| roles/appengine.codeViewer |
Ability to view App Engine app status and deployed source code. |
App Engine Code Viewer |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.getFileContents', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.deployer |
Necessary permissions to deploy new code to App Engine, and remove old versions. |
App Engine Deployer |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.debugger |
Ability to read or manage v2 instances. |
App Engine Managed VM Debug Access |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.appViewer |
Ability to view App Engine app status. |
App Engine Viewer |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.get', 'appengine.services.list', 'appengine.versions.get', 'appengine.versions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.memcacheDataAdmin |
Can get, set, delete, and flush App Engine Memcache items. |
App Engine Memcache Data Admin |
['appengine.applications.get', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.serviceAdmin |
Can view and change traffic splits, scaling settings, and delete old versions; can't create new versions. |
App Engine Service Admin |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.instances.delete', 'appengine.instances.get', 'appengine.instances.list', 'appengine.operations.get', 'appengine.operations.list', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.appAdmin |
Full management of App Engine apps (but not storage). |
App Engine Admin |
['appengine.applications.get', 'appengine.applications.listRuntimes', 'appengine.applications.update', 'appengine.instances.delete', 'appengine.instances.enableDebug', 'appengine.instances.get', 'appengine.instances.list', 'appengine.memcache.addKey', 'appengine.memcache.flush', 'appengine.memcache.get', 'appengine.memcache.update', 'appengine.operations.get', 'appengine.operations.list', 'appengine.runtimes.actAsAdmin', 'appengine.services.delete', 'appengine.services.get', 'appengine.services.list', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengine.serviceAgent |
Give App Engine Standard Enviroment service account access to managed resources. Includes access to service accounts. |
App Engine Standard Environment Service Agent |
['appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'appengine.versions.update', 'artifactregistry.aptartifacts.create', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'datastore.databases.get', 'datastore.entities.create', 'datastore.entities.delete', 'datastore.entities.get', 'datastore.entities.list', 'datastore.entities.update', 'datastore.indexes.list', 'datastore.namespaces.get', 'datastore.namespaces.list', 'datastore.statistics.get', 'datastore.statistics.list', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'serviceusage.services.enable', 'serviceusage.services.get', 'storage.buckets.create', 'storage.buckets.get'] |
|
GA |
| roles/appengine.appCreator |
Ability to create the App Engine resource for the project. |
App Engine Creator |
['appengine.applications.create', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/appengineflex.serviceAgent |
Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts. |
App Engine flexible environment Service Agent |
['billing.accounts.get', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.create', 'compute.addresses.delete', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.use', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.create', 'compute.disks.list', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.globalAddresses.create', 'compute.globalAddresses.delete', 'compute.globalAddresses.get', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getGuestAttributes', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.use', 'compute.machineTypes.get', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.list', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionOperations.get', 'compute.regions.get', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.routes.list', 'compute.subnetworks.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.list', 'deploymentmanager.deployments.update', 'deploymentmanager.manifests.get', 'deploymentmanager.manifests.list', 'deploymentmanager.operations.get', 'deploymentmanager.operations.list', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.signBlob', 'iam.serviceAccounts.signJwt', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.setIamPolicy', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list'] |
|
GA |