| roles/cloudbuild.integrationsOwner |
Can create/delete Integrations |
Cloud Build Integrations Owner |
['cloudbuild.integrations.create', 'cloudbuild.integrations.delete', 'cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'compute.firewalls.create', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networks.get', 'compute.networks.updatePolicy', 'compute.regions.get', 'compute.subnetworks.get', 'compute.subnetworks.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.builds.editor |
Can create and cancel builds |
Cloud Build Editor |
['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.builds.approver |
Can approve or reject pending builds. |
Cloud Build Approver |
['cloudbuild.builds.approve', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.builds.viewer |
Can view builds |
Cloud Build Viewer |
['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.workerPoolUser |
Can run builds in the WorkerPool |
Cloud Build WorkerPool User |
['cloudbuild.workerpools.use'] |
|
GA |
| roles/cloudbuild.workerPoolOwner |
Can create, delete, update, and view WorkerPools |
Cloud Build WorkerPool Owner |
['cloudbuild.workerpools.create', 'cloudbuild.workerpools.delete', 'cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.loggingServiceAgent |
Gives the Cloud Build logging-specific service account access to write logs. |
Cloud Build Logging Service Agent |
['logging.buckets.write'] |
|
GA |
| roles/cloudbuild.workerPoolEditor |
Can update and view WorkerPools |
Cloud Build WorkerPool Editor |
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'cloudbuild.workerpools.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.workerPoolViewer |
Can view WorkerPools |
Cloud Build WorkerPool Viewer |
['cloudbuild.workerpools.get', 'cloudbuild.workerpools.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.builds.builder |
Can perform builds |
Cloud Build Service Account |
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.topics.create', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] |
|
GA |
| roles/cloudbuild.integrationsViewer |
Can view Integrations |
Cloud Build Integrations Viewer |
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.serviceAgent |
Gives Cloud Build service account access to managed resources. |
Cloud Build Service Agent |
['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.createOnPush', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.create', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.yumartifacts.create', 'binaryauthorization.attestors.create', 'binaryauthorization.attestors.delete', 'binaryauthorization.attestors.get', 'binaryauthorization.attestors.list', 'binaryauthorization.attestors.update', 'binaryauthorization.attestors.verifyImageAttested', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.connections.get', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'cloudbuild.workerpools.use', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.networkAttachments.get', 'compute.networkAttachments.update', 'compute.networks.get', 'compute.regionOperations.get', 'compute.subnetworks.get', 'containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'developerconnect.connections.get', 'iam.serviceAccounts.get', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'logging.buckets.create', 'logging.buckets.get', 'logging.buckets.list', 'logging.logEntries.create', 'logging.logEntries.list', 'logging.views.access', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.endpoints.get', 'servicedirectory.endpoints.getIamPolicy', 'servicedirectory.endpoints.list', 'servicedirectory.locations.get', 'servicedirectory.locations.list', 'servicedirectory.namespaces.get', 'servicedirectory.namespaces.getIamPolicy', 'servicedirectory.namespaces.list', 'servicedirectory.networks.access', 'servicedirectory.services.get', 'servicedirectory.services.getIamPolicy', 'servicedirectory.services.list', 'servicedirectory.services.resolve', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] |
|
GA |
| roles/cloudbuild.tokenAccessor |
Can view the connection and access its read/write and read-only tokens. |
Cloud Build Token Accessor |
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.accessReadWriteToken', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list'] |
|
GA |
| roles/cloudbuild.connectionAdmin |
Can manage connections and repositories. |
Cloud Build Connection Admin |
['cloudbuild.connections.create', 'cloudbuild.connections.delete', 'cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.connections.setIamPolicy', 'cloudbuild.connections.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.repositories.create', 'cloudbuild.repositories.delete', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.readTokenAccessor |
Can view the connection and access its read-only token. |
Cloud Build Read Only Token Accessor |
['cloudbuild.connections.get', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.get'] |
|
GA |
| roles/cloudbuild.connectionViewer |
Can view and list connections and repositories. |
Cloud Build Connection Viewer |
['cloudbuild.connections.fetchLinkableRepositories', 'cloudbuild.connections.get', 'cloudbuild.connections.getIamPolicy', 'cloudbuild.connections.list', 'cloudbuild.repositories.fetchGitRefs', 'cloudbuild.repositories.get', 'cloudbuild.repositories.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/cloudbuild.integrationsEditor |
Can update Integrations |
Cloud Build Integrations Editor |
['cloudbuild.integrations.get', 'cloudbuild.integrations.list', 'cloudbuild.integrations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |