Roles Data

Name Description Title Included Permissions Copy Stage
roles/cloudcontrolspartner.monitoringReader Readonly access to Cloud Controls Partner monitoring resources. Cloud Controls Partner Monitoring Reader ['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudsupport.techSupportViewer Read-only access to technical support cases (applicable for GCP Customer Care and Maps support). Tech Support Viewer ['cloudsupport.properties.get', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudjobdiscovery.jobsEditor Write access to all job data in Cloud Talent Solution. Cloud Talent Solution Job Editor ['cloudjobdiscovery.companies.create', 'cloudjobdiscovery.companies.delete', 'cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.companies.update', 'cloudjobdiscovery.events.create', 'cloudjobdiscovery.jobs.create', 'cloudjobdiscovery.jobs.delete', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.jobs.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudconfig.viewer Read access to Firebase Remote Config resources. Firebase Remote Config Viewer ['cloudconfig.configs.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudfunctions.serviceAgent Gives Cloud Functions service account access to managed resources. Cloud Functions Service Agent ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'compute.globalOperations.get', 'compute.networks.access', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebasedatabase.instances.get', 'firebasedatabase.instances.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/cloudcontrolspartner.monitoringServiceAgent Gives Cloud Controls Partner monitoring service agent permission to view and list Assured Workload violations. The role is assigned to enable partner monitoring capability. Cloud Controls Partner Monitoring Service Agent ['assuredworkloads.violations.get', 'assuredworkloads.violations.list'] GA
roles/cloudkms.autokeyUser Grants ability to use KeyHandle resources. Cloud KMS Autokey User ['cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig'] GA
roles/cloudiot.editor Read-write access to all Cloud IoT resources. Cloud IoT Editor ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update'] GA
roles/cloudiot.serviceAgent Grants the ability to manage Cloud IoT Core resources, including publishing data to Cloud Pub/Sub and writing device activity logs to Stackdriver. Warning: If this role is removed from the Cloud IoT service account, Cloud IoT Core will be unable to publish data or write device activity logs. Cloud IoT Core Service Agent ['logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish'] GA
roles/cloudkms.cryptoKeyDecrypter Enables Decrypt operations Cloud KMS CryptoKey Decrypter ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudasset.effectivePolicyServiceAgent Give effective policy service account access to search all resources and IAM policies. Effective Policies Service Agent ['cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources'] GA
roles/cloudprivatecatalog.consumer Can browse catalogs in the target resource context. Catalog Consumer ['cloudprivatecatalog.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudsecurityscanner.runner Read access to Scan and ScanRun, plus the ability to start scans Web Security Scanner Runner ['cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run'] GA
roles/cloudbuild.integrationsOwner Can create/delete Integrations Cloud Build Integrations Owner ['cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'compute.firewalls.create', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regions.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudfunctions.invoker Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead. Cloud Functions Invoker ['cloudfunctions.functions.invoke'] GA
roles/cloudsql.admin Full control of Cloud SQL resources. Cloud SQL Admin ['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.delete', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.clone', 'cloudsql.instances.connect', 'cloudsql.instances.create', 'cloudsql.instances.createTagBinding', 'cloudsql.instances.delete', 'cloudsql.instances.deleteTagBinding', 'cloudsql.instances.demoteMaster', 'cloudsql.instances.executeSql', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.import', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.login', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.promoteReplica', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.resetSslConfig', 'cloudsql.instances.restart', 'cloudsql.instances.restoreBackup', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.startReplica', 'cloudsql.instances.stopReplica', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudsql.users.get', 'cloudsql.users.list', 'cloudsql.users.update', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceSecurityInsights.get', 'recommender.cloudsqlInstanceSecurityInsights.list', 'recommender.cloudsqlInstanceSecurityInsights.update', 'recommender.cloudsqlInstanceSecurityRecommendations.get', 'recommender.cloudsqlInstanceSecurityRecommendations.list', 'recommender.cloudsqlInstanceSecurityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/clouddeploy.viewer Can view Cloud Deploy resources. Cloud Deploy Viewer ['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.builds.editor Can create and cancel builds Cloud Build Editor ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudprofiler.agent Cloud Profiler agents are allowed to register and provide the profiling data. Cloud Profiler Agent ['cloudprofiler.profiles.create', 'cloudprofiler.profiles.update'] GA
roles/cloudkmskacls.serviceAgent Grants Cloud KMS KACLS Service Agent access to KMS resource permissions to perform DEK encryption/decryption. Cloud KMS KACLS Service Agent ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeys.get'] GA
roles/cloudkms.cryptoKeyEncrypterDecrypter Enables Encrypt and Decrypt operations Cloud KMS CryptoKey Encrypter/Decrypter ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudscheduler.viewer Get and list access to jobs, executions, and locations. Cloud Scheduler Viewer ['appengine.applications.get', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.admin Full access to functions, operations and locations. Cloud Functions Admin ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudtasks.enqueuer Access to create tasks. Cloud Tasks Enqueuer ['cloudtasks.tasks.create', 'cloudtasks.tasks.fullView', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudtranslate.editor Editor of all Cloud Translation resources Cloud Translation API Editor ['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.protectedResourcesViewer Enables viewing protected resources. Cloud KMS Protected Resources Viewer ['cloudkms.protectedResources.search'] GA
roles/cloudtestservice.testViewer Read access to Test Lab features Firebase Test Lab Viewer ['cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.get', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.get', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list'] GA
roles/cloudkms.expertRawAesCtr Enables raw AES-CTR keys management. Cloud KMS Expert Raw AES-CTR Key Manager ['cloudkms.cryptoKeyVersions.manageRawAesCtrKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.operator Permission to manage deployment configuration. Cloud Deploy Operator ['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudcontrolspartner.inspectabilityReader Readonly access to Cloud Controls Partner inspectability resources. Cloud Controls Partner Inspectability Reader ['cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.platformcontrols.get'] GA
roles/cloudscheduler.jobRunner Access to run jobs. Cloud Scheduler Job Runner ['appengine.applications.get', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.run', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloud.locationReader Read and enumerate locations available for resource creation. Location reader ['cloud.locations.get', 'cloud.locations.list'] BETA
roles/cloudconfig.serviceAgent Gives Infrastructure Manager service agent access to managed resources Infrastructure Manager Service Agent ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'logging.logEntries.route', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/cloudkms.expertRawAesCbc Enables raw AES-CBC keys management. Cloud KMS Expert Raw AES-CBC Key Manager ['cloudkms.cryptoKeyVersions.manageRawAesCbcKeys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddebugger.user User Access to Cloud Debugger. Can create, delete and view snapshots and logpoints. Cloud Debugger User ['clouddebugger.breakpoints.create', 'clouddebugger.breakpoints.delete', 'clouddebugger.breakpoints.get', 'clouddebugger.breakpoints.list', 'clouddebugger.debuggees.list'] BETA
roles/cloudsql.studioUser Role allowing access to Cloud SQL Studio Cloud SQL Studio User ['cloudsql.databases.list', 'cloudsql.instances.executeSql', 'cloudsql.instances.get', 'cloudsql.instances.login', 'cloudsql.users.list'] GA
roles/cloudbuild.builds.approver Can approve or reject pending builds. Cloud Build Approver ['cloudbuild.builds.approve', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtasks.serviceAgent Grants Cloud Tasks Service Account access to manage resources. Cloud Tasks Service Agent ['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create'] GA
roles/cloudsupport.admin Allows management of a support account without giving access to support cases. Support Account Administrator ['cloudsupport.accounts.create', 'cloudsupport.accounts.delete', 'cloudsupport.accounts.get', 'cloudsupport.accounts.getIamPolicy', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.accounts.purchase', 'cloudsupport.accounts.setIamPolicy', 'cloudsupport.accounts.update', 'cloudsupport.accounts.updateUserRoles', 'cloudsupport.operations.get', 'cloudsupport.properties.get', 'resourcemanager.organizations.get'] GA
roles/cloudkms.orgServiceAgent Gives Cloud KMS organization-level service account access to managed resources. Cloud KMS Organization Service Agent ['cloudasset.assets.searchAllResources'] GA
roles/cloudtestservice.directAccessAdmin Administrator owning access to Direct Access Firebase Test Lab Direct Access Admin ['cloudtestservice.devicesession.cancel', 'cloudtestservice.devicesession.create', 'cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'cloudtestservice.devicesession.update', 'cloudtestservice.devicesession.use', 'cloudtestservice.environmentcatalog.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudprivatecatalogproducer.admin Can manage catalog and view its associations. Catalog Admin ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudkms.signer Enables Sign operations Cloud KMS CryptoKey Signer ['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudcontrolspartner.supportCaseServiceAgent Gives the Partner Console service account access to support cases for workloads associated with a partner. Cloud Controls Partner Support Case Service Agent ['cloudsupport.techCases.get'] GA
roles/cloudsql.instanceUser Role allowing access to a Cloud SQL instance Cloud SQL Instance User ['cloudsql.instances.get', 'cloudsql.instances.login'] GA
roles/cloudtasks.taskDeleter Access to delete tasks. Cloud Tasks Task Deleter ['cloudtasks.tasks.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudaicompanion.codeRepositoryIndexesAdmin Grants full access to Code Repository Indexes resources. Code Repository Indexes Admin ['cloudaicompanion.codeRepositoryIndexes.create', 'cloudaicompanion.codeRepositoryIndexes.delete', 'cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.codeRepositoryIndexes.update', 'cloudaicompanion.operations.cancel', 'cloudaicompanion.operations.delete', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.create', 'cloudaicompanion.repositoryGroups.delete', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudaicompanion.repositoryGroups.setIamPolicy', 'cloudaicompanion.repositoryGroups.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudasset.serviceAgent Gives Cloud Asset service agent permissions to Cloud Storage and BigQuery for exporting Assets, and permission to publish to Cloud Pub/Sub topics for Asset Real Time Feed. Cloud Asset Service Agent ['bigquery.datasets.get', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'pubsub.topics.publish', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get'] GA
roles/cloudasset.otherCloudConfigServiceAgent Service Agent used by other-cloud config to collect assets data from other-cloud. Other Cloud Config Service Agent ALPHA
roles/cloudmigration.velostrataconnect Ability to set up connection between Velostrata Manager and Google Velostrata Manager Connection Agent ['cloudmigration.velostrataendpoints.connect', 'gkehub.endpoints.connect'] BETA
roles/cloudtrace.agent Agent access to Cloud Trace. Can write trace data. Cloud Trace Agent ['cloudtrace.traces.patch'] GA
roles/clouddeploy.approver Permission to approve or reject rollouts. Cloud Deploy Approver ['clouddeploy.config.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudasset.owner Full access to cloud assets metadata Cloud Asset Owner ['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.feeds.create', 'cloudasset.feeds.delete', 'cloudasset.feeds.get', 'cloudasset.feeds.list', 'cloudasset.feeds.update', 'cloudasset.savedqueries.create', 'cloudasset.savedqueries.delete', 'cloudasset.savedqueries.get', 'cloudasset.savedqueries.list', 'cloudasset.savedqueries.update', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.cloudAssetInsights.update', 'recommender.locations.get', 'recommender.locations.list'] GA
roles/clouddeploy.policyAdmin Permission to manage Deploy Policies. Cloud Deploy Policy Admin ['clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudmigration.inframanager Ability to create and manage Compute VMs to run Velostrata Infrastructure Velostrata Manager ['cloudmigration.velostrataendpoints.connect', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.list', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.globalOperations.get', 'compute.images.get', 'compute.images.list', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getSerialPortOutput', 'compute.instances.list', 'compute.instances.reset', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setScheduling', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.update', 'compute.instances.updateNetworkInterface', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.use', 'compute.licenseCodes.get', 'compute.licenseCodes.list', 'compute.licenseCodes.update', 'compute.licenses.get', 'compute.licenses.list', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.get', 'compute.networks.list', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.list', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.get', 'compute.zones.list', 'gkehub.endpoints.connect', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update'] BETA
roles/cloudtasks.queueAdmin Admin access to queues. Cloud Tasks Queue Admin ['cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudbuild.builds.viewer Can view builds Cloud Build Viewer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.workerPoolUser Can run builds in the WorkerPool Cloud Build WorkerPool User ['cloudbuild.workerpools.use'] GA
roles/cloudsupport.techSupportEditor Full read-write access to technical support cases (applicable for GCP Customer Care and Maps support). Tech Support Editor ['billing.resourceAssociations.list', 'cloudasset.assets.searchAllResources', 'cloudsupport.properties.get', 'cloudsupport.techCases.create', 'cloudsupport.techCases.escalate', 'cloudsupport.techCases.get', 'cloudsupport.techCases.list', 'cloudsupport.techCases.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudjobdiscovery.admin Access to Cloud Talent Solution Self-Service Tools. Cloud Talent Solution Admin ['cloudjobdiscovery.tools.access', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation Enables Encrypt and Decrypt operations via other GCP services Cloud KMS CryptoKey Encrypter/Decrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtasks.viewer Get and list access to tasks, queues, and locations. Cloud Tasks Viewer ['cloudtasks.cmekConfig.get', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.get', 'cloudtasks.queues.list', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddebugger.agent Cloud Debugger agents are allowed to register and provide debug snapshot data. Cloud Debugger Agent ['clouddebugger.breakpoints.list', 'clouddebugger.breakpoints.listActive', 'clouddebugger.breakpoints.update', 'clouddebugger.debuggees.create'] BETA
roles/cloudkms.cryptoKeyDecrypterViaDelegation Enables Decrypt operations via other GCP services Cloud KMS CryptoKey Decrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.serviceAgent Gives Cloud KMS service account access to managed resources. Cloud KMS Service Agent ['cloudasset.assets.listCloudkmsCryptoKeys'] GA
roles/cloudsql.client Connectivity access to Cloud SQL instances. Cloud SQL Client ['cloudsql.instances.connect', 'cloudsql.instances.get'] GA
roles/cloudasset.viewer Read only access to cloud assets metadata Cloud Asset Viewer ['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.analyzeMove', 'cloudasset.assets.analyzeOrgPolicy', 'cloudasset.assets.exportAccessLevel', 'cloudasset.assets.exportAccessPolicy', 'cloudasset.assets.exportAiplatformBatchPredictionJobs', 'cloudasset.assets.exportAiplatformCustomJobs', 'cloudasset.assets.exportAiplatformDataLabelingJobs', 'cloudasset.assets.exportAiplatformDatasets', 'cloudasset.assets.exportAiplatformEndpoints', 'cloudasset.assets.exportAiplatformHyperparameterTuningJobs', 'cloudasset.assets.exportAiplatformMetadataStores', 'cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.exportAiplatformModels', 'cloudasset.assets.exportAiplatformPipelineJobs', 'cloudasset.assets.exportAiplatformSpecialistPools', 'cloudasset.assets.exportAiplatformTrainingPipelines', 'cloudasset.assets.exportAllAccessPolicy', 'cloudasset.assets.exportAnthosConnectedCluster', 'cloudasset.assets.exportAnthosedgeCluster', 'cloudasset.assets.exportApigatewayApi', 'cloudasset.assets.exportApigatewayApiConfig', 'cloudasset.assets.exportApigatewayGateway', 'cloudasset.assets.exportApikeysKeys', 'cloudasset.assets.exportAppengineApplications', 'cloudasset.assets.exportAppengineServices', 'cloudasset.assets.exportAppengineVersions', 'cloudasset.assets.exportArtifactregistryDockerImages', 'cloudasset.assets.exportArtifactregistryRepositories', 'cloudasset.assets.exportAssuredWorkloadsWorkloads', 'cloudasset.assets.exportBeyondCorpApiGateways', 'cloudasset.assets.exportBeyondCorpAppConnections', 'cloudasset.assets.exportBeyondCorpAppConnectors', 'cloudasset.assets.exportBeyondCorpAppGateways', 'cloudasset.assets.exportBeyondCorpClientConnectorServices', 'cloudasset.assets.exportBeyondCorpClientGateways', 'cloudasset.assets.exportBigqueryDatasets', 'cloudasset.assets.exportBigqueryModels', 'cloudasset.assets.exportBigqueryTables', 'cloudasset.assets.exportBigtableAppProfile', 'cloudasset.assets.exportBigtableBackup', 'cloudasset.assets.exportBigtableCluster', 'cloudasset.assets.exportBigtableInstance', 'cloudasset.assets.exportBigtableTable', 'cloudasset.assets.exportCloudAssetFeeds', 'cloudasset.assets.exportCloudDeployDeliveryPipelines', 'cloudasset.assets.exportCloudDeployReleases', 'cloudasset.assets.exportCloudDeployRollouts', 'cloudasset.assets.exportCloudDeployTargets', 'cloudasset.assets.exportCloudDocumentAIEvaluation', 'cloudasset.assets.exportCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.exportCloudDocumentAILabelerPool', 'cloudasset.assets.exportCloudDocumentAIProcessor', 'cloudasset.assets.exportCloudDocumentAIProcessorVersion', 'cloudasset.assets.exportCloudbillingBillingAccounts', 'cloudasset.assets.exportCloudbillingProjectBillingInfos', 'cloudasset.assets.exportCloudfunctionsFunctions', 'cloudasset.assets.exportCloudfunctionsGen2Functions', 'cloudasset.assets.exportCloudkmsCryptoKeyVersions', 'cloudasset.assets.exportCloudkmsCryptoKeys', 'cloudasset.assets.exportCloudkmsEkmConnections', 'cloudasset.assets.exportCloudkmsImportJobs', 'cloudasset.assets.exportCloudkmsKeyRings', 'cloudasset.assets.exportCloudmemcacheInstances', 'cloudasset.assets.exportCloudresourcemanagerFolders', 'cloudasset.assets.exportCloudresourcemanagerOrganizations', 'cloudasset.assets.exportCloudresourcemanagerProjects', 'cloudasset.assets.exportCloudresourcemanagerTagBindings', 'cloudasset.assets.exportCloudresourcemanagerTagKeys', 'cloudasset.assets.exportCloudresourcemanagerTagValues', 'cloudasset.assets.exportComposerEnvironments', 'cloudasset.assets.exportComputeAddress', 'cloudasset.assets.exportComputeAutoscalers', 'cloudasset.assets.exportComputeBackendBuckets', 'cloudasset.assets.exportComputeBackendServices', 'cloudasset.assets.exportComputeCommitments', 'cloudasset.assets.exportComputeDisks', 'cloudasset.assets.exportComputeExternalVpnGateways', 'cloudasset.assets.exportComputeFirewallPolicies', 'cloudasset.assets.exportComputeFirewalls', 'cloudasset.assets.exportComputeForwardingRules', 'cloudasset.assets.exportComputeGlobalAddress', 'cloudasset.assets.exportComputeGlobalForwardingRules', 'cloudasset.assets.exportComputeHealthChecks', 'cloudasset.assets.exportComputeHttpHealthChecks', 'cloudasset.assets.exportComputeHttpsHealthChecks', 'cloudasset.assets.exportComputeImages', 'cloudasset.assets.exportComputeInstanceGroupManagers', 'cloudasset.assets.exportComputeInstanceGroups', 'cloudasset.assets.exportComputeInstanceTemplates', 'cloudasset.assets.exportComputeInstances', 'cloudasset.assets.exportComputeInterconnect', 'cloudasset.assets.exportComputeInterconnectAttachment', 'cloudasset.assets.exportComputeLicenses', 'cloudasset.assets.exportComputeNetworkEndpointGroups', 'cloudasset.assets.exportComputeNetworks', 'cloudasset.assets.exportComputeNodeGroups', 'cloudasset.assets.exportComputeNodeTemplates', 'cloudasset.assets.exportComputePacketMirrorings', 'cloudasset.assets.exportComputeProjects', 'cloudasset.assets.exportComputeRegionAutoscaler', 'cloudasset.assets.exportComputeRegionBackendServices', 'cloudasset.assets.exportComputeRegionDisk', 'cloudasset.assets.exportComputeRegionInstanceGroup', 'cloudasset.assets.exportComputeRegionInstanceGroupManager', 'cloudasset.assets.exportComputeReservations', 'cloudasset.assets.exportComputeResourcePolicies', 'cloudasset.assets.exportComputeRouters', 'cloudasset.assets.exportComputeRoutes', 'cloudasset.assets.exportComputeSecurityPolicy', 'cloudasset.assets.exportComputeServiceAttachments', 'cloudasset.assets.exportComputeSnapshots', 'cloudasset.assets.exportComputeSslCertificates', 'cloudasset.assets.exportComputeSslPolicies', 'cloudasset.assets.exportComputeSubnetworks', 'cloudasset.assets.exportComputeTargetHttpProxies', 'cloudasset.assets.exportComputeTargetHttpsProxies', 'cloudasset.assets.exportComputeTargetInstances', 'cloudasset.assets.exportComputeTargetPools', 'cloudasset.assets.exportComputeTargetSslProxies', 'cloudasset.assets.exportComputeTargetTcpProxies', 'cloudasset.assets.exportComputeTargetVpnGateways', 'cloudasset.assets.exportComputeUrlMaps', 'cloudasset.assets.exportComputeVpnGateways', 'cloudasset.assets.exportComputeVpnTunnels', 'cloudasset.assets.exportConnectorsConnections', 'cloudasset.assets.exportConnectorsConnectorVersions', 'cloudasset.assets.exportConnectorsConnectors', 'cloudasset.assets.exportConnectorsProviders', 'cloudasset.assets.exportConnectorsRuntimeConfigs', 'cloudasset.assets.exportContainerAppsDeployment', 'cloudasset.assets.exportContainerAppsReplicaSets', 'cloudasset.assets.exportContainerBatchJobs', 'cloudasset.assets.exportContainerClusterrole', 'cloudasset.assets.exportContainerClusterrolebinding', 'cloudasset.assets.exportContainerClusters', 'cloudasset.assets.exportContainerExtensionsIngresses', 'cloudasset.assets.exportContainerJobs', 'cloudasset.assets.exportContainerNamespace', 'cloudasset.assets.exportContainerNetworkingIngresses', 'cloudasset.assets.exportContainerNetworkingNetworkPolicies', 'cloudasset.assets.exportContainerNode', 'cloudasset.assets.exportContainerNodepool', 'cloudasset.assets.exportContainerPod', 'cloudasset.assets.exportContainerReplicaSets', 'cloudasset.assets.exportContainerRole', 'cloudasset.assets.exportContainerRolebinding', 'cloudasset.assets.exportContainerServices', 'cloudasset.assets.exportContainerregistryImage', 'cloudasset.assets.exportDataMigrationConnectionProfiles', 'cloudasset.assets.exportDataMigrationMigrationJobs', 'cloudasset.assets.exportDataflowJobs', 'cloudasset.assets.exportDatafusionInstance', 'cloudasset.assets.exportDataplexAssets', 'cloudasset.assets.exportDataplexLakes', 'cloudasset.assets.exportDataplexTasks', 'cloudasset.assets.exportDataplexZones', 'cloudasset.assets.exportDataprocAutoscalingPolicies', 'cloudasset.assets.exportDataprocBatches', 'cloudasset.assets.exportDataprocClusters', 'cloudasset.assets.exportDataprocJobs', 'cloudasset.assets.exportDataprocSessions', 'cloudasset.assets.exportDataprocWorkflowTemplates', 'cloudasset.assets.exportDatastreamConnectionProfile', 'cloudasset.assets.exportDatastreamPrivateConnection', 'cloudasset.assets.exportDatastreamStream', 'cloudasset.assets.exportDialogflowAgents', 'cloudasset.assets.exportDialogflowConversationProfiles', 'cloudasset.assets.exportDialogflowKnowledgeBases', 'cloudasset.assets.exportDialogflowLocationSettings', 'cloudasset.assets.exportDlpDeidentifyTemplates', 'cloudasset.assets.exportDlpDlpJobs', 'cloudasset.assets.exportDlpInspectTemplates', 'cloudasset.assets.exportDlpJobTriggers', 'cloudasset.assets.exportDlpStoredInfoTypes', 'cloudasset.assets.exportDnsManagedZones', 'cloudasset.assets.exportDnsPolicies', 'cloudasset.assets.exportDomainsRegistrations', 'cloudasset.assets.exportEventarcTriggers', 'cloudasset.assets.exportFileBackups', 'cloudasset.assets.exportFileInstances', 'cloudasset.assets.exportFirebaseAppInfos', 'cloudasset.assets.exportFirebaseProjects', 'cloudasset.assets.exportFirestoreDatabases', 'cloudasset.assets.exportGKEHubFeatures', 'cloudasset.assets.exportGKEHubMemberships', 'cloudasset.assets.exportGameservicesGameServerClusters', 'cloudasset.assets.exportGameservicesGameServerConfigs', 'cloudasset.assets.exportGameservicesGameServerDeployments', 'cloudasset.assets.exportGameservicesRealms', 'cloudasset.assets.exportGkeBackupBackupPlans', 'cloudasset.assets.exportGkeBackupBackups', 'cloudasset.assets.exportGkeBackupRestorePlans', 'cloudasset.assets.exportGkeBackupRestores', 'cloudasset.assets.exportGkeBackupVolumeBackups', 'cloudasset.assets.exportGkeBackupVolumeRestores', 'cloudasset.assets.exportHealthcareConsentStores', 'cloudasset.assets.exportHealthcareDatasets', 'cloudasset.assets.exportHealthcareDicomStores', 'cloudasset.assets.exportHealthcareFhirStores', 'cloudasset.assets.exportHealthcareHl7V2Stores', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportIamRoles', 'cloudasset.assets.exportIamServiceAccountKeys', 'cloudasset.assets.exportIamServiceAccounts', 'cloudasset.assets.exportIapTunnel', 'cloudasset.assets.exportIapTunnelInstances', 'cloudasset.assets.exportIapTunnelZones', 'cloudasset.assets.exportIapWeb', 'cloudasset.assets.exportIapWebServiceVersion', 'cloudasset.assets.exportIapWebServices', 'cloudasset.assets.exportIapWebType', 'cloudasset.assets.exportIdsEndpoints', 'cloudasset.assets.exportIntegrationsAuthConfigs', 'cloudasset.assets.exportIntegrationsCertificates', 'cloudasset.assets.exportIntegrationsExecutions', 'cloudasset.assets.exportIntegrationsIntegrationVersions', 'cloudasset.assets.exportIntegrationsIntegrations', 'cloudasset.assets.exportIntegrationsSfdcChannels', 'cloudasset.assets.exportIntegrationsSfdcInstances', 'cloudasset.assets.exportIntegrationsSuspensions', 'cloudasset.assets.exportLoggingLogMetrics', 'cloudasset.assets.exportLoggingLogSinks', 'cloudasset.assets.exportManagedidentitiesDomain', 'cloudasset.assets.exportMetastoreBackups', 'cloudasset.assets.exportMetastoreMetadataImports', 'cloudasset.assets.exportMetastoreServices', 'cloudasset.assets.exportMonitoringAlertPolicies', 'cloudasset.assets.exportNetworkConnectivityHubs', 'cloudasset.assets.exportNetworkConnectivitySpokes', 'cloudasset.assets.exportNetworkManagementConnectivityTests', 'cloudasset.assets.exportNetworkServicesEndpointPolicies', 'cloudasset.assets.exportNetworkServicesGateways', 'cloudasset.assets.exportNetworkServicesGrpcRoutes', 'cloudasset.assets.exportNetworkServicesHttpRoutes', 'cloudasset.assets.exportNetworkServicesMeshes', 'cloudasset.assets.exportNetworkServicesServiceBindings', 'cloudasset.assets.exportNetworkServicesTcpRoutes', 'cloudasset.assets.exportNetworkServicesTlsRoutes', 'cloudasset.assets.exportOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.exportOSConfigOSPolicyAssignments', 'cloudasset.assets.exportOSConfigVulnerabilityReports', 'cloudasset.assets.exportOSInventories', 'cloudasset.assets.exportOrgPolicy', 'cloudasset.assets.exportPatchDeployments', 'cloudasset.assets.exportPubsubSnapshots', 'cloudasset.assets.exportPubsubSubscriptions', 'cloudasset.assets.exportPubsubTopics', 'cloudasset.assets.exportRedisInstances', 'cloudasset.assets.exportResource', 'cloudasset.assets.exportSecretManagerSecretVersions', 'cloudasset.assets.exportSecretManagerSecrets', 'cloudasset.assets.exportServiceDirectoryNamespaces', 'cloudasset.assets.exportServicePerimeter', 'cloudasset.assets.exportServiceconsumermanagementConsumerProperty', 'cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.exportServiceconsumermanagementConsumers', 'cloudasset.assets.exportServiceconsumermanagementProducerOverrides', 'cloudasset.assets.exportServiceconsumermanagementTenancyUnits', 'cloudasset.assets.exportServiceconsumermanagementVisibility', 'cloudasset.assets.exportServicemanagementServices', 'cloudasset.assets.exportServiceusageAdminOverrides', 'cloudasset.assets.exportServiceusageConsumerOverrides', 'cloudasset.assets.exportServiceusageServices', 'cloudasset.assets.exportSpannerBackups', 'cloudasset.assets.exportSpannerDatabases', 'cloudasset.assets.exportSpannerInstances', 'cloudasset.assets.exportSpeakerIdPhrases', 'cloudasset.assets.exportSpeakerIdSettings', 'cloudasset.assets.exportSpeakerIdSpeakers', 'cloudasset.assets.exportSpeechCustomClasses', 'cloudasset.assets.exportSpeechPhraseSets', 'cloudasset.assets.exportSqladminBackupRuns', 'cloudasset.assets.exportSqladminInstances', 'cloudasset.assets.exportStorageBuckets', 'cloudasset.assets.exportTpuNodes', 'cloudasset.assets.exportVpcaccessConnector', 'cloudasset.assets.listAccessLevel', 'cloudasset.assets.listAccessPolicy', 'cloudasset.assets.listAiplatformBatchPredictionJobs', 'cloudasset.assets.listAiplatformCustomJobs', 'cloudasset.assets.listAiplatformDataLabelingJobs', 'cloudasset.assets.listAiplatformDatasets', 'cloudasset.assets.listAiplatformEndpoints', 'cloudasset.assets.listAiplatformHyperparameterTuningJobs', 'cloudasset.assets.listAiplatformMetadataStores', 'cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs', 'cloudasset.assets.listAiplatformModels', 'cloudasset.assets.listAiplatformPipelineJobs', 'cloudasset.assets.listAiplatformSpecialistPools', 'cloudasset.assets.listAiplatformTrainingPipelines', 'cloudasset.assets.listAllAccessPolicy', 'cloudasset.assets.listAnthosConnectedCluster', 'cloudasset.assets.listAnthosedgeCluster', 'cloudasset.assets.listApigatewayApi', 'cloudasset.assets.listApigatewayApiConfig', 'cloudasset.assets.listApigatewayGateway', 'cloudasset.assets.listApikeysKeys', 'cloudasset.assets.listAppengineApplications', 'cloudasset.assets.listAppengineServices', 'cloudasset.assets.listAppengineVersions', 'cloudasset.assets.listArtifactregistryDockerImages', 'cloudasset.assets.listArtifactregistryRepositories', 'cloudasset.assets.listAssuredWorkloadsWorkloads', 'cloudasset.assets.listBeyondCorpApiGateways', 'cloudasset.assets.listBeyondCorpAppConnections', 'cloudasset.assets.listBeyondCorpAppConnectors', 'cloudasset.assets.listBeyondCorpAppGateways', 'cloudasset.assets.listBeyondCorpClientConnectorServices', 'cloudasset.assets.listBeyondCorpClientGateways', 'cloudasset.assets.listBigqueryDatasets', 'cloudasset.assets.listBigqueryModels', 'cloudasset.assets.listBigqueryTables', 'cloudasset.assets.listBigtableAppProfile', 'cloudasset.assets.listBigtableBackup', 'cloudasset.assets.listBigtableCluster', 'cloudasset.assets.listBigtableInstance', 'cloudasset.assets.listBigtableTable', 'cloudasset.assets.listCloudAssetFeeds', 'cloudasset.assets.listCloudDeployDeliveryPipelines', 'cloudasset.assets.listCloudDeployReleases', 'cloudasset.assets.listCloudDeployRollouts', 'cloudasset.assets.listCloudDeployTargets', 'cloudasset.assets.listCloudDocumentAIEvaluation', 'cloudasset.assets.listCloudDocumentAIHumanReviewConfig', 'cloudasset.assets.listCloudDocumentAILabelerPool', 'cloudasset.assets.listCloudDocumentAIProcessor', 'cloudasset.assets.listCloudDocumentAIProcessorVersion', 'cloudasset.assets.listCloudbillingBillingAccounts', 'cloudasset.assets.listCloudbillingProjectBillingInfos', 'cloudasset.assets.listCloudfunctionsFunctions', 'cloudasset.assets.listCloudfunctionsGen2Functions', 'cloudasset.assets.listCloudkmsCryptoKeyVersions', 'cloudasset.assets.listCloudkmsCryptoKeys', 'cloudasset.assets.listCloudkmsEkmConnections', 'cloudasset.assets.listCloudkmsImportJobs', 'cloudasset.assets.listCloudkmsKeyRings', 'cloudasset.assets.listCloudmemcacheInstances', 'cloudasset.assets.listCloudresourcemanagerFolders', 'cloudasset.assets.listCloudresourcemanagerOrganizations', 'cloudasset.assets.listCloudresourcemanagerProjects', 'cloudasset.assets.listCloudresourcemanagerTagBindings', 'cloudasset.assets.listCloudresourcemanagerTagKeys', 'cloudasset.assets.listCloudresourcemanagerTagValues', 'cloudasset.assets.listComposerEnvironments', 'cloudasset.assets.listComputeAddress', 'cloudasset.assets.listComputeAutoscalers', 'cloudasset.assets.listComputeBackendBuckets', 'cloudasset.assets.listComputeBackendServices', 'cloudasset.assets.listComputeCommitments', 'cloudasset.assets.listComputeDisks', 'cloudasset.assets.listComputeExternalVpnGateways', 'cloudasset.assets.listComputeFirewallPolicies', 'cloudasset.assets.listComputeFirewalls', 'cloudasset.assets.listComputeForwardingRules', 'cloudasset.assets.listComputeGlobalAddress', 'cloudasset.assets.listComputeGlobalForwardingRules', 'cloudasset.assets.listComputeHealthChecks', 'cloudasset.assets.listComputeHttpHealthChecks', 'cloudasset.assets.listComputeHttpsHealthChecks', 'cloudasset.assets.listComputeImages', 'cloudasset.assets.listComputeInstanceGroupManagers', 'cloudasset.assets.listComputeInstanceGroups', 'cloudasset.assets.listComputeInstanceTemplates', 'cloudasset.assets.listComputeInstances', 'cloudasset.assets.listComputeInterconnect', 'cloudasset.assets.listComputeInterconnectAttachment', 'cloudasset.assets.listComputeLicenses', 'cloudasset.assets.listComputeNetworkEndpointGroups', 'cloudasset.assets.listComputeNetworks', 'cloudasset.assets.listComputeNodeGroups', 'cloudasset.assets.listComputeNodeTemplates', 'cloudasset.assets.listComputePacketMirrorings', 'cloudasset.assets.listComputeProjects', 'cloudasset.assets.listComputeRegionAutoscaler', 'cloudasset.assets.listComputeRegionBackendServices', 'cloudasset.assets.listComputeRegionDisk', 'cloudasset.assets.listComputeRegionInstanceGroup', 'cloudasset.assets.listComputeRegionInstanceGroupManager', 'cloudasset.assets.listComputeReservations', 'cloudasset.assets.listComputeResourcePolicies', 'cloudasset.assets.listComputeRouters', 'cloudasset.assets.listComputeRoutes', 'cloudasset.assets.listComputeSecurityPolicy', 'cloudasset.assets.listComputeServiceAttachments', 'cloudasset.assets.listComputeSnapshots', 'cloudasset.assets.listComputeSslCertificates', 'cloudasset.assets.listComputeSslPolicies', 'cloudasset.assets.listComputeSubnetworks', 'cloudasset.assets.listComputeTargetHttpProxies', 'cloudasset.assets.listComputeTargetHttpsProxies', 'cloudasset.assets.listComputeTargetInstances', 'cloudasset.assets.listComputeTargetPools', 'cloudasset.assets.listComputeTargetSslProxies', 'cloudasset.assets.listComputeTargetTcpProxies', 'cloudasset.assets.listComputeTargetVpnGateways', 'cloudasset.assets.listComputeUrlMaps', 'cloudasset.assets.listComputeVpnGateways', 'cloudasset.assets.listComputeVpnTunnels', 'cloudasset.assets.listConnectorsConnections', 'cloudasset.assets.listConnectorsConnectorVersions', 'cloudasset.assets.listConnectorsConnectors', 'cloudasset.assets.listConnectorsProviders', 'cloudasset.assets.listConnectorsRuntimeConfigs', 'cloudasset.assets.listContainerAppsDeployment', 'cloudasset.assets.listContainerAppsReplicaSets', 'cloudasset.assets.listContainerBatchJobs', 'cloudasset.assets.listContainerClusterrole', 'cloudasset.assets.listContainerClusterrolebinding', 'cloudasset.assets.listContainerClusters', 'cloudasset.assets.listContainerExtensionsIngresses', 'cloudasset.assets.listContainerJobs', 'cloudasset.assets.listContainerNamespace', 'cloudasset.assets.listContainerNetworkingIngresses', 'cloudasset.assets.listContainerNetworkingNetworkPolicies', 'cloudasset.assets.listContainerNode', 'cloudasset.assets.listContainerNodepool', 'cloudasset.assets.listContainerPod', 'cloudasset.assets.listContainerReplicaSets', 'cloudasset.assets.listContainerRole', 'cloudasset.assets.listContainerRolebinding', 'cloudasset.assets.listContainerServices', 'cloudasset.assets.listContainerregistryImage', 'cloudasset.assets.listDataMigrationConnectionProfiles', 'cloudasset.assets.listDataMigrationMigrationJobs', 'cloudasset.assets.listDataflowJobs', 'cloudasset.assets.listDatafusionInstance', 'cloudasset.assets.listDataplexAssets', 'cloudasset.assets.listDataplexLakes', 'cloudasset.assets.listDataplexTasks', 'cloudasset.assets.listDataplexZones', 'cloudasset.assets.listDataprocAutoscalingPolicies', 'cloudasset.assets.listDataprocBatches', 'cloudasset.assets.listDataprocClusters', 'cloudasset.assets.listDataprocJobs', 'cloudasset.assets.listDataprocSessions', 'cloudasset.assets.listDataprocWorkflowTemplates', 'cloudasset.assets.listDatastreamConnectionProfile', 'cloudasset.assets.listDatastreamPrivateConnection', 'cloudasset.assets.listDatastreamStream', 'cloudasset.assets.listDialogflowAgents', 'cloudasset.assets.listDialogflowConversationProfiles', 'cloudasset.assets.listDialogflowKnowledgeBases', 'cloudasset.assets.listDialogflowLocationSettings', 'cloudasset.assets.listDlpDeidentifyTemplates', 'cloudasset.assets.listDlpDlpJobs', 'cloudasset.assets.listDlpInspectTemplates', 'cloudasset.assets.listDlpJobTriggers', 'cloudasset.assets.listDlpStoredInfoTypes', 'cloudasset.assets.listDnsManagedZones', 'cloudasset.assets.listDnsPolicies', 'cloudasset.assets.listDomainsRegistrations', 'cloudasset.assets.listEventarcTriggers', 'cloudasset.assets.listFileBackups', 'cloudasset.assets.listFileInstances', 'cloudasset.assets.listFirebaseAppInfos', 'cloudasset.assets.listFirebaseProjects', 'cloudasset.assets.listFirestoreDatabases', 'cloudasset.assets.listGKEHubFeatures', 'cloudasset.assets.listGKEHubMemberships', 'cloudasset.assets.listGameservicesGameServerClusters', 'cloudasset.assets.listGameservicesGameServerConfigs', 'cloudasset.assets.listGameservicesGameServerDeployments', 'cloudasset.assets.listGameservicesRealms', 'cloudasset.assets.listGkeBackupBackupPlans', 'cloudasset.assets.listGkeBackupBackups', 'cloudasset.assets.listGkeBackupRestorePlans', 'cloudasset.assets.listGkeBackupRestores', 'cloudasset.assets.listGkeBackupVolumeBackups', 'cloudasset.assets.listGkeBackupVolumeRestores', 'cloudasset.assets.listHealthcareConsentStores', 'cloudasset.assets.listHealthcareDatasets', 'cloudasset.assets.listHealthcareDicomStores', 'cloudasset.assets.listHealthcareFhirStores', 'cloudasset.assets.listHealthcareHl7V2Stores', 'cloudasset.assets.listIamPolicy', 'cloudasset.assets.listIamRoles', 'cloudasset.assets.listIamServiceAccountKeys', 'cloudasset.assets.listIamServiceAccounts', 'cloudasset.assets.listIapTunnel', 'cloudasset.assets.listIapTunnelInstances', 'cloudasset.assets.listIapTunnelZones', 'cloudasset.assets.listIapWeb', 'cloudasset.assets.listIapWebServiceVersion', 'cloudasset.assets.listIapWebServices', 'cloudasset.assets.listIapWebType', 'cloudasset.assets.listIdsEndpoints', 'cloudasset.assets.listIntegrationsAuthConfigs', 'cloudasset.assets.listIntegrationsCertificates', 'cloudasset.assets.listIntegrationsExecutions', 'cloudasset.assets.listIntegrationsIntegrationVersions', 'cloudasset.assets.listIntegrationsIntegrations', 'cloudasset.assets.listIntegrationsSfdcChannels', 'cloudasset.assets.listIntegrationsSfdcInstances', 'cloudasset.assets.listIntegrationsSuspensions', 'cloudasset.assets.listLoggingLogMetrics', 'cloudasset.assets.listLoggingLogSinks', 'cloudasset.assets.listManagedidentitiesDomain', 'cloudasset.assets.listMetastoreBackups', 'cloudasset.assets.listMetastoreMetadataImports', 'cloudasset.assets.listMetastoreServices', 'cloudasset.assets.listMonitoringAlertPolicies', 'cloudasset.assets.listNetworkConnectivityHubs', 'cloudasset.assets.listNetworkConnectivitySpokes', 'cloudasset.assets.listNetworkManagementConnectivityTests', 'cloudasset.assets.listNetworkServicesEndpointPolicies', 'cloudasset.assets.listNetworkServicesGateways', 'cloudasset.assets.listNetworkServicesGrpcRoutes', 'cloudasset.assets.listNetworkServicesHttpRoutes', 'cloudasset.assets.listNetworkServicesMeshes', 'cloudasset.assets.listNetworkServicesServiceBindings', 'cloudasset.assets.listNetworkServicesTcpRoutes', 'cloudasset.assets.listNetworkServicesTlsRoutes', 'cloudasset.assets.listOSConfigOSPolicyAssignmentReports', 'cloudasset.assets.listOSConfigOSPolicyAssignments', 'cloudasset.assets.listOSConfigVulnerabilityReports', 'cloudasset.assets.listOSInventories', 'cloudasset.assets.listOrgPolicy', 'cloudasset.assets.listPatchDeployments', 'cloudasset.assets.listPubsubSnapshots', 'cloudasset.assets.listPubsubSubscriptions', 'cloudasset.assets.listPubsubTopics', 'cloudasset.assets.listRedisInstances', 'cloudasset.assets.listResource', 'cloudasset.assets.listRunDomainMapping', 'cloudasset.assets.listRunRevision', 'cloudasset.assets.listRunService', 'cloudasset.assets.listSecretManagerSecretVersions', 'cloudasset.assets.listSecretManagerSecrets', 'cloudasset.assets.listServiceDirectoryNamespaces', 'cloudasset.assets.listServicePerimeter', 'cloudasset.assets.listServiceconsumermanagementConsumerProperty', 'cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits', 'cloudasset.assets.listServiceconsumermanagementConsumers', 'cloudasset.assets.listServiceconsumermanagementProducerOverrides', 'cloudasset.assets.listServiceconsumermanagementTenancyUnits', 'cloudasset.assets.listServiceconsumermanagementVisibility', 'cloudasset.assets.listServicemanagementServices', 'cloudasset.assets.listServiceusageAdminOverrides', 'cloudasset.assets.listServiceusageConsumerOverrides', 'cloudasset.assets.listServiceusageServices', 'cloudasset.assets.listSpannerBackups', 'cloudasset.assets.listSpannerDatabases', 'cloudasset.assets.listSpannerInstances', 'cloudasset.assets.listSpeakerIdPhrases', 'cloudasset.assets.listSpeakerIdSettings', 'cloudasset.assets.listSpeakerIdSpeakers', 'cloudasset.assets.listSpeechCustomClasses', 'cloudasset.assets.listSpeechPhraseSets', 'cloudasset.assets.listSqladminBackupRuns', 'cloudasset.assets.listSqladminInstances', 'cloudasset.assets.listStorageBuckets', 'cloudasset.assets.listTpuNodes', 'cloudasset.assets.listVpcaccessConnector', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'recommender.cloudAssetInsights.get', 'recommender.cloudAssetInsights.list', 'recommender.locations.get', 'recommender.locations.list'] GA
roles/cloudjobdiscovery.jobsViewer Read access to all job data in Cloud Talent Solution. Cloud Talent Solution Job Viewer ['cloudjobdiscovery.companies.get', 'cloudjobdiscovery.companies.list', 'cloudjobdiscovery.jobs.get', 'cloudjobdiscovery.jobs.search', 'cloudjobdiscovery.tenants.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.cryptoOperator Enables all Crypto Operations. Cloud KMS Crypto Operator ['cloudkms.cryptoKeyVersions.useToDecrypt', 'cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.generateRandomBytes', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudbuild.workerPoolOwner Can create, delete, update, and view WorkerPools Cloud Build WorkerPool Owner ['cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudscheduler.admin Full access to jobs and executions. Cloud Scheduler Admin ['appengine.applications.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.enable', 'cloudscheduler.jobs.fullView', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.list', 'cloudscheduler.jobs.pause', 'cloudscheduler.jobs.run', 'cloudscheduler.jobs.update', 'cloudscheduler.locations.get', 'cloudscheduler.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudquotas.viewer Readonly access to Cloud Quotas resources. Cloud Quotas Viewer ['cloudquotas.quotas.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddeploy.serviceAgent Gives Cloud Deploy Service Account access to managed resources. Cloud Deploy Service Agent ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.workerpools.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'logging.logEntries.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.get', 'storage.objects.get'] GA
roles/cloudiot.viewer Read-only access to all Cloud IoT resources. Cloud IoT Viewer ['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudfunctions.developer Read and write access to all functions-related resources. Cloud Functions Developer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudkms.verifier Enables Verify and GetPublicKey operations Cloud KMS CryptoKey Verifier ['cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudkms.autokeyAdmin Enables management of AutokeyConfig. Cloud KMS Autokey Admin ['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.projects.showEffectiveAutokeyConfig'] GA
roles/cloudmigration.storageaccess Ability to access migration storage Velostrata Storage Access ['storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] BETA
roles/cloudbuild.loggingServiceAgent Gives the Cloud Build logging-specific service account access to write logs. Cloud Build Logging Service Agent ['logging.buckets.write'] GA
roles/cloudbuild.workerPoolEditor Can update and view WorkerPools Cloud Build WorkerPool Editor ['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudoptimization.serviceAgent Grants Cloud Optimization Service Account access to read and write data in the user project. Cloud Optimization Service Agent ['storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/cloudbuild.workerPoolViewer Can view WorkerPools Cloud Build WorkerPool Viewer ['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtasks.admin Full access to queues and tasks. Cloud Tasks Admin ['cloudtasks.cmekConfig.get', 'cloudtasks.cmekConfig.update', 'cloudtasks.locations.get', 'cloudtasks.locations.list', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'cloudtasks.queues.getIamPolicy', 'cloudtasks.queues.list', 'cloudtasks.queues.pause', 'cloudtasks.queues.purge', 'cloudtasks.queues.resume', 'cloudtasks.queues.setIamPolicy', 'cloudtasks.queues.update', 'cloudtasks.tasks.create', 'cloudtasks.tasks.delete', 'cloudtasks.tasks.fullView', 'cloudtasks.tasks.get', 'cloudtasks.tasks.list', 'cloudtasks.tasks.run', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddeploy.releaser Permission to create Cloud Deploy releases and rollouts. Cloud Deploy Releaser ['clouddeploy.config.get', 'clouddeploy.customTargetTypes.get', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.create', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudoptimization.viewer Viewer of Cloud Optimization AI resources Cloud Optimization AI Viewer ['cloudoptimization.operations.get'] GA
roles/cloudkms.importer Enables ImportCryptoKeyVersion, CreateImportJob, ListImportJobs, and GetImportJob operations Cloud KMS Importer ['cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.importJobs.useToImport', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudcontrolspartner.accessApprovalServiceAgent Gives the Partner Console service account access to read Access Approval Requests for workloads associated with a partner. Cloud Controls Partner Access Approval Service Agent ['accessapproval.requests.get', 'accessapproval.requests.list'] GA
roles/cloudbuild.builds.builder Can perform builds Cloud Build Service Account ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.topics.create', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/cloudsql.editor Full control of existing Cloud SQL instances excluding modifying users, SSL certificates or deleting resources. Cloud SQL Editor ['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.create', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.create', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.addServerCa', 'cloudsql.instances.addServerCertificate', 'cloudsql.instances.connect', 'cloudsql.instances.export', 'cloudsql.instances.failover', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.instances.migrate', 'cloudsql.instances.performDiskShrink', 'cloudsql.instances.reencrypt', 'cloudsql.instances.resetReplicaSize', 'cloudsql.instances.restart', 'cloudsql.instances.rotateServerCa', 'cloudsql.instances.rotateServerCertificate', 'cloudsql.instances.truncateLog', 'cloudsql.instances.update', 'cloudsql.schemas.view', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.get', 'cloudsql.users.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlIdleInstanceRecommendations.update', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceActivityInsights.update', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.update', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.update', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.update', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.update', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.update', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceInsights.update', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstancePerformanceRecommendations.update', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityInsights.update', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.update', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.update', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudaicompanion.serviceAgent Gives Cloud AI Companion components the proper permissions to function. Cloud AI Companion Service Agent ['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'developerconnect.connections.get', 'developerconnect.gitRepositoryLinks.fetchGitRefs', 'developerconnect.gitRepositoryLinks.fetchReadToken', 'developerconnect.gitRepositoryLinks.get', 'developerconnect.gitRepositoryLinks.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'serviceusage.services.use'] GA
roles/cloudbuild.integrationsViewer Can view Integrations Cloud Build Integrations Viewer ['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.serviceAgent Gives Cloud Build service account access to managed resources. Cloud Build Service Agent ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.regionOperations.get', 'compute.subnetworks.get', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'developerconnect.connections.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.networks.access', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] GA
roles/clouddeploy.policyOverrider Permission to override Deploy Policies. Cloud Deploy Policy Overrider ['clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudkms.cryptoKeyEncrypterViaDelegation Enables Encrypt operations via other GCP services Cloud KMS CryptoKey Encrypter Via Delegation ['cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtestservice.testAdmin Full access to all Test Lab features Firebase Test Lab Admin ['cloudtestservice.environmentcatalog.get', 'cloudtestservice.matrices.create', 'cloudtestservice.matrices.get', 'cloudtestservice.matrices.update', 'cloudtoolresults.executions.create', 'cloudtoolresults.executions.get', 'cloudtoolresults.executions.list', 'cloudtoolresults.executions.update', 'cloudtoolresults.histories.create', 'cloudtoolresults.histories.get', 'cloudtoolresults.histories.list', 'cloudtoolresults.settings.create', 'cloudtoolresults.settings.get', 'cloudtoolresults.settings.update', 'cloudtoolresults.steps.create', 'cloudtoolresults.steps.get', 'cloudtoolresults.steps.list', 'cloudtoolresults.steps.update', 'firebase.billingPlans.get', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list'] GA
roles/cloudsql.schemaViewer Role allowing access to the Cloud SQL instance schema on Dataplex Cloud SQL Schema Viewer ['cloudsql.schemas.view'] GA
roles/cloudbuild.tokenAccessor Can view the connection and access its read/write and read-only tokens. Cloud Build Token Accessor ['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list'] GA
roles/cloudcontrolspartner.reader Readonly access to Cloud Controls Partner resources. Cloud Controls Partner Reader ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudaicompanion.user A user who can use Gemini for Google Cloud Gemini for Google Cloud User ['cloudaicompanion.companions.generateChat', 'cloudaicompanion.companions.generateCode', 'cloudaicompanion.entitlements.get', 'cloudaicompanion.instances.completeCode', 'cloudaicompanion.instances.completeTask', 'cloudaicompanion.instances.generateCode', 'cloudaicompanion.instances.generateText', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudscheduler.serviceAgent Grants Cloud Scheduler Service Account access to manage resources. Cloud Scheduler Service Agent ['iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.logEntries.create', 'logging.logEntries.route', 'pubsub.topics.publish'] GA
roles/cloudprofiler.user Cloud Profiler users are allowed to query and view the profiling data. Cloud Profiler User ['cloudprofiler.profiles.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.viewer Read-only access to functions and locations. Cloud Functions Viewer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudquotas.admin Full access to Cloud Quotas resources. Cloud Quotas Admin ['cloudquotas.quotas.get', 'cloudquotas.quotas.update', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/clouddeploy.customTargetTypeAdmin Permission to manage CustomTargetType resources Cloud Deploy Custom Target Type Admin ['clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.connectionAdmin Can manage connections and repositories. Cloud Build Connection Admin ['cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudcontrolspartner.ekmServiceAgent Gives Cloud Controls Partner service agent permission to list EKM connections, get EKM connection status, and provide EKM diagnostic information. Cloud Controls Partner EKM Service Agent ['cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.verifyConnectivity'] GA
roles/cloudsecurityscanner.editor Full access to all Web Security Scanner resources Web Security Scanner Editor ['appengine.applications.get', 'cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scanruns.stop', 'cloudsecurityscanner.scans.create', 'cloudsecurityscanner.scans.delete', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'cloudsecurityscanner.scans.run', 'cloudsecurityscanner.scans.update', 'compute.addresses.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudsecurityscanner.viewer Read access to all Web Security Scanner resources Web Security Scanner Viewer ['cloudsecurityscanner.crawledurls.list', 'cloudsecurityscanner.results.get', 'cloudsecurityscanner.results.list', 'cloudsecurityscanner.scanruns.get', 'cloudsecurityscanner.scanruns.getSummary', 'cloudsecurityscanner.scanruns.list', 'cloudsecurityscanner.scans.get', 'cloudsecurityscanner.scans.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudsupport.viewer Read-only access to details of a support account. This does not allow viewing cases. Support Account Viewer ['cloudsupport.accounts.get', 'cloudsupport.accounts.getUserRoles', 'cloudsupport.accounts.list', 'cloudsupport.properties.get'] GA
roles/cloudaicompanion.repositoryGroupsUser Grants Read/Use access to the Code Repository Indexes Repository Group. Repository Groups User ['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.use'] BETA
roles/cloudiot.provisioner Access to create and delete devices from registries, but not to modify the registries, and enable devices to publish to topics associated with IoT registry. Cloud IoT Provisioner ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudbuild.readTokenAccessor Can view the connection and access its read-only token. Cloud Build Read Only Token Accessor ['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.get'] GA
roles/cloudtranslate.viewer Viewer of all Translation resources Cloud Translation API Viewer ['automl.models.get', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.get', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.ekmConnectionsAdmin Enables management of EkmConnections. Cloud KMS EkmConnections Admin ['cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.verifyConnectivity', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.jobRunner Permission to execute Cloud Deploy work without permission to deliver to a target. Cloud Deploy Runner ['clouddeploy.config.get', 'logging.logEntries.create', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list'] GA
roles/cloudtestservice.directAccessViewer Viewer, able to see what direct access sessions exist Firebase Test Lab Direct Access Viewer ['cloudtestservice.devicesession.get', 'cloudtestservice.devicesession.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudbuild.connectionViewer Can view and list connections and repositories. Cloud Build Connection Viewer ['cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudprivatecatalogproducer.orgAdmin Can manage catalog org settings. Catalog Org Admin ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.create', 'cloudprivatecatalogproducer.catalogs.delete', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.getIamPolicy', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.catalogs.setIamPolicy', 'cloudprivatecatalogproducer.catalogs.undelete', 'cloudprivatecatalogproducer.catalogs.update', 'cloudprivatecatalogproducer.producerCatalogs.attachProduct', 'cloudprivatecatalogproducer.producerCatalogs.create', 'cloudprivatecatalogproducer.producerCatalogs.delete', 'cloudprivatecatalogproducer.producerCatalogs.detachProduct', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.getIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.setIamPolicy', 'cloudprivatecatalogproducer.producerCatalogs.update', 'cloudprivatecatalogproducer.products.create', 'cloudprivatecatalogproducer.products.delete', 'cloudprivatecatalogproducer.products.get', 'cloudprivatecatalogproducer.products.getIamPolicy', 'cloudprivatecatalogproducer.products.list', 'cloudprivatecatalogproducer.products.setIamPolicy', 'cloudprivatecatalogproducer.products.update', 'cloudprivatecatalogproducer.settings.get', 'cloudprivatecatalogproducer.settings.update', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'commerceorggovernance.organizationSettings.get', 'commerceorggovernance.organizationSettings.update', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudtranslate.serviceAgent Gives Cloud Translation Service Account access to consumer resources. Cloud Translation API Service Agent ['automl.datasets.export', 'automl.datasets.get', 'automl.datasets.list', 'automl.models.get', 'automl.models.list', 'automl.operations.get', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list'] GA
roles/cloudtranslate.user User of Cloud Translation and AutoML models Cloud Translation API User ['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudsql.viewer Read-only access to Cloud SQL resources. Cloud SQL Viewer ['cloudaicompanion.entitlements.get', 'cloudsql.backupRuns.get', 'cloudsql.backupRuns.list', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.instances.export', 'cloudsql.instances.get', 'cloudsql.instances.getDiskShrinkConfig', 'cloudsql.instances.list', 'cloudsql.instances.listEffectiveTags', 'cloudsql.instances.listServerCas', 'cloudsql.instances.listServerCertificates', 'cloudsql.instances.listTagBindings', 'cloudsql.sslCerts.get', 'cloudsql.sslCerts.list', 'cloudsql.users.get', 'cloudsql.users.list', 'recommender.cloudsqlIdleInstanceRecommendations.get', 'recommender.cloudsqlIdleInstanceRecommendations.list', 'recommender.cloudsqlInstanceActivityInsights.get', 'recommender.cloudsqlInstanceActivityInsights.list', 'recommender.cloudsqlInstanceCpuUsageInsights.get', 'recommender.cloudsqlInstanceCpuUsageInsights.list', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.get', 'recommender.cloudsqlInstanceDiskUsageTrendInsights.list', 'recommender.cloudsqlInstanceMemoryUsageInsights.get', 'recommender.cloudsqlInstanceMemoryUsageInsights.list', 'recommender.cloudsqlInstanceOomProbabilityInsights.get', 'recommender.cloudsqlInstanceOomProbabilityInsights.list', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.get', 'recommender.cloudsqlInstanceOutOfDiskRecommendations.list', 'recommender.cloudsqlInstancePerformanceInsights.get', 'recommender.cloudsqlInstancePerformanceInsights.list', 'recommender.cloudsqlInstancePerformanceRecommendations.get', 'recommender.cloudsqlInstancePerformanceRecommendations.list', 'recommender.cloudsqlInstanceReliabilityInsights.get', 'recommender.cloudsqlInstanceReliabilityInsights.list', 'recommender.cloudsqlInstanceReliabilityRecommendations.get', 'recommender.cloudsqlInstanceReliabilityRecommendations.list', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get', 'recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.get', 'recommender.cloudsqlOverprovisionedInstanceRecommendations.list', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.get', 'recommender.cloudsqlUnderProvisionedInstanceRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudjobdiscovery.profilesEditor Write access to all profile data in Cloud Talent Solution. Cloud Talent Solution Profile Editor ['cloudjobdiscovery.events.create', 'cloudjobdiscovery.profiles.create', 'cloudjobdiscovery.profiles.delete', 'cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.profiles.update', 'cloudjobdiscovery.tenants.create', 'cloudjobdiscovery.tenants.delete', 'cloudjobdiscovery.tenants.get', 'cloudjobdiscovery.tenants.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.signerVerifier Enables Sign, Verify, and GetPublicKey operations Cloud KMS CryptoKey Signer/Verifier ['cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudjobdiscovery.profilesViewer Read access to all profile data in Cloud Talent Solution. Cloud Talent Solution Profile Viewer ['cloudjobdiscovery.profiles.get', 'cloudjobdiscovery.profiles.search', 'cloudjobdiscovery.tenants.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.developer Permission to manage deployment configuration without permission to access operational resources, such as targets. Cloud Deploy Developer ['clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.config.get', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudkms.admin Enables management of crypto resources. Cloud KMS Admin ['cloudkms.autokeyConfigs.get', 'cloudkms.autokeyConfigs.update', 'cloudkms.cryptoKeyVersions.create', 'cloudkms.cryptoKeyVersions.destroy', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeyVersions.restore', 'cloudkms.cryptoKeyVersions.update', 'cloudkms.cryptoKeyVersions.useToDecryptViaDelegation', 'cloudkms.cryptoKeyVersions.useToEncryptViaDelegation', 'cloudkms.cryptoKeys.create', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.getIamPolicy', 'cloudkms.cryptoKeys.list', 'cloudkms.cryptoKeys.setIamPolicy', 'cloudkms.cryptoKeys.update', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConfigs.getIamPolicy', 'cloudkms.ekmConfigs.setIamPolicy', 'cloudkms.ekmConfigs.update', 'cloudkms.ekmConnections.create', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.getIamPolicy', 'cloudkms.ekmConnections.list', 'cloudkms.ekmConnections.setIamPolicy', 'cloudkms.ekmConnections.update', 'cloudkms.ekmConnections.use', 'cloudkms.ekmConnections.verifyConnectivity', 'cloudkms.importJobs.create', 'cloudkms.importJobs.get', 'cloudkms.importJobs.getIamPolicy', 'cloudkms.importJobs.list', 'cloudkms.importJobs.setIamPolicy', 'cloudkms.importJobs.useToImport', 'cloudkms.keyHandles.create', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.create', 'cloudkms.keyRings.createTagBinding', 'cloudkms.keyRings.deleteTagBinding', 'cloudkms.keyRings.get', 'cloudkms.keyRings.getIamPolicy', 'cloudkms.keyRings.list', 'cloudkms.keyRings.listEffectiveTags', 'cloudkms.keyRings.listTagBindings', 'cloudkms.keyRings.setIamPolicy', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.locations.optOutKeyDeletionMsa', 'cloudkms.operations.get', 'cloudkms.projects.showEffectiveAutokeyConfig', 'resourcemanager.projects.get'] GA
roles/cloudoptimization.editor Editor of Cloud Optimization AI resources Cloud Optimization AI Editor ['cloudoptimization.operations.create', 'cloudoptimization.operations.get'] GA
roles/cloudtrace.user User access to Cloud Trace. Can view traces, insights and stats. Can create, list, view, and delete tasks. Cloud Trace User ['cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudoptimization.admin Administrator of Cloud Optimization AI resources Cloud Optimization AI Admin ['cloudoptimization.operations.create', 'cloudoptimization.operations.get'] GA
roles/cloudtasks.taskRunner Access to run tasks. Cloud Tasks Task Runner ['cloudtasks.tasks.fullView', 'cloudtasks.tasks.run', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudkms.viewer Enables Get and List operations. Cloud KMS Viewer ['cloudkms.autokeyConfigs.get', 'cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.list', 'cloudkms.cryptoKeys.get', 'cloudkms.cryptoKeys.list', 'cloudkms.ekmConfigs.get', 'cloudkms.ekmConnections.get', 'cloudkms.ekmConnections.list', 'cloudkms.importJobs.get', 'cloudkms.importJobs.list', 'cloudkms.keyHandles.get', 'cloudkms.keyHandles.list', 'cloudkms.keyRings.get', 'cloudkms.keyRings.list', 'cloudkms.locations.get', 'cloudkms.locations.list', 'cloudkms.operations.get', 'resourcemanager.projects.get'] GA
roles/clouddeploymentmanager.serviceAgent Allows Deployment Manager service to actuate resources across DM projects and folders Cloud Deployment Manager Service Agent ['accesscontextmanager.accessLevels.create', 'accesscontextmanager.accessLevels.delete', 'accesscontextmanager.accessLevels.get', 'accesscontextmanager.accessLevels.update', 'accesscontextmanager.policies.list', 'accesscontextmanager.servicePerimeters.create', 'accesscontextmanager.servicePerimeters.delete', 'accesscontextmanager.servicePerimeters.get', 'accesscontextmanager.servicePerimeters.update', 'appengine.applications.get', 'appengine.operations.get', 'appengine.services.update', 'appengine.versions.create', 'appengine.versions.delete', 'appengine.versions.get', 'appengine.versions.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.get', 'artifactregistry.repositories.update', 'bigquery.connections.get', 'bigquery.datasets.create', 'bigquery.datasets.delete', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.update', 'bigquery.jobs.create', 'bigquery.routines.create', 'bigquery.routines.get', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.setCategory', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigtable.instances.create', 'bigtable.instances.delete', 'bigtable.instances.get', 'bigtable.instances.update', 'bigtable.tables.create', 'bigtable.tables.delete', 'bigtable.tables.get', 'bigtable.tables.update', 'billing.resourceAssociations.create', 'billing.resourcebudgets.write', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.functions.update', 'cloudfunctions.operations.get', 'cloudprivatecatalog.targets.get', 'cloudscheduler.jobs.create', 'cloudscheduler.jobs.delete', 'cloudscheduler.jobs.get', 'cloudscheduler.jobs.update', 'cloudsql.backupRuns.create', 'cloudsql.databases.create', 'cloudsql.databases.delete', 'cloudsql.databases.get', 'cloudsql.databases.list', 'cloudsql.databases.update', 'cloudsql.instances.create', 'cloudsql.instances.delete', 'cloudsql.instances.get', 'cloudsql.instances.import', 'cloudsql.instances.restart', 'cloudsql.instances.update', 'cloudsql.sslCerts.create', 'cloudsql.sslCerts.delete', 'cloudsql.sslCerts.get', 'cloudsql.users.create', 'cloudsql.users.delete', 'cloudtasks.queues.create', 'cloudtasks.queues.delete', 'cloudtasks.queues.get', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.update', 'compute.backendBuckets.create', 'compute.backendBuckets.delete', 'compute.backendBuckets.get', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.create', 'compute.backendServices.delete', 'compute.backendServices.get', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setLabels', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.create', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.get', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.setLabels', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.healthChecks.create', 'compute.healthChecks.delete', 'compute.healthChecks.get', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.delete', 'compute.images.deprecate', 'compute.images.get', 'compute.images.setLabels', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.delete', 'compute.instanceGroups.get', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.listTagBindings', 'compute.instances.resume', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateDisplayDevice', 'compute.instances.use', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnects.create', 'compute.interconnects.delete', 'compute.interconnects.get', 'compute.interconnects.setLabels', 'compute.interconnects.use', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.use', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.delete', 'compute.networks.get', 'compute.networks.listPeeringRoutes', 'compute.networks.removePeering', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.organizations.disableXpnResource', 'compute.organizations.enableXpnHost', 'compute.organizations.enableXpnResource', 'compute.packetMirrorings.create', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.get', 'compute.projects.get', 'compute.projects.setUsageExportBucket', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.get', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.use', 'compute.regionOperations.get', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.get', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.use', 'compute.regions.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.use', 'compute.routers.create', 'compute.routers.delete', 'compute.routers.get', 'compute.routers.update', 'compute.routers.use', 'compute.routes.create', 'compute.routes.delete', 'compute.routes.get', 'compute.securityPolicies.create', 'compute.securityPolicies.delete', 'compute.securityPolicies.get', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.get', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.delete', 'compute.sslCertificates.get', 'compute.sslPolicies.create', 'compute.sslPolicies.delete', 'compute.sslPolicies.get', 'compute.sslPolicies.use', 'compute.subnetworks.create', 'compute.subnetworks.delete', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.list', 'compute.subnetworks.mirror', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.delete', 'compute.targetInstances.get', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.delete', 'compute.targetPools.get', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.get', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.delete', 'compute.urlMaps.get', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.vpnGateways.create', 'compute.vpnGateways.delete', 'compute.vpnGateways.get', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.get', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.update', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.update', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.get', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.operations.get', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.update', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.update', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.update', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'datacatalog.taxonomies.get', 'dataproc.autoscalingPolicies.create', 'dataproc.autoscalingPolicies.delete', 'dataproc.autoscalingPolicies.get', 'dataproc.autoscalingPolicies.use', 'dataproc.clusters.create', 'dataproc.clusters.delete', 'dataproc.clusters.get', 'dataproc.nodeGroups.create', 'dataproc.operations.get', 'dataproc.workflowTemplates.create', 'dataproc.workflowTemplates.delete', 'dataproc.workflowTemplates.get', 'deploymentmanager.compositeTypes.get', 'deploymentmanager.deployments.create', 'deploymentmanager.deployments.delete', 'deploymentmanager.deployments.get', 'deploymentmanager.deployments.update', 'deploymentmanager.operations.get', 'deploymentmanager.typeProviders.create', 'deploymentmanager.typeProviders.delete', 'deploymentmanager.typeProviders.get', 'deploymentmanager.typeProviders.update', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.policies.delete', 'dns.policies.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'file.instances.create', 'file.instances.delete', 'file.instances.get', 'file.instances.update', 'file.operations.get', 'firebase.projects.get', 'firebase.projects.update', 'firebaseanalytics.resources.googleAnalyticsEdit', 'iam.roles.create', 'iam.roles.delete', 'iam.roles.get', 'iam.roles.list', 'iam.roles.update', 'iam.serviceAccountKeys.delete', 'iam.serviceAccountKeys.get', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.create', 'iam.serviceAccounts.delete', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'iam.serviceAccounts.update', 'logging.buckets.update', 'logging.exclusions.create', 'logging.exclusions.delete', 'logging.exclusions.get', 'logging.exclusions.update', 'logging.logEntries.create', 'logging.logMetrics.create', 'logging.logMetrics.delete', 'logging.logMetrics.get', 'logging.logMetrics.update', 'logging.notificationRules.create', 'logging.sinks.create', 'logging.sinks.delete', 'logging.sinks.get', 'logging.sinks.update', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'monitoring.dashboards.create', 'monitoring.dashboards.delete', 'monitoring.dashboards.get', 'monitoring.dashboards.update', 'monitoring.groups.create', 'monitoring.groups.delete', 'monitoring.groups.get', 'monitoring.groups.update', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.delete', 'monitoring.metricDescriptors.get', 'monitoring.notificationChannels.create', 'monitoring.notificationChannels.delete', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.update', 'monitoring.uptimeCheckConfigs.create', 'monitoring.uptimeCheckConfigs.delete', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.update', 'networksecurity.serverTlsPolicies.use', 'pubsub.schemas.attach', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.publish', 'pubsub.topics.update', 'redis.instances.create', 'redis.instances.delete', 'redis.instances.get', 'redis.instances.update', 'redis.instances.updateAuth', 'redis.operations.get', 'resourcemanager.folders.create', 'resourcemanager.folders.delete', 'resourcemanager.folders.get', 'resourcemanager.folders.getIamPolicy', 'resourcemanager.folders.list', 'resourcemanager.folders.update', 'resourcemanager.organizations.getIamPolicy', 'resourcemanager.projects.create', 'resourcemanager.projects.createBillingAssignment', 'resourcemanager.projects.delete', 'resourcemanager.projects.deleteBillingAssignment', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'resourcemanager.projects.move', 'resourcemanager.projects.update', 'resourcemanager.projects.updateLiens', 'resourcemanager.tagHolds.create', 'resourcemanager.tagHolds.delete', 'resourcemanager.tagValueBindings.create', 'resourcemanager.tagValueBindings.delete', 'resourcemanager.tagValues.get', 'runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.list', 'runtimeconfig.configs.update', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.list', 'runtimeconfig.variables.update', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.list', 'servicedirectory.namespaces.associatePrivateZone', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicemanagement.services.bind', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.create', 'spanner.databaseOperations.get', 'spanner.databases.create', 'spanner.databases.drop', 'spanner.databases.get', 'spanner.databases.updateDdl', 'spanner.instanceOperations.get', 'spanner.instances.create', 'spanner.instances.delete', 'spanner.instances.get', 'spanner.instances.update', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.update', 'storage.hmacKeys.create', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'vpcaccess.connectors.create', 'vpcaccess.connectors.delete', 'vpcaccess.operations.get', 'workflows.operations.get', 'workflows.workflows.create', 'workflows.workflows.delete', 'workflows.workflows.get'] GA
roles/cloudsql.serviceAgent Grants Cloud SQL access to services and APIs in the user project Cloud SQL Service Agent ['cloudsql.instances.get'] GA
roles/cloudcontrolspartner.editor Editor access to Cloud Controls Partner resources. Cloud Controls Partner Editor ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.get', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudconfig.admin Full access to Firebase Remote Config resources. Firebase Remote Config Admin ['cloudconfig.configs.get', 'cloudconfig.configs.update', 'firebase.clients.get', 'firebase.clients.list', 'firebase.projects.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudcontrolspartner.admin Full access to Cloud Controls Partner resources. Cloud Controls Partner Admin ['cloudcontrolspartner.accessapprovalrequests.list', 'cloudcontrolspartner.customers.create', 'cloudcontrolspartner.customers.delete', 'cloudcontrolspartner.customers.get', 'cloudcontrolspartner.customers.list', 'cloudcontrolspartner.ekmconnections.get', 'cloudcontrolspartner.inspectabilityevents.get', 'cloudcontrolspartner.partnerpermissions.get', 'cloudcontrolspartner.partners.get', 'cloudcontrolspartner.platformcontrols.get', 'cloudcontrolspartner.violations.list', 'cloudcontrolspartner.workloads.list'] GA
roles/cloudiot.deviceController Access to update the device configuration, but not to create or delete devices. Cloud IoT Device Controller ['cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.updateConfig', 'cloudiot.registries.get', 'cloudiot.registries.list', 'cloudiottoken.tokensettings.get'] GA
roles/cloudkms.cryptoKeyEncrypter Enables Encrypt operations Cloud KMS CryptoKey Encrypter ['cloudkms.cryptoKeyVersions.useToEncrypt', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudaicompanion.codeRepositoryIndexesViewer Grants readonly access to Code Repository Indexes resources. Code Repository Indexes Viewer ['cloudaicompanion.codeRepositoryIndexes.get', 'cloudaicompanion.codeRepositoryIndexes.list', 'cloudaicompanion.operations.get', 'cloudaicompanion.operations.list', 'cloudaicompanion.repositoryGroups.get', 'cloudaicompanion.repositoryGroups.getIamPolicy', 'cloudaicompanion.repositoryGroups.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudkms.publicKeyViewer Enables GetPublicKey operations Cloud KMS CryptoKey Public Key Viewer ['cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get'] GA
roles/cloudiot.admin Full control of all Cloud IoT resources and permissions. Cloud IoT Admin ['cloudiot.devices.bindGateway', 'cloudiot.devices.create', 'cloudiot.devices.delete', 'cloudiot.devices.get', 'cloudiot.devices.list', 'cloudiot.devices.sendCommand', 'cloudiot.devices.unbindGateway', 'cloudiot.devices.update', 'cloudiot.devices.updateConfig', 'cloudiot.registries.create', 'cloudiot.registries.delete', 'cloudiot.registries.get', 'cloudiot.registries.getIamPolicy', 'cloudiot.registries.list', 'cloudiot.registries.setIamPolicy', 'cloudiot.registries.update', 'cloudiottoken.tokensettings.get', 'cloudiottoken.tokensettings.update'] GA
roles/cloudtrace.admin Admin access to Cloud Trace. Cloud Trace Admin ['cloudtrace.insights.get', 'cloudtrace.insights.list', 'cloudtrace.stats.get', 'cloudtrace.tasks.create', 'cloudtrace.tasks.delete', 'cloudtrace.tasks.get', 'cloudtrace.tasks.list', 'cloudtrace.traceScopes.create', 'cloudtrace.traceScopes.delete', 'cloudtrace.traceScopes.get', 'cloudtrace.traceScopes.list', 'cloudtrace.traceScopes.update', 'cloudtrace.traces.get', 'cloudtrace.traces.list', 'cloudtrace.traces.patch', 'observability.scopes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtranslate.admin Full access to all Cloud Translation resources Cloud Translation API Admin ['automl.models.get', 'automl.models.predict', 'cloudtranslate.adaptiveMtDatasets.create', 'cloudtranslate.adaptiveMtDatasets.delete', 'cloudtranslate.adaptiveMtDatasets.get', 'cloudtranslate.adaptiveMtDatasets.import', 'cloudtranslate.adaptiveMtDatasets.list', 'cloudtranslate.adaptiveMtDatasets.predict', 'cloudtranslate.adaptiveMtFiles.delete', 'cloudtranslate.adaptiveMtFiles.get', 'cloudtranslate.adaptiveMtFiles.list', 'cloudtranslate.adaptiveMtSentences.list', 'cloudtranslate.customModels.create', 'cloudtranslate.customModels.delete', 'cloudtranslate.customModels.get', 'cloudtranslate.customModels.list', 'cloudtranslate.customModels.predict', 'cloudtranslate.datasets.create', 'cloudtranslate.datasets.delete', 'cloudtranslate.datasets.export', 'cloudtranslate.datasets.get', 'cloudtranslate.datasets.import', 'cloudtranslate.datasets.list', 'cloudtranslate.generalModels.batchDocPredict', 'cloudtranslate.generalModels.batchPredict', 'cloudtranslate.generalModels.docPredict', 'cloudtranslate.generalModels.get', 'cloudtranslate.generalModels.predict', 'cloudtranslate.glossaries.batchDocPredict', 'cloudtranslate.glossaries.batchPredict', 'cloudtranslate.glossaries.create', 'cloudtranslate.glossaries.delete', 'cloudtranslate.glossaries.docPredict', 'cloudtranslate.glossaries.get', 'cloudtranslate.glossaries.list', 'cloudtranslate.glossaries.predict', 'cloudtranslate.glossaries.update', 'cloudtranslate.glossaryentries.create', 'cloudtranslate.glossaryentries.delete', 'cloudtranslate.glossaryentries.get', 'cloudtranslate.glossaryentries.list', 'cloudtranslate.glossaryentries.update', 'cloudtranslate.languageDetectionModels.predict', 'cloudtranslate.locations.get', 'cloudtranslate.locations.list', 'cloudtranslate.operations.cancel', 'cloudtranslate.operations.delete', 'cloudtranslate.operations.get', 'cloudtranslate.operations.list', 'cloudtranslate.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/clouddeploy.admin Full control of Cloud Deploy resources. Cloud Deploy Admin ['clouddeploy.automationRuns.cancel', 'clouddeploy.automationRuns.get', 'clouddeploy.automationRuns.list', 'clouddeploy.automations.create', 'clouddeploy.automations.delete', 'clouddeploy.automations.get', 'clouddeploy.automations.list', 'clouddeploy.automations.update', 'clouddeploy.config.get', 'clouddeploy.customTargetTypes.create', 'clouddeploy.customTargetTypes.delete', 'clouddeploy.customTargetTypes.get', 'clouddeploy.customTargetTypes.getIamPolicy', 'clouddeploy.customTargetTypes.list', 'clouddeploy.customTargetTypes.setIamPolicy', 'clouddeploy.customTargetTypes.update', 'clouddeploy.deliveryPipelines.create', 'clouddeploy.deliveryPipelines.createTagBinding', 'clouddeploy.deliveryPipelines.delete', 'clouddeploy.deliveryPipelines.deleteTagBinding', 'clouddeploy.deliveryPipelines.get', 'clouddeploy.deliveryPipelines.getIamPolicy', 'clouddeploy.deliveryPipelines.list', 'clouddeploy.deliveryPipelines.listEffectiveTags', 'clouddeploy.deliveryPipelines.listTagBindings', 'clouddeploy.deliveryPipelines.setIamPolicy', 'clouddeploy.deliveryPipelines.update', 'clouddeploy.deployPolicies.create', 'clouddeploy.deployPolicies.delete', 'clouddeploy.deployPolicies.get', 'clouddeploy.deployPolicies.list', 'clouddeploy.deployPolicies.override', 'clouddeploy.deployPolicies.update', 'clouddeploy.jobRuns.get', 'clouddeploy.jobRuns.list', 'clouddeploy.jobRuns.terminate', 'clouddeploy.locations.get', 'clouddeploy.locations.list', 'clouddeploy.operations.cancel', 'clouddeploy.operations.delete', 'clouddeploy.operations.get', 'clouddeploy.operations.list', 'clouddeploy.releases.abandon', 'clouddeploy.releases.create', 'clouddeploy.releases.delete', 'clouddeploy.releases.get', 'clouddeploy.releases.list', 'clouddeploy.rollouts.advance', 'clouddeploy.rollouts.approve', 'clouddeploy.rollouts.cancel', 'clouddeploy.rollouts.create', 'clouddeploy.rollouts.get', 'clouddeploy.rollouts.ignoreJob', 'clouddeploy.rollouts.list', 'clouddeploy.rollouts.retryJob', 'clouddeploy.rollouts.rollback', 'clouddeploy.targets.create', 'clouddeploy.targets.createTagBinding', 'clouddeploy.targets.delete', 'clouddeploy.targets.deleteTagBinding', 'clouddeploy.targets.get', 'clouddeploy.targets.getIamPolicy', 'clouddeploy.targets.list', 'clouddeploy.targets.listEffectiveTags', 'clouddeploy.targets.listTagBindings', 'clouddeploy.targets.setIamPolicy', 'clouddeploy.targets.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudtpu.serviceAgent Give Cloud TPUs service account access to managed resources Cloud TPU V2 API Service Agent ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.get', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.delete', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.get', 'compute.storagePools.list', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.getIamPolicy', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.setIamPolicy', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.getIamPolicy', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.setIamPolicy', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.getIamPolicy', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.setIamPolicy', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics'] GA
roles/cloudprivatecatalogproducer.manager Can manage associations between a catalog and a target resource. Catalog Manager ['cloudprivatecatalog.targets.get', 'cloudprivatecatalogproducer.associations.create', 'cloudprivatecatalogproducer.associations.delete', 'cloudprivatecatalogproducer.associations.get', 'cloudprivatecatalogproducer.associations.list', 'cloudprivatecatalogproducer.catalogAssociations.create', 'cloudprivatecatalogproducer.catalogAssociations.delete', 'cloudprivatecatalogproducer.catalogAssociations.get', 'cloudprivatecatalogproducer.catalogAssociations.list', 'cloudprivatecatalogproducer.catalogs.get', 'cloudprivatecatalogproducer.catalogs.list', 'cloudprivatecatalogproducer.producerCatalogs.get', 'cloudprivatecatalogproducer.producerCatalogs.list', 'cloudprivatecatalogproducer.targets.associate', 'cloudprivatecatalogproducer.targets.unassociate', 'resourcemanager.folders.get', 'resourcemanager.folders.list', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] BETA
roles/cloudkms.expertRawPKCS1 Enables raw PKCS#1 keys management. Cloud KMS Expert Raw PKCS#1 Key Manager ['cloudkms.cryptoKeyVersions.manageRawPKCS1Keys', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/cloudbuild.integrationsEditor Can update Integrations Cloud Build Integrations Editor ['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA