 'domains.registrations.delete', 'domains.registrations.deleteTagBinding', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'domains.registrations.setIamPolicy', 'domains.registrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/domains.viewer
Read-only access to Cloud Domains Registrations and related resources.
Cloud Domains Viewer
['domains.locations.get', 'domains.locations.list', 'domains.operations.get', 'domains.operations.list', 'domains.registrations.get', 'domains.registrations.getIamPolicy', 'domains.registrations.list', 'domains.registrations.listEffectiveTags', 'domains.registrations.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/endpoints.serviceAgent
Gives the Cloud Endpoints service account access to Endpoints services and the ability to act as a service controller.
Cloud Endpoints Service Agent
['servicemanagement.services.check', 'servicemanagement.services.get', 'servicemanagement.services.quota', 'servicemanagement.services.report']
Copy Permissions
GA
roles/file.editor
Read-write access to Filestore instances and related resources.
Cloud Filestore Editor
['file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update']
Copy Permissions
BETA
roles/file.serviceAgent
Gives Cloud Filestore service account access to managed resources.
Cloud Filestore Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.routes.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/file.viewer
Read-only access to Filestore instances and related resources.
Cloud Filestore Viewer
['file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.locations.get', 'file.locations.list', 'file.operations.get', 'file.operations.list', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings']
Copy Permissions
BETA
roles/firewallinsights.serviceAgent
Gives Cloud Firewall Insights service agent permissions to retrieve Firewall, VM and route resources on user behalf.
Cloud Firewall Insights Service Agent
['compute.backendServices.list', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.forwardingRules.list', 'compute.healthChecks.list', 'compute.httpHealthChecks.list', 'compute.httpsHealthChecks.list', 'compute.instanceGroups.list', 'compute.instances.get', 'compute.instances.list', 'compute.networks.getEffectiveFirewalls', 'compute.networks.list', 'compute.projects.get', 'compute.regionTargetTcpProxies.list', 'compute.routers.list', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.list', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.list', 'compute.targetPools.list', 'compute.targetSslProxies.list', 'compute.targetTcpProxies.list', 'compute.targetVpnGateways.list', 'compute.urlMaps.list', 'compute.vpnGateways.list', 'compute.vpnTunnels.list']
Copy Permissions
GA
roles/cloudfunctions.admin
Full access to functions, operations and locations.
Cloud Functions Admin
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/cloudfunctions.developer
Read and write access to all functions-related resources.
Cloud Functions Developer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/cloudfunctions.invoker
Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead.
Cloud Functions Invoker
['cloudfunctions.functions.invoke']
Copy Permissions
GA
roles/cloudfunctions.serviceAgent
Gives Cloud Functions service account access to managed resources.
Cloud Functions Service Agent
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'compute.globalOperations.get', 'compute.networks.access', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebasedatabase.instances.get', 'firebasedatabase.instances.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions
GA
roles/cloudfunctions.viewer
Read-only access to functions and locations.
Cloud Functions Viewer
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/ids.admin
Full access to Cloud IDS all resources.
Cloud IDS Admin
['ids.endpoints.create', 'ids.endpoints.delete', 'ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.endpoints.setIamPolicy', 'ids.endpoints.update', 'ids.locations.get', 'ids.locations.list', 'ids.operations.cancel', 'ids.operations.delete', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/ids.viewer
Read-only access to Cloud IDS all resources.
Cloud IDS Viewer
['ids.endpoints.get', 'ids.endpoints.getIamPolicy', 'ids.endpoints.list', 'ids.locations.get', 'ids.locations.list', 'ids.operations.get', 'ids.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/config.admin
Full access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Admin
['config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.deleteState', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.list', 'config.deployments.lock', 'config.deployments.setIamPolicy', 'config.deployments.unlock', 'config.deployments.update', 'config.deployments.updateState', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.export', 'config.previews.get', 'config.previews.list', 'config.previews.upload', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.getState', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/config.agent
Required permissions to make Cloud Infrastructure Manager work with the user-specified service account
Cloud Infrastructure Manager Agent
['cloudbuild.connections.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.list', 'cloudquotas.quotas.get', 'config.artifacts.import', 'config.deployments.deleteState', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.updateState', 'config.previews.upload', 'config.revisions.getState', 'logging.logEntries.create', 'monitoring.timeSeries.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
BETA
roles/config.viewer
Read-only access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Viewer
['config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.get', 'config.locations.list', 'config.operations.get', 'config.operations.list', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudiot.admin
Full control of all Cloud IoT resources and permissions.
Cloud IoT Admin
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.getIamPolicy', 'cloudiot.registries.list', 'cloudiot.registries.setIamPolicy', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions
GA
roles/cloudiot.serviceAgent
Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs.
Cloud IoT Core Service Agent
['logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish']
Copy Permissions
GA
roles/cloudiot.deviceController
Access to update the device configuration, but not to create or delete devices.
Cloud IoT Device Controller
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudiot.editor
Read-write access to all Cloud IoT resources.
Cloud IoT Editor
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update']
Copy Permissions
GA
roles/cloudiot.provisioner
Access to create and delete devices from registries, but not to modify the registries, and enable devices to publish to topics associated with IoT registry.
Cloud IoT Provisioner
['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudiot.viewer
Read-only access to all Cloud IoT resources.
Cloud IoT Viewer
['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get']
Copy Permissions
GA
roles/cloudkms.admin
Enables management of crypto resources.
Cloud KMS Admin
['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.destroy', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.restore', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.locations.optOutKeyDeletionMsa', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.autokeyAdmin
Enables management of AutokeyConfig.
Cloud KMS Autokey Admin
['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.projects.showEffectiveAutokeyConfig']
Copy Permissions
GA
roles/cloudkms.autokeyUser
Grants ability to use KeyHandle resources.
Cloud KMS Autokey User
['cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig']
Copy Permissions
GA
roles/cloudkms.cryptoOperator
Enables all Crypto Operations.
Cloud KMS Crypto Operator
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.cryptoKeyDecrypter
Enables Decrypt operations
Cloud KMS CryptoKey Decrypter
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.cryptoKeyDecrypterViaDelegation
Enables Decrypt operations via other GCP services
Cloud KMS CryptoKey Decrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.cryptoKeyEncrypter
Enables Encrypt operations
Cloud KMS CryptoKey Encrypter
['cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.cryptoKeyEncrypterViaDelegation
Enables Encrypt operations via other GCP services
Cloud KMS CryptoKey Encrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.cryptoKeyEncrypterDecrypter
Enables Encrypt and Decrypt operations
Cloud KMS CryptoKey Encrypter/Decrypter
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation
Enables Encrypt and Decrypt operations via other GCP services
Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation
['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.publicKeyViewer
Enables GetPublicKey operations
Cloud KMS CryptoKey Public Key Viewer
['cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.signer
Enables Sign operations
Cloud KMS CryptoKey Signer
['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.signerVerifier
Enables Sign, Verify, and GetPublicKey operations
Cloud KMS CryptoKey Signer/Verifier
['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.verifier
Enables Verify and GetPublicKey operations
Cloud KMS CryptoKey Verifier
['cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkms.ekmConnectionsAdmin
Enables management of EkmConnections.
Cloud KMS EkmConnections Admin
['cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.verifyConnectivity', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.expertRawAesCbc
Enables raw AES-CBC keys management.
Cloud KMS Expert Raw AES-CBC Key Manager
['cloudkms.cryptoKeyVersions.manageRawAesCbcKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.expertRawAesCtr
Enables raw AES-CTR keys management.
Cloud KMS Expert Raw AES-CTR Key Manager
['cloudkms.cryptoKeyVersions.manageRawAesCtrKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.expertRawPKCS1
Enables raw PKCS#1 keys management.
Cloud KMS Expert Raw PKCS#1 Key Manager
['cloudkms.cryptoKeyVersions.manageRawPKCS1Keys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudkms.importer
Enables ImportCryptoKeyVersion, CreateImportJob, ListImportJobs, and GetImportJob operations
Cloud KMS Importer
['cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.importJobs.useToImport', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/cloudkmskacls.serviceAgent
Grants Cloud KMS KACLS Service Agent access to KMS resource permissions to perform DEK encryption/decryption.
Cloud KMS KACLS Service Agent
['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeys.get']
Copy Permissions
GA
roles/cloudkms.orgServiceAgent
Gives Cloud KMS organization-level service account access to managed resources.
Cloud KMS Organization Service Agent
['cloudasset.assets.searchAllResources']
Copy Permissions
GA
roles/cloudkms.protectedResourcesViewer
Enables viewing protected resources.
Cloud KMS Protected Resources Viewer
['cloudkms.protectedResources.search']
Copy Permissions
GA
roles/cloudkms.serviceAgent
Gives Cloud KMS service account access to managed resources.
Cloud KMS Service Agent
['cloudasset.assets.listCloudkmsCryptoKeys']
Copy Permissions
GA
roles/cloudkms.viewer
Enables Get and List operations.
Cloud KMS Viewer
['cloudkms.autokeyConfigs.get', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.get', 'cloudkms.keyRings.list', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/lifesciences.admin
Full control of Cloud Life Sciences resources.
Cloud Life Sciences Admin
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions
BETA
roles/lifesciences.editor
Access to read and edit Cloud Life Sciences resources.
Cloud Life Sciences Editor
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions
BETA
roles/lifesciences.serviceAgent
Gives Cloud Life Sciences Service Account access to compute resources. Includes access to service accounts.
Cloud Life Sciences Service Agent
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.get', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.use', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscGet', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.get', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.get', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.get', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listTagBindings', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.serviceAttachments.get', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.urlMaps.get', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/lifesciences.viewer
Access to read Cloud Life Sciences resources.
Cloud Life Sciences Viewer
['lifesciences.operations.get', 'lifesciences.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/lifesciences.workflowsRunner
Full access to operate on Cloud Life Sciences workflows.
Cloud Life Sciences Workflows Runner
['lifesciences.operations.cancel', 'lifesciences.operations.get', 'lifesciences.operations.list', 'lifesciences.workflows.run']
Copy Permissions
BETA
roles/logging.serviceAgent
Grants a Cloud Logging Service Account the ability to create and link datasets.
Cloud Logging Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.datasets.link']
Copy Permissions
GA
roles/recommender.cloudManageabilityRecommendationAdmin
Admin of Cloud Manageability General Recommendations Insights and Recommendations.
Cloud Manageability General Recommendations Recommender Admin
['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralInsights.update', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.cloudManageabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudManageabilityRecommendationViewer
Viewer of Cloud Manageability General Recommendations Insights and Recommendations.
Cloud Manageability General Recommendations Recommender Viewer
['recommender.cloudManageabilityGeneralInsights.get', 'recommender.cloudManageabilityGeneralInsights.list', 'recommender.cloudManageabilityGeneralRecommendations.get', 'recommender.cloudManageabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/managedidentities.serviceAgent
Gives Managed Identities service account access to managed resources.
Cloud Managed Identities Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.list', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/memcache.admin
Full access to Memcached instances and related resources.
Cloud Memorystore Memcached Admin
['compute.networks.list', 'memcache.instances.applyParameters', 'memcache.instances.applySoftwareUpdate', 'memcache.instances.create', 'memcache.instances.delete', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.rescheduleMaintenance', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.instances.upgrade', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/memcache.editor
Read-Write access to Memcached instances and related resources.
Cloud Memorystore Memcached Editor
['memcache.instances.applyParameters', 'memcache.instances.get', 'memcache.instances.list', 'memcache.instances.update', 'memcache.instances.updateParameters', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.cancel', 'memcache.operations.delete', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/memcache.serviceAgent
Gives Cloud Memorystore Memcached service account access to managed resource
Cloud Memorystore Memcached Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/memcache.viewer
Read-only access to Memcached instances and related resources.
Cloud Memorystore Memcached Viewer
['memcache.instances.get', 'memcache.instances.list', 'memcache.locations.get', 'memcache.locations.list', 'memcache.operations.get', 'memcache.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/redis.admin
Full access to Redis instances and related resources.
Cloud Memorystore Redis Admin
['compute.networks.list', 'networkconnectivity.serviceConnectionPolicies.list', 'redis.clusters.connect', 'redis.clusters.create', 'redis.clusters.delete', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.create', 'redis.instances.createTagBinding', 'redis.instances.delete', 'redis.instances.deleteTagBinding', 'redis.instances.export', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.getAuthString', 'redis.instances.import', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.instances.rescheduleMaintenance', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.instances.upgrade', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/redis.dbConnectionUser
Access to connecting to Redis Server db.
Cloud Memorystore Redis Db Connection User
['redis.clusters.connect']
Copy Permissions
BETA
roles/redis.editor
Read-Write access to Redis instances and related resources.
Cloud Memorystore Redis Editor
['compute.networks.list', 'redis.clusters.get', 'redis.clusters.list', 'redis.clusters.update', 'redis.instances.failover', 'redis.instances.get', 'redis.instances.list', 'redis.instances.update', 'redis.locations.get', 'redis.locations.list', 'redis.operations.cancel', 'redis.operations.delete', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/redis.serviceAgent
Gives Cloud Memorystore Redis service account access to managed resource
Cloud Memorystore Redis Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.update', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/redis.viewer
Read-only access to Redis instances and related resources.
Cloud Memorystore Redis Viewer
['redis.clusters.get', 'redis.clusters.list', 'redis.instances.get', 'redis.instances.list', 'redis.instances.listEffectiveTags', 'redis.instances.listTagBindings', 'redis.locations.get', 'redis.locations.list', 'redis.operations.get', 'redis.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use']
Copy Permissions
GA
roles/memorystore.serviceAgent
Gives Cloud Memorystore service account access to managed resource
Cloud Memorystore Service Agent
['compute.globalOperations.get', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.projects.get', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.get', 'compute.subnetworks.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudoptimization.admin
Administrator of Cloud Optimization AI resources
Cloud Optimization AI Admin
['cloudoptimization.operations.create', 'cloudoptimization.operations.get']
Copy Permissions
GA
roles/cloudoptimization.editor
Editor of Cloud Optimization AI resources
Cloud Optimization AI Editor
['cloudoptimization.operations.create', 'cloudoptimization.operations.get']
Copy Permissions
GA
roles/cloudoptimization.viewer
Viewer of Cloud Optimization AI resources
Cloud Optimization AI Viewer
['cloudoptimization.operations.get']
Copy Permissions
GA
roles/cloudoptimization.serviceAgent
Grants Cloud Optimization Service Account access to read and write data in the user project.
Cloud Optimization Service Agent
['storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/osconfig.serviceAgent
Grants OS Config Service Account access to Google Compute Engine instances.
Cloud OS Config Service Agent
['cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listPatchDeployments', 'compute.globalOperations.get', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.list', 'compute.instances.setMetadata', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.zones.get', 'compute.zones.list', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'iam.serviceAccounts.actAs', 'osconfig.projectFeatureSettings.get', 'osconfig.projectFeatureSettings.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/recommender.cloudPerformanceRecommendationAdmin
Admin of Cloud Performance General Recommendations Insights and Recommendations.
Cloud Performance General Recommendations Recommender Admin
['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralInsights.update', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.cloudPerformanceGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudPerformanceRecommendationViewer
Viewer of Cloud Performance General Recommendations Insights and Recommendations.
Cloud Performance General Recommendations Recommender Viewer
['recommender.cloudPerformanceGeneralInsights.get', 'recommender.cloudPerformanceGeneralInsights.list', 'recommender.cloudPerformanceGeneralRecommendations.get', 'recommender.cloudPerformanceGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudprofiler.agent
Cloud Profiler agents are allowed to register and provide the profiling data.
Cloud Profiler Agent
['cloudprofiler.profiles.create', 'cloudprofiler.profiles.update']
Copy Permissions
GA
roles/cloudprofiler.user
Cloud Profiler users are allowed to query and view the profiling data.
Cloud Profiler User
['cloudprofiler.profiles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list']
Copy Permissions
GA
roles/pubsub.serviceAgent
Grants Cloud Pub/Sub Service Account access to manage resources.
Cloud Pub/Sub Service Agent
['iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.implicitDelegation', 'iam.serviceAccounts.list', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/cloudquotas.admin
Full access to Cloud Quotas resources.
Cloud Quotas Admin
['cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/cloudquotas.viewer
Readonly access to Cloud Quotas resources.
Cloud Quotas Viewer
['cloudquotas.quotas.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudReliabilityRecommendationAdmin
Admin of Cloud Reliability General Recommendations Insights and Recommendations.
Cloud Reliability General Recommendations Recommender Admin
['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralInsights.update', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.cloudReliabilityGeneralRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/recommender.cloudReliabilityRecommendationViewer
Viewer of Cloud Reliability General Recommendations Insights and Recommendations.
Cloud Reliability General Recommendations Recommender Viewer
['recommender.cloudReliabilityGeneralInsights.get', 'recommender.cloudReliabilityGeneralInsights.list', 'recommender.cloudReliabilityGeneralRecommendations.get', 'recommender.cloudReliabilityGeneralRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/run.admin
Full control over all Cloud Run resources.
Cloud Run Admin
['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list']
Copy Permissions
GA
roles/run.builder
Can build Cloud Run functions and source deployed services.
Cloud Run Builder
['artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'logging.logEntries.create', 'source.repos.get', 'storage.objects.get']
Copy Permissions
BETA
roles/run.developer
Read and write access to all Cloud Run resources.
Cloud Run Developer
['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list']
Copy Permissions
GA
roles/run.invoker
Can invoke Cloud Run services and execute Cloud Run jobs.
Cloud Run Invoker
['run.jobs.run', 'run.routes.invoke']
Copy Permissions
GA
roles/serverless.serviceAgent
Gives Cloud Run service account access to managed resources.
Cloud Run Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions
GA
roles/run.serviceAgent
Gives Cloud Run service account access to managed resources.
Cloud Run Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'networkservices.meshes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use']
Copy Permissions
GA
roles/run.sourceDeveloper
Deploy and manage Cloud Run source deployed resources.
Cloud Run Source Developer
['artifactregistry.repositories.create', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'ev