Send feedback
Access control with IAM
Preview
This product is
subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the
Service Specific
Terms .
Pre-GA products are available "as is" and might have limited support.
For more information, see the
launch stage descriptions .
This page describes Application Design Center roles and permissions. To control
access to App Design Center, use Identity and Access Management (IAM)
to assign roles to users, groups, and service accounts.
Predefined Application Design Center roles
To grant access to specific Google Cloud resources and prevent
unauthorized access to other resources, assign App Design Center's
predefined roles on the
app-enabled folder or management project:.
Use the following IAM roles to manage spaces and author
templates:
Application Design Center Admin (roles/designcenter.admin)
Application Design Center User (roles/designcenter.user)
Application Design Center Viewer (roles/designcenter.viewer)
Use the following IAM roles to create application configurations
and manage deployment lifecycles:
Application Admin (roles/designcenter.applicationAdmin)
Application Editor (roles/designcenter.applicationEditor)
Application Viewer (roles/designcenter.applicationViewer)
The Application Design Center Admin role includes all permissions in the other
Application Design Center roles.
Application Design Center role descriptions
The following table describes App Design Center roles and their typical
responsibilities.
Role
Description
Purpose
Application Design Center Admin
Ability to create and manage all App Design Center artifacts, and delegate application control to other users.
To manage the full lifecycle of an application.
Typically Platform Admins, who generally have administrative permissions and full visibility of the end-to-end architecture.
Application Design Center User
Ability to create and update application templates.
To scale the capability to create, update, or delete application templates to ease the effort of Platform Admins.
Typically a Platform Engineer who needs to create and manage application templates.
Application Design Center Viewer
Ability to view spaces, catalogs, templates, applications, and their attributes.
To enable basic visibility across spaces, catalogs and applications, and their dependencies.
Typically most personnel in the organization. To get the most value, grant all App Design Center users this role.
Application Admin
Ability to create, manage and deploy applications, and delegate application control to other application developers.
To manage application drafts and deployments, as well as the ability to attach service projects required to store individual resources.
Typically administrators and developers who are responsible for application creation.
Application Editor
Ability to create, manage, and deploy applications.
To scale the capability to manage drafts and deployments to ease the effort of application administrators.
Typically an application operator who has a good understanding of deployments.
Application Viewer
Ability to view applications.
To enable basic visibility across templates and applications, and their dependencies.
Typically most personnel in the organization. To get the most value, grant all Application Design Center users this role.
Application Design Center permissions
The following table lists App Design Center IAM
roles and their permissions.
Application Design Center Admin
Beta
(roles/designcenter.admin )
Full access to Application Design Center resources.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list
apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list
config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list
config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list
designcenter.*
designcenter.applicationTemplateRevisions.delete designcenter.applicationTemplateRevisions.get designcenter.applicationTemplateRevisions.list designcenter.applicationTemplates.create designcenter.applicationTemplates.delete designcenter.applicationTemplates.get designcenter.applicationTemplates.list designcenter.applicationTemplates.update designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update designcenter.catalogTemplateRevisions.create designcenter.catalogTemplateRevisions.delete designcenter.catalogTemplateRevisions.get designcenter.catalogTemplateRevisions.list designcenter.catalogTemplates.create designcenter.catalogTemplates.delete designcenter.catalogTemplates.get designcenter.catalogTemplates.list designcenter.catalogTemplates.update designcenter.catalogs.createdesigncenter.catalogs.deletedesigncenter.catalogs.getdesigncenter.catalogs.listdesigncenter.catalogs.updatedesigncenter.components.createdesigncenter.components.deletedesigncenter.components.getdesigncenter.components.listdesigncenter.components.updatedesigncenter.connections.create designcenter.connections.delete designcenter.connections.getdesigncenter.connections.listdesigncenter.connections.update designcenter.locations.getdesigncenter.locations.listdesigncenter.operations.canceldesigncenter.operations.deletedesigncenter.operations.getdesigncenter.operations.listdesigncenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list designcenter.sharedTemplates.get designcenter.sharedTemplates.list designcenter.shares.createdesigncenter.shares.deletedesigncenter.shares.getdesigncenter.shares.listdesigncenter.spaces.createdesigncenter.spaces.deletedesigncenter.spaces.getdesigncenter.spaces.getIamPolicy designcenter.spaces.listdesigncenter.spaces.setIamPolicy designcenter.spaces.update
monitoring.timeSeries.create
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.*
storage.folders.createstorage.folders.deletestorage.folders.getstorage.folders.liststorage.folders.rename
storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.list
storage.multipartUploads.*
storage.multipartUploads.abortstorage.multipartUploads.create storage.multipartUploads.liststorage.multipartUploads.listParts
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.move
storage.objects.restore
storage.objects.update
Application Design Center User
Beta
(roles/designcenter.user )
Readonly access to Application Design Center resources.
apphub.serviceProjectAttachments.list
designcenter.applicationTemplateRevisions.*
designcenter.applicationTemplateRevisions.delete designcenter.applicationTemplateRevisions.get designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.*
designcenter.applicationTemplates.create designcenter.applicationTemplates.delete designcenter.applicationTemplates.get designcenter.applicationTemplates.list designcenter.applicationTemplates.update
designcenter.applications.get
designcenter.applications.list
designcenter.catalogTemplateRevisions.get
designcenter.catalogTemplateRevisions.list
designcenter.catalogTemplates.get
designcenter.catalogTemplates.list
designcenter.catalogs.get
designcenter.catalogs.list
designcenter.components.*
designcenter.components.createdesigncenter.components.deletedesigncenter.components.getdesigncenter.components.listdesigncenter.components.update
designcenter.connections.*
designcenter.connections.create designcenter.connections.delete designcenter.connections.getdesigncenter.connections.listdesigncenter.connections.update
designcenter.locations.*
designcenter.locations.getdesigncenter.locations.list
designcenter.operations.get
designcenter.operations.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.getIamPolicy
designcenter.spaces.list
monitoring.timeSeries.create
orgpolicy.policy.get
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.*
storage.folders.createstorage.folders.deletestorage.folders.getstorage.folders.liststorage.folders.rename
storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.list
storage.multipartUploads.*
storage.multipartUploads.abortstorage.multipartUploads.create storage.multipartUploads.liststorage.multipartUploads.listParts
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.move
storage.objects.restore
storage.objects.update
Application Design Center Viewer
Beta
(roles/designcenter.viewer )
Readonly access to Application Design Center resources.
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.get
designcenter.applications.list
designcenter.catalogTemplateRevisions.get
designcenter.catalogTemplateRevisions.list
designcenter.catalogTemplates.get
designcenter.catalogTemplates.list
designcenter.catalogs.get
designcenter.catalogs.list
designcenter.components.get
designcenter.components.list
designcenter.connections.get
designcenter.connections.list
designcenter.locations.*
designcenter.locations.getdesigncenter.locations.list
designcenter.operations.get
designcenter.operations.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.getIamPolicy
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
storage.folders.get
storage.folders.list
storage.managedFolders.get
storage.managedFolders.list
storage.objects.get
storage.objects.list
Application Admin
Beta
(roles/designcenter.applicationAdmin )
Admin access to Application.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list
apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list
config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list
config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.*
designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
Application Editor
Beta
(roles/designcenter.applicationEditor )
Read and Write access to Application.
apphub.applications.create
apphub.applications.delete
apphub.applications.get
apphub.applications.list
apphub.applications.update
apphub.locations.*
apphub.locations.getapphub.locations.list
apphub.serviceProjectAttachments.list
cloudbuild.builds.get
cloudbuild.builds.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list
config.operations.get
config.operations.list
config.previews.export
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list
config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.*
designcenter.applications.create designcenter.applications.delete designcenter.applications.getdesigncenter.applications.listdesigncenter.applications.update
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
Application Viewer
Beta
(roles/designcenter.applicationViewer )
Readonly access to Application.
apphub.applications.get
apphub.applications.list
apphub.locations.*
apphub.locations.getapphub.locations.list
config.deployments.get
config.deployments.getIamPolicy
config.deployments.list
config.locations.*
config.locations.getconfig.locations.list
config.operations.get
config.operations.list
config.previews.get
config.previews.list
config.resources.*
config.resources.getconfig.resources.list
config.revisions.get
config.revisions.list
config.terraformversions.*
config.terraformversions.getconfig.terraformversions.list
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applications.get
designcenter.applications.list
designcenter.sharedTemplateRevisions.*
designcenter.sharedTemplateRevisions.get designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.*
designcenter.sharedTemplates.get designcenter.sharedTemplates.list
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.get
designcenter.spaces.list
resourcemanager.projects.get
resourcemanager.projects.list
What's next
Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-16 UTC.
Need to tell us more?
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-16 UTC."],[],[]]
