Roles Data

Name Description Title Included Permissions Copy Stage
roles/run.sourceViewer View Cloud Run source deployed resources. Cloud Run Source Viewer ['artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleChannelConfigs.get', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.messageBuses.get', 'eventarc.messageBuses.getIamPolicy', 'eventarc.messageBuses.list', 'eventarc.messageBuses.use', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.validate', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.topics.get', 'pubsub.topics.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list'] BETA
roles/runtimeconfig.admin Full access to RuntimeConfig resources. Cloud RuntimeConfig Admin ['runtimeconfig.configs.create', 'runtimeconfig.configs.delete', 'runtimeconfig.configs.get', 'runtimeconfig.configs.getIamPolicy', 'runtimeconfig.configs.list', 'runtimeconfig.configs.setIamPolicy', 'runtimeconfig.configs.update', 'runtimeconfig.operations.get', 'runtimeconfig.operations.list', 'runtimeconfig.variables.create', 'runtimeconfig.variables.delete', 'runtimeconfig.variables.get', 'runtimeconfig.variables.getIamPolicy', 'runtimeconfig.variables.list', 'runtimeconfig.variables.setIamPolicy', 'runtimeconfig.variables.update', 'runtimeconfig.variables.watch', 'runtimeconfig.waiters.create', 'runtimeconfig.waiters.delete', 'runtimeconfig.waiters.get', 'runtimeconfig.waiters.getIamPolicy', 'runtimeconfig.waiters.list', 'runtimeconfig.waiters.setIamPolicy', 'runtimeconfig.waiters.update'] GA
roles/runapps.serviceAgent Gives Serverless Integrations Service Account access to customer project resources. Serverless Integrations Service Agent ['cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudsql.databases.get', 'cloudsql.instances.get', 'cloudsql.users.get', 'compute.backendServices.get', 'compute.backendServices.list', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.networks.get', 'compute.networks.list', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.urlMaps.get', 'compute.urlMaps.list', 'firebasehosting.sites.get', 'iam.serviceAccounts.actAs', 'redis.instances.get', 'redis.instances.list', 'run.jobs.get', 'run.jobs.list', 'run.services.get', 'run.services.list', 'serviceusage.services.use', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.list'] GA
roles/run.viewer Can view the state of all Cloud Run resources, including IAM policies. Cloud Run Viewer ['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.get', 'run.executions.list', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.locations.list', 'run.operations.get', 'run.operations.list', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.list', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.tasks.get', 'run.tasks.list'] GA
roles/runapps.viewer Readonly access to Serverless Integrations resources. Serverless Integrations Viewer ['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.get', 'runapps.operations.list'] BETA
roles/run.developer Read and write access to all Cloud Run resources. Cloud Run Developer ['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list'] GA
roles/run.admin Full control over all Cloud Run resources. Cloud Run Admin ['recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.createTagBinding', 'run.jobs.delete', 'run.jobs.deleteTagBinding', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.setIamPolicy', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.createTagBinding', 'run.services.delete', 'run.services.deleteTagBinding', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.setIamPolicy', 'run.services.update', 'run.tasks.get', 'run.tasks.list'] GA
roles/run.sourceDeveloper Deploy and manage Cloud Run source deployed resources. Cloud Run Source Developer ['artifactregistry.repositories.create', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.operations.get', 'cloudbuild.operations.list', 'eventarc.channelConnections.create', 'eventarc.channelConnections.delete', 'eventarc.channelConnections.get', 'eventarc.channelConnections.getIamPolicy', 'eventarc.channelConnections.list', 'eventarc.channelConnections.publish', 'eventarc.channels.attach', 'eventarc.channels.create', 'eventarc.channels.delete', 'eventarc.channels.get', 'eventarc.channels.getIamPolicy', 'eventarc.channels.list', 'eventarc.channels.publish', 'eventarc.channels.undelete', 'eventarc.channels.update', 'eventarc.enrollments.create', 'eventarc.enrollments.delete', 'eventarc.enrollments.get', 'eventarc.enrollments.getIamPolicy', 'eventarc.enrollments.list', 'eventarc.enrollments.update', 'eventarc.googleApiSources.create', 'eventarc.googleApiSources.delete', 'eventarc.googleApiSources.get', 'eventarc.googleApiSources.getIamPolicy', 'eventarc.googleApiSources.list', 'eventarc.googleApiSources.update', 'eventarc.googleChannelConfigs.get', 'eventarc.googleChannelConfigs.update', 'eventarc.locations.get', 'eventarc.locations.list', 'eventarc.operations.cancel', 'eventarc.operations.delete', 'eventarc.operations.get', 'eventarc.operations.list', 'eventarc.pipelines.create', 'eventarc.pipelines.delete', 'eventarc.pipelines.get', 'eventarc.pipelines.getIamPolicy', 'eventarc.pipelines.list', 'eventarc.pipelines.update', 'eventarc.providers.get', 'eventarc.providers.list', 'eventarc.triggers.create', 'eventarc.triggers.delete', 'eventarc.triggers.get', 'eventarc.triggers.getIamPolicy', 'eventarc.triggers.list', 'eventarc.triggers.undelete', 'eventarc.triggers.update', 'orgpolicy.policy.get', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'recommender.locations.get', 'recommender.locations.list', 'recommender.runServiceCostInsights.get', 'recommender.runServiceCostInsights.list', 'recommender.runServiceCostInsights.update', 'recommender.runServiceCostRecommendations.get', 'recommender.runServiceCostRecommendations.list', 'recommender.runServiceCostRecommendations.update', 'recommender.runServiceIdentityInsights.get', 'recommender.runServiceIdentityInsights.list', 'recommender.runServiceIdentityInsights.update', 'recommender.runServiceIdentityRecommendations.get', 'recommender.runServiceIdentityRecommendations.list', 'recommender.runServiceIdentityRecommendations.update', 'recommender.runServicePerformanceInsights.get', 'recommender.runServicePerformanceInsights.list', 'recommender.runServicePerformanceInsights.update', 'recommender.runServicePerformanceRecommendations.get', 'recommender.runServicePerformanceRecommendations.list', 'recommender.runServicePerformanceRecommendations.update', 'recommender.runServiceSecurityInsights.get', 'recommender.runServiceSecurityInsights.list', 'recommender.runServiceSecurityInsights.update', 'recommender.runServiceSecurityRecommendations.get', 'recommender.runServiceSecurityRecommendations.list', 'recommender.runServiceSecurityRecommendations.update', 'remotebuildexecution.blobs.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'run.configurations.get', 'run.configurations.list', 'run.executions.cancel', 'run.executions.delete', 'run.executions.get', 'run.executions.list', 'run.jobs.create', 'run.jobs.delete', 'run.jobs.get', 'run.jobs.getIamPolicy', 'run.jobs.list', 'run.jobs.listEffectiveTags', 'run.jobs.listTagBindings', 'run.jobs.run', 'run.jobs.runWithOverrides', 'run.jobs.update', 'run.locations.list', 'run.operations.delete', 'run.operations.get', 'run.operations.list', 'run.revisions.delete', 'run.revisions.get', 'run.revisions.list', 'run.routes.get', 'run.routes.invoke', 'run.routes.list', 'run.services.create', 'run.services.delete', 'run.services.get', 'run.services.getIamPolicy', 'run.services.list', 'run.services.listEffectiveTags', 'run.services.listTagBindings', 'run.services.update', 'run.tasks.get', 'run.tasks.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.list', 'storage.folders.create', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.create', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.get', 'storage.objects.list'] BETA
roles/run.builder Can build Cloud Run functions and source deployed services. Cloud Run Builder ['artifactregistry.repositories.deleteArtifacts', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.uploadArtifacts', 'logging.logEntries.create', 'source.repos.get', 'storage.objects.get'] BETA
roles/runapps.developer Access to create and change Serverless Integrations and their configuration. Serverless Integrations Developer ['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.create', 'runapps.applications.delete', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.applications.update', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list'] BETA
roles/run.serviceAgent Gives Cloud Run service account access to managed resources. Cloud Run Service Agent ['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.policy.evaluatePolicy', 'clientauthconfig.clients.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.list', 'compute.globalOperations.get', 'compute.networks.access', 'compute.networks.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.getAccessToken', 'iam.serviceAccounts.getOpenIdToken', 'iam.serviceAccounts.signBlob', 'networkservices.meshes.get', 'resourcemanager.projects.get', 'resourcemanager.projects.getIamPolicy', 'resourcemanager.projects.list', 'run.routes.invoke', 'serviceusage.services.use', 'storage.folders.get', 'storage.folders.list', 'storage.managedFolders.get', 'storage.managedFolders.list', 'storage.objects.get', 'storage.objects.list', 'vpcaccess.connectors.get', 'vpcaccess.connectors.use'] GA
roles/runapps.operator Access to deploy Serverless Integrations. Serverless Integrations Operator ['resourcemanager.projects.get', 'resourcemanager.projects.list', 'runapps.applications.get', 'runapps.applications.getStatus', 'runapps.applications.list', 'runapps.deployments.create', 'runapps.deployments.get', 'runapps.deployments.list', 'runapps.locations.get', 'runapps.locations.list', 'runapps.operations.cancel', 'runapps.operations.delete', 'runapps.operations.get', 'runapps.operations.list'] BETA
roles/run.invoker Can invoke Cloud Run services and execute Cloud Run jobs. Cloud Run Invoker ['run.jobs.run', 'run.routes.invoke'] GA