Roles Data

Name Description Title Included Permissions Copy Stage
roles/cloudfunctions.serviceAgent Gives Cloud Functions service account access to managed resources. Cloud Functions Service Agent ['artifactregistry.aptartifacts.create', 'artifactregistry.attachments.create', 'artifactregistry.attachments.delete', 'artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.delete', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.files.update', 'artifactregistry.files.upload', 'artifactregistry.kfpartifacts.create', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.delete', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.packages.update', 'artifactregistry.projectsettings.get', 'artifactregistry.projectsettings.update', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.create', 'artifactregistry.repositories.createTagBinding', 'artifactregistry.repositories.delete', 'artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.deleteTagBinding', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.update', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.create', 'artifactregistry.rules.delete', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.rules.update', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'artifactregistry.versions.update', 'artifactregistry.yumartifacts.create', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudbuild.workerpools.use', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'compute.globalOperations.get', 'compute.networks.access', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'firebasedatabase.instances.get', 'firebasedatabase.instances.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.getIamPolicy', 'pubsub.subscriptions.list', 'pubsub.subscriptions.setIamPolicy', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.disable', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.use', 'source.repos.get', 'source.repos.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/cloudfunctions.invoker Ability to invoke 1st gen HTTP functions with restricted access. 2nd gen functions need the Cloud Run Invoker role instead. Cloud Functions Invoker ['cloudfunctions.functions.invoke'] GA
roles/cloudfunctions.admin Full access to functions, operations and locations. Cloud Functions Admin ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.setIamPolicy', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channelConnections.setIamPolicy', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.setIamPolicy', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.setIamPolicy', 'eventarc.enrollments.update', 'eventarc.events.receiveAuditLogWritten', 'eventarc.events.receiveEvent', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.setIamPolicy', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.create', 'eventarc.messageBuses.delete', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.publish', 'eventarc.messageBuses.setIamPolicy', 'eventarc.messageBuses.update', 'eventarc.messageBuses.use', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.setIamPolicy', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.setIamPolicy', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.developer Read and write access to all functions-related resources. Cloud Functions Developer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.call', 'cloudfunctions.functions.create', 'cloudfunctions.functions.delete', 'cloudfunctions.functions.get', 'cloudfunctions.functions.invoke', 'cloudfunctions.functions.list', 'cloudfunctions.functions.sourceCodeGet', 'cloudfunctions.functions.sourceCodeSet', 'cloudfunctions.functions.update', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceInsights.update', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.cloudFunctionsPerformanceRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA
roles/cloudfunctions.viewer Read-only access to functions and locations. Cloud Functions Viewer ['cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'cloudfunctions.functions.get', 'cloudfunctions.functions.getIamPolicy', 'cloudfunctions.functions.list', 'cloudfunctions.locations.list', 'cloudfunctions.operations.get', 'cloudfunctions.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'recommender.cloudFunctionsPerformanceInsights.get', 'recommender.cloudFunctionsPerformanceInsights.list', 'recommender.cloudFunctionsPerformanceRecommendations.get', 'recommender.cloudFunctionsPerformanceRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list'] GA