See the supported connectors for Application Integration.

Predefined Application Integration IAM roles

Predefined roles give granular access to specific Google Cloud resources. These roles are created and maintained by Google. Google automatically updates their permissions as necessary, such as when Google Cloud adds new features or services.

The following table lists all the predefined IAM roles for Application Integration:

Other roles

Permissions

Advisory Notifications Admin

(roles/advisorynotifications.admin)

Grants write access to settings in Advisory Notifications

advisorynotifications.*

resourcemanager.organizations.get

resourcemanager.projects.get

Advisory Notifications Viewer

(roles/advisorynotifications.viewer)

Grants view access in Advisory Notifications

advisorynotifications.notifications.*

advisorynotifications.settings.get

resourcemanager.organizations.get

resourcemanager.projects.get

Cloud API Hub Admin ^Beta

(roles/apihub.admin)

Full access to all API hub resources.

apihub.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud API hub Attributes Admin ^Beta

(roles/apihub.attributeAdmin)

Full access to all Cloud API hub attribute's resources.

apihub.attributes.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud API Hub Editor ^Beta

(roles/apihub.editor)

Edit access to most of Cloud API Hub resources.

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.*

apihub.apis.*

apihub.attributes.get

apihub.attributes.list

apihub.curations.get

apihub.curations.list

apihub.definitions.*

apihub.dependencies.*

apihub.deployments.*

apihub.externalApis.*

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.*

apihub.locations.*

apihub.operations.get

apihub.operations.list

apihub.plugininstances.get

apihub.plugininstances.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.*

apihub.styleGuides.get

apihub.versions.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud API hub Plugins Admin ^Beta

(roles/apihub.pluginAdmin)

Full access to all Cloud API hub plugin's resources.

apihub.curations.*

apihub.locations.collectApiData

apihub.operations.*

apihub.plugininstances.*

apihub.plugins.*

apihub.specs.lint

apihub.styleGuides.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud API hub Provisioning Admin ^Beta

(roles/apihub.provisioningAdmin)

Full access to Cloud API hub provisioning related resources.

apihub.apiHubInstances.*

apihub.hostProjectRegistrations.*

apihub.operations.*

apihub.runTimeProjectAttachments.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud API hub Runtime Project Attachment Editor ^Beta

(roles/apihub.runTimeProjectAttachmentsEditor)

Access to add/delete project as a runtime project attachment to API hub host project.

apihub.runTimeProjectAttachments.attach

Cloud API hub Viewer ^Beta

(roles/apihub.viewer)

View access to all Cloud API hub resources.

apihub.apiHubInstances.get

apihub.apiHubInstances.list

apihub.apiOperations.get

apihub.apiOperations.list

apihub.apis.get

apihub.apis.list

apihub.apis.listEffectiveTags

apihub.apis.listTagBindings

apihub.attributes.get

apihub.attributes.list

apihub.curations.get

apihub.curations.list

apihub.definitions.get

apihub.definitions.list

apihub.dependencies.get

apihub.dependencies.list

apihub.deployments.get

apihub.deployments.list

apihub.deployments.listEffectiveTags

apihub.deployments.listTagBindings

apihub.externalApis.get

apihub.externalApis.list

apihub.hostProjectRegistrations.get

apihub.hostProjectRegistrations.list

apihub.llmEnablements.get

apihub.llmEnablements.list

apihub.locations.searchResources

apihub.operations.get

apihub.operations.list

apihub.plugininstances.get

apihub.plugininstances.list

apihub.plugins.get

apihub.plugins.list

apihub.runTimeProjectAttachments.get

apihub.runTimeProjectAttachments.list

apihub.specs.get

apihub.specs.list

apihub.styleGuides.get

apihub.versions.get

apihub.versions.list

resourcemanager.projects.get

resourcemanager.projects.list

API Management Admin ^Beta

(roles/apim.admin)

Full access to API Management resources.

apim.*

resourcemanager.projects.get

resourcemanager.projects.list

API Management Viewer ^Beta

(roles/apim.viewer)

Readonly access to API Management resources.

apim.apiObservations.get

apim.apiObservations.list

apim.apiOperations.*

apim.locations.*

apim.observationJobs.get

apim.observationJobs.list

apim.observationSources.get

apim.observationSources.list

apim.operations.get

apim.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

App Hub Admin

(roles/apphub.admin)

Full access to App Hub resources.

apphub.*

resourcemanager.projects.get

resourcemanager.projects.list

App Management Viewer ^Beta

(roles/apphub.appManagementViewer)

This role, an aggregation of read permissions across multiple app centric products.

apphub.applications.get

apphub.applications.list

apphub.discoveredServices.get

apphub.discoveredServices.list

apphub.discoveredWorkloads.get

apphub.discoveredWorkloads.list

apphub.locations.*

apphub.operations.get

apphub.operations.list

apphub.serviceProjectAttachments.lookup

apphub.services.get

apphub.services.list

apphub.workloads.get

apphub.workloads.list

billing.resourceCosts.get

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.analyzeMove

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportAccessLevel

cloudasset.assets.exportAccessPolicy

cloudasset.assets.exportAiplatformBatchPredictionJobs

cloudasset.assets.exportAiplatformCustomJobs

cloudasset.assets.exportAiplatformDataLabelingJobs

cloudasset.assets.exportAiplatformDatasets

cloudasset.assets.exportAiplatformEndpoints

cloudasset.assets.exportAiplatformHyperparameterTuningJobs

cloudasset.assets.exportAiplatformMetadataStores

cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.exportAiplatformModels

cloudasset.assets.exportAiplatformPipelineJobs

cloudasset.assets.exportAiplatformSpecialistPools

cloudasset.assets.exportAiplatformTrainingPipelines

cloudasset.assets.exportAllAccessPolicy

cloudasset.assets.exportAnthosConnectedCluster

cloudasset.assets.exportAnthosedgeCluster

cloudasset.assets.exportApigatewayApi

cloudasset.assets.exportApigatewayApiConfig

cloudasset.assets.exportApigatewayGateway

cloudasset.assets.exportApikeysKeys

cloudasset.assets.exportAppengineApplications

cloudasset.assets.exportAppengineServices

cloudasset.assets.exportAppengineVersions

cloudasset.assets.exportArtifactregistryDockerImages

cloudasset.assets.exportArtifactregistryRepositories

cloudasset.assets.exportAssuredWorkloadsWorkloads

cloudasset.assets.exportBeyondCorpApiGateways

cloudasset.assets.exportBeyondCorpAppConnections

cloudasset.assets.exportBeyondCorpAppConnectors

cloudasset.assets.exportBeyondCorpAppGateways

cloudasset.assets.exportBeyondCorpClientConnectorServices

cloudasset.assets.exportBeyondCorpClientGateways

cloudasset.assets.exportBigqueryDatasets

cloudasset.assets.exportBigqueryModels

cloudasset.assets.exportBigqueryTables

cloudasset.assets.exportBigtableAppProfile

cloudasset.assets.exportBigtableBackup

cloudasset.assets.exportBigtableCluster

cloudasset.assets.exportBigtableInstance

cloudasset.assets.exportBigtableTable

cloudasset.assets.exportCloudAssetFeeds

cloudasset.assets.exportCloudDeployDeliveryPipelines

cloudasset.assets.exportCloudDeployReleases

cloudasset.assets.exportCloudDeployRollouts

cloudasset.assets.exportCloudDeployTargets

cloudasset.assets.exportCloudDocumentAIEvaluation

cloudasset.assets.exportCloudDocumentAIHumanReviewConfig

cloudasset.assets.exportCloudDocumentAILabelerPool

cloudasset.assets.exportCloudDocumentAIProcessor

cloudasset.assets.exportCloudDocumentAIProcessorVersion

cloudasset.assets.exportCloudbillingBillingAccounts

cloudasset.assets.exportCloudbillingProjectBillingInfos

cloudasset.assets.exportCloudfunctionsFunctions

cloudasset.assets.exportCloudfunctionsGen2Functions

cloudasset.assets.exportCloudkmsCryptoKeyVersions

cloudasset.assets.exportCloudkmsCryptoKeys

cloudasset.assets.exportCloudkmsEkmConnections

cloudasset.assets.exportCloudkmsImportJobs

cloudasset.assets.exportCloudkmsKeyRings

cloudasset.assets.exportCloudmemcacheInstances

cloudasset.assets.exportCloudresourcemanagerFolders

cloudasset.assets.exportCloudresourcemanagerOrganizations

cloudasset.assets.exportCloudresourcemanagerProjects

cloudasset.assets.exportCloudresourcemanagerTagBindings

cloudasset.assets.exportCloudresourcemanagerTagKeys

cloudasset.assets.exportCloudresourcemanagerTagValues

cloudasset.assets.exportComposerEnvironments

cloudasset.assets.exportComputeAddress

cloudasset.assets.exportComputeAutoscalers

cloudasset.assets.exportComputeBackendBuckets

cloudasset.assets.exportComputeBackendServices

cloudasset.assets.exportComputeCommitments

cloudasset.assets.exportComputeDisks

cloudasset.assets.exportComputeExternalVpnGateways

cloudasset.assets.exportComputeFirewallPolicies

cloudasset.assets.exportComputeFirewalls

cloudasset.assets.exportComputeForwardingRules

cloudasset.assets.exportComputeGlobalAddress

cloudasset.assets.exportComputeGlobalForwardingRules

cloudasset.assets.exportComputeHealthChecks

cloudasset.assets.exportComputeHttpHealthChecks

cloudasset.assets.exportComputeHttpsHealthChecks

cloudasset.assets.exportComputeImages

cloudasset.assets.exportComputeInstanceGroupManagers

cloudasset.assets.exportComputeInstanceGroups

cloudasset.assets.exportComputeInstanceTemplates

cloudasset.assets.exportComputeInstances

cloudasset.assets.exportComputeInterconnect

cloudasset.assets.exportComputeInterconnectAttachment

cloudasset.assets.exportComputeLicenses

cloudasset.assets.exportComputeNetworkEndpointGroups

cloudasset.assets.exportComputeNetworks

cloudasset.assets.exportComputeNodeGroups

cloudasset.assets.exportComputeNodeTemplates

cloudasset.assets.exportComputePacketMirrorings

cloudasset.assets.exportComputeProjects

cloudasset.assets.exportComputeRegionAutoscaler

cloudasset.assets.exportComputeRegionBackendServices

cloudasset.assets.exportComputeRegionDisk

cloudasset.assets.exportComputeRegionInstanceGroup

cloudasset.assets.exportComputeRegionInstanceGroupManager

cloudasset.assets.exportComputeReservations

cloudasset.assets.exportComputeResourcePolicies

cloudasset.assets.exportComputeRouters

cloudasset.assets.exportComputeRoutes

cloudasset.assets.exportComputeSecurityPolicy

cloudasset.assets.exportComputeServiceAttachments

cloudasset.assets.exportComputeSnapshots

cloudasset.assets.exportComputeSslCertificates

cloudasset.assets.exportComputeSslPolicies

cloudasset.assets.exportComputeSubnetworks

cloudasset.assets.exportComputeTargetHttpProxies

cloudasset.assets.exportComputeTargetHttpsProxies

cloudasset.assets.exportComputeTargetInstances

cloudasset.assets.exportComputeTargetPools

cloudasset.assets.exportComputeTargetSslProxies

cloudasset.assets.exportComputeTargetTcpProxies

cloudasset.assets.exportComputeTargetVpnGateways

cloudasset.assets.exportComputeUrlMaps

cloudasset.assets.exportComputeVpnGateways

cloudasset.assets.exportComputeVpnTunnels

cloudasset.assets.exportConnectorsConnections

cloudasset.assets.exportConnectorsConnectorVersions

cloudasset.assets.exportConnectorsConnectors

cloudasset.assets.exportConnectorsProviders

cloudasset.assets.exportConnectorsRuntimeConfigs

cloudasset.assets.exportContainerAppsDeployment

cloudasset.assets.exportContainerAppsReplicaSets

cloudasset.assets.exportContainerBatchJobs

cloudasset.assets.exportContainerClusterrole

cloudasset.assets.exportContainerClusterrolebinding

cloudasset.assets.exportContainerClusters

cloudasset.assets.exportContainerExtensionsIngresses

cloudasset.assets.exportContainerJobs

cloudasset.assets.exportContainerNamespace

cloudasset.assets.exportContainerNetworkingIngresses

cloudasset.assets.exportContainerNetworkingNetworkPolicies

cloudasset.assets.exportContainerNode

cloudasset.assets.exportContainerNodepool

cloudasset.assets.exportContainerPod

cloudasset.assets.exportContainerReplicaSets

cloudasset.assets.exportContainerRole

cloudasset.assets.exportContainerRolebinding

cloudasset.assets.exportContainerServices

cloudasset.assets.exportContainerregistryImage

cloudasset.assets.exportDataMigrationConnectionProfiles

cloudasset.assets.exportDataMigrationMigrationJobs

cloudasset.assets.exportDataflowJobs

cloudasset.assets.exportDatafusionInstance

cloudasset.assets.exportDataplexAssets

cloudasset.assets.exportDataplexLakes

cloudasset.assets.exportDataplexTasks

cloudasset.assets.exportDataplexZones

cloudasset.assets.exportDataprocAutoscalingPolicies

cloudasset.assets.exportDataprocBatches

cloudasset.assets.exportDataprocClusters

cloudasset.assets.exportDataprocJobs

cloudasset.assets.exportDataprocSessions

cloudasset.assets.exportDataprocWorkflowTemplates

cloudasset.assets.exportDatastreamConnectionProfile

cloudasset.assets.exportDatastreamPrivateConnection

cloudasset.assets.exportDatastreamStream

cloudasset.assets.exportDialogflowAgents

cloudasset.assets.exportDialogflowConversationProfiles

cloudasset.assets.exportDialogflowKnowledgeBases

cloudasset.assets.exportDialogflowLocationSettings

cloudasset.assets.exportDlpDeidentifyTemplates

cloudasset.assets.exportDlpDlpJobs

cloudasset.assets.exportDlpInspectTemplates

cloudasset.assets.exportDlpJobTriggers

cloudasset.assets.exportDlpStoredInfoTypes

cloudasset.assets.exportDnsManagedZones

cloudasset.assets.exportDnsPolicies

cloudasset.assets.exportDomainsRegistrations

cloudasset.assets.exportEventarcTriggers

cloudasset.assets.exportFileBackups

cloudasset.assets.exportFileInstances

cloudasset.assets.exportFirebaseAppInfos

cloudasset.assets.exportFirebaseProjects

cloudasset.assets.exportFirestoreDatabases

cloudasset.assets.exportGKEHubFeatures

cloudasset.assets.exportGKEHubMemberships

cloudasset.assets.exportGameservicesGameServerClusters

cloudasset.assets.exportGameservicesGameServerConfigs

cloudasset.assets.exportGameservicesGameServerDeployments

cloudasset.assets.exportGameservicesRealms

cloudasset.assets.exportGkeBackupBackupPlans

cloudasset.assets.exportGkeBackupBackups

cloudasset.assets.exportGkeBackupRestorePlans

cloudasset.assets.exportGkeBackupRestores

cloudasset.assets.exportGkeBackupVolumeBackups

cloudasset.assets.exportGkeBackupVolumeRestores

cloudasset.assets.exportHealthcareConsentStores

cloudasset.assets.exportHealthcareDatasets

cloudasset.assets.exportHealthcareDicomStores

cloudasset.assets.exportHealthcareFhirStores

cloudasset.assets.exportHealthcareHl7V2Stores

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportIamRoles

cloudasset.assets.exportIamServiceAccountKeys

cloudasset.assets.exportIamServiceAccounts

cloudasset.assets.exportIapTunnel

cloudasset.assets.exportIapTunnelInstances

cloudasset.assets.exportIapTunnelZones

cloudasset.assets.exportIapWeb

cloudasset.assets.exportIapWebServiceVersion

cloudasset.assets.exportIapWebServices

cloudasset.assets.exportIapWebType

cloudasset.assets.exportIdsEndpoints

cloudasset.assets.exportIntegrationsAuthConfigs

cloudasset.assets.exportIntegrationsCertificates

cloudasset.assets.exportIntegrationsExecutions

cloudasset.assets.exportIntegrationsIntegrationVersions

cloudasset.assets.exportIntegrationsIntegrations

cloudasset.assets.exportIntegrationsSfdcChannels

cloudasset.assets.exportIntegrationsSfdcInstances

cloudasset.assets.exportIntegrationsSuspensions

cloudasset.assets.exportLoggingLogMetrics

cloudasset.assets.exportLoggingLogSinks

cloudasset.assets.exportManagedidentitiesDomain

cloudasset.assets.exportMetastoreBackups

cloudasset.assets.exportMetastoreMetadataImports

cloudasset.assets.exportMetastoreServices

cloudasset.assets.exportMonitoringAlertPolicies

cloudasset.assets.exportNetworkConnectivityHubs

cloudasset.assets.exportNetworkConnectivitySpokes

cloudasset.assets.exportNetworkManagementConnectivityTests

cloudasset.assets.exportNetworkServicesEndpointPolicies

cloudasset.assets.exportNetworkServicesGateways

cloudasset.assets.exportNetworkServicesGrpcRoutes

cloudasset.assets.exportNetworkServicesHttpRoutes

cloudasset.assets.exportNetworkServicesMeshes

cloudasset.assets.exportNetworkServicesServiceBindings

cloudasset.assets.exportNetworkServicesTcpRoutes

cloudasset.assets.exportNetworkServicesTlsRoutes

cloudasset.assets.exportOSConfigOSPolicyAssignmentReports

cloudasset.assets.exportOSConfigOSPolicyAssignments

cloudasset.assets.exportOSConfigVulnerabilityReports

cloudasset.assets.exportOSInventories

cloudasset.assets.exportOrgPolicy

cloudasset.assets.exportPatchDeployments

cloudasset.assets.exportPubsubSnapshots

cloudasset.assets.exportPubsubSubscriptions

cloudasset.assets.exportPubsubTopics

cloudasset.assets.exportRedisInstances

cloudasset.assets.exportResource

cloudasset.assets.exportSecretManagerSecretVersions

cloudasset.assets.exportSecretManagerSecrets

cloudasset.assets.exportServiceDirectoryNamespaces

cloudasset.assets.exportServicePerimeter

cloudasset.assets.exportServiceconsumermanagementConsumerProperty

cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.exportServiceconsumermanagementConsumers

cloudasset.assets.exportServiceconsumermanagementProducerOverrides

cloudasset.assets.exportServiceconsumermanagementTenancyUnits

cloudasset.assets.exportServiceconsumermanagementVisibility

cloudasset.assets.exportServicemanagementServices

cloudasset.assets.exportServiceusageAdminOverrides

cloudasset.assets.exportServiceusageConsumerOverrides

cloudasset.assets.exportServiceusageServices

cloudasset.assets.exportSpannerBackups

cloudasset.assets.exportSpannerDatabases

cloudasset.assets.exportSpannerInstances

cloudasset.assets.exportSpeakerIdPhrases

cloudasset.assets.exportSpeakerIdSettings

cloudasset.assets.exportSpeakerIdSpeakers

cloudasset.assets.exportSpeechCustomClasses

cloudasset.assets.exportSpeechPhraseSets

cloudasset.assets.exportSqladminBackupRuns

cloudasset.assets.exportSqladminInstances

cloudasset.assets.exportStorageBuckets

cloudasset.assets.exportTpuNodes

cloudasset.assets.exportVpcaccessConnector

cloudasset.assets.listAccessLevel

cloudasset.assets.listAccessPolicy

cloudasset.assets.listAiplatformBatchPredictionJobs

cloudasset.assets.listAiplatformCustomJobs

cloudasset.assets.listAiplatformDataLabelingJobs

cloudasset.assets.listAiplatformDatasets

cloudasset.assets.listAiplatformEndpoints

cloudasset.assets.listAiplatformHyperparameterTuningJobs

cloudasset.assets.listAiplatformMetadataStores

cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs

cloudasset.assets.listAiplatformModels

cloudasset.assets.listAiplatformPipelineJobs

cloudasset.assets.listAiplatformSpecialistPools

cloudasset.assets.listAiplatformTrainingPipelines

cloudasset.assets.listAllAccessPolicy

cloudasset.assets.listAnthosConnectedCluster

cloudasset.assets.listAnthosedgeCluster

cloudasset.assets.listApigatewayApi

cloudasset.assets.listApigatewayApiConfig

cloudasset.assets.listApigatewayGateway

cloudasset.assets.listApikeysKeys

cloudasset.assets.listAppengineApplications

cloudasset.assets.listAppengineServices

cloudasset.assets.listAppengineVersions

cloudasset.assets.listArtifactregistryDockerImages

cloudasset.assets.listArtifactregistryRepositories

cloudasset.assets.listAssuredWorkloadsWorkloads

cloudasset.assets.listBeyondCorpApiGateways

cloudasset.assets.listBeyondCorpAppConnections

cloudasset.assets.listBeyondCorpAppConnectors

cloudasset.assets.listBeyondCorpAppGateways

cloudasset.assets.listBeyondCorpClientConnectorServices

cloudasset.assets.listBeyondCorpClientGateways

cloudasset.assets.listBigqueryDatasets

cloudasset.assets.listBigqueryModels

cloudasset.assets.listBigqueryTables

cloudasset.assets.listBigtableAppProfile

cloudasset.assets.listBigtableBackup

cloudasset.assets.listBigtableCluster

cloudasset.assets.listBigtableInstance

cloudasset.assets.listBigtableTable

cloudasset.assets.listCloudAssetFeeds

cloudasset.assets.listCloudDeployDeliveryPipelines

cloudasset.assets.listCloudDeployReleases

cloudasset.assets.listCloudDeployRollouts

cloudasset.assets.listCloudDeployTargets

cloudasset.assets.listCloudDocumentAIEvaluation

cloudasset.assets.listCloudDocumentAIHumanReviewConfig

cloudasset.assets.listCloudDocumentAILabelerPool

cloudasset.assets.listCloudDocumentAIProcessor

cloudasset.assets.listCloudDocumentAIProcessorVersion

cloudasset.assets.listCloudbillingBillingAccounts

cloudasset.assets.listCloudbillingProjectBillingInfos

cloudasset.assets.listCloudfunctionsFunctions

cloudasset.assets.listCloudfunctionsGen2Functions

cloudasset.assets.listCloudkmsCryptoKeyVersions

cloudasset.assets.listCloudkmsCryptoKeys

cloudasset.assets.listCloudkmsEkmConnections

cloudasset.assets.listCloudkmsImportJobs

cloudasset.assets.listCloudkmsKeyRings

cloudasset.assets.listCloudmemcacheInstances

cloudasset.assets.listCloudresourcemanagerFolders

cloudasset.assets.listCloudresourcemanagerOrganizations

cloudasset.assets.listCloudresourcemanagerProjects

cloudasset.assets.listCloudresourcemanagerTagBindings

cloudasset.assets.listCloudresourcemanagerTagKeys

cloudasset.assets.listCloudresourcemanagerTagValues

cloudasset.assets.listComposerEnvironments

cloudasset.assets.listComputeAddress

cloudasset.assets.listComputeAutoscalers

cloudasset.assets.listComputeBackendBuckets

cloudasset.assets.listComputeBackendServices

cloudasset.assets.listComputeCommitments

cloudasset.assets.listComputeDisks

cloudasset.assets.listComputeExternalVpnGateways

cloudasset.assets.listComputeFirewallPolicies

cloudasset.assets.listComputeFirewalls

cloudasset.assets.listComputeForwardingRules

cloudasset.assets.listComputeGlobalAddress

cloudasset.assets.listComputeGlobalForwardingRules

cloudasset.assets.listComputeHealthChecks

cloudasset.assets.listComputeHttpHealthChecks

cloudasset.assets.listComputeHttpsHealthChecks

cloudasset.assets.listComputeImages

cloudasset.assets.listComputeInstanceGroupManagers

cloudasset.assets.listComputeInstanceGroups

cloudasset.assets.listComputeInstanceTemplates

cloudasset.assets.listComputeInstances

cloudasset.assets.listComputeInterconnect

cloudasset.assets.listComputeInterconnectAttachment

cloudasset.assets.listComputeLicenses

cloudasset.assets.listComputeNetworkEndpointGroups

cloudasset.assets.listComputeNetworks

cloudasset.assets.listComputeNodeGroups

cloudasset.assets.listComputeNodeTemplates

cloudasset.assets.listComputePacketMirrorings

cloudasset.assets.listComputeProjects

cloudasset.assets.listComputeRegionAutoscaler

cloudasset.assets.listComputeRegionBackendServices

cloudasset.assets.listComputeRegionDisk

cloudasset.assets.listComputeRegionInstanceGroup

cloudasset.assets.listComputeRegionInstanceGroupManager

cloudasset.assets.listComputeReservations

cloudasset.assets.listComputeResourcePolicies

cloudasset.assets.listComputeRouters

cloudasset.assets.listComputeRoutes

cloudasset.assets.listComputeSecurityPolicy

cloudasset.assets.listComputeServiceAttachments

cloudasset.assets.listComputeSnapshots

cloudasset.assets.listComputeSslCertificates

cloudasset.assets.listComputeSslPolicies

cloudasset.assets.listComputeSubnetworks

cloudasset.assets.listComputeTargetHttpProxies

cloudasset.assets.listComputeTargetHttpsProxies

cloudasset.assets.listComputeTargetInstances

cloudasset.assets.listComputeTargetPools

cloudasset.assets.listComputeTargetSslProxies

cloudasset.assets.listComputeTargetTcpProxies

cloudasset.assets.listComputeTargetVpnGateways

cloudasset.assets.listComputeUrlMaps

cloudasset.assets.listComputeVpnGateways

cloudasset.assets.listComputeVpnTunnels

cloudasset.assets.listConnectorsConnections

cloudasset.assets.listConnectorsConnectorVersions

cloudasset.assets.listConnectorsConnectors

cloudasset.assets.listConnectorsProviders

cloudasset.assets.listConnectorsRuntimeConfigs

cloudasset.assets.listContainerAppsDeployment

cloudasset.assets.listContainerAppsReplicaSets

cloudasset.assets.listContainerBatchJobs

cloudasset.assets.listContainerClusterrole

cloudasset.assets.listContainerClusterrolebinding

cloudasset.assets.listContainerClusters

cloudasset.assets.listContainerExtensionsIngresses

cloudasset.assets.listContainerJobs

cloudasset.assets.listContainerNamespace

cloudasset.assets.listContainerNetworkingIngresses

cloudasset.assets.listContainerNetworkingNetworkPolicies

cloudasset.assets.listContainerNode

cloudasset.assets.listContainerNodepool

cloudasset.assets.listContainerPod

cloudasset.assets.listContainerReplicaSets

cloudasset.assets.listContainerRole

cloudasset.assets.listContainerRolebinding

cloudasset.assets.listContainerServices

cloudasset.assets.listContainerregistryImage

cloudasset.assets.listDataMigrationConnectionProfiles

cloudasset.assets.listDataMigrationMigrationJobs

cloudasset.assets.listDataflowJobs

cloudasset.assets.listDatafusionInstance

cloudasset.assets.listDataplexAssets

cloudasset.assets.listDataplexLakes

cloudasset.assets.listDataplexTasks

cloudasset.assets.listDataplexZones

cloudasset.assets.listDataprocAutoscalingPolicies

cloudasset.assets.listDataprocBatches

cloudasset.assets.listDataprocClusters

cloudasset.assets.listDataprocJobs

cloudasset.assets.listDataprocSessions

cloudasset.assets.listDataprocWorkflowTemplates

cloudasset.assets.listDatastreamConnectionProfile

cloudasset.assets.listDatastreamPrivateConnection

cloudasset.assets.listDatastreamStream

cloudasset.assets.listDialogflowAgents

cloudasset.assets.listDialogflowConversationProfiles

cloudasset.assets.listDialogflowKnowledgeBases

cloudasset.assets.listDialogflowLocationSettings

cloudasset.assets.listDlpDeidentifyTemplates

cloudasset.assets.listDlpDlpJobs

cloudasset.assets.listDlpInspectTemplates

cloudasset.assets.listDlpJobTriggers

cloudasset.assets.listDlpStoredInfoTypes

cloudasset.assets.listDnsManagedZones

cloudasset.assets.listDnsPolicies

cloudasset.assets.listDomainsRegistrations

cloudasset.assets.listEventarcTriggers

cloudasset.assets.listFileBackups

cloudasset.assets.listFileInstances

cloudasset.assets.listFirebaseAppInfos

cloudasset.assets.listFirebaseProjects

cloudasset.assets.listFirestoreDatabases

cloudasset.assets.listGKEHubFeatures

cloudasset.assets.listGKEHubMemberships

cloudasset.assets.listGameservicesGameServerClusters

cloudasset.assets.listGameservicesGameServerConfigs

cloudasset.assets.listGameservicesGameServerDeployments

cloudasset.assets.listGameservicesRealms

cloudasset.assets.listGkeBackupBackupPlans

cloudasset.assets.listGkeBackupBackups

cloudasset.assets.listGkeBackupRestorePlans

cloudasset.assets.listGkeBackupRestores

cloudasset.assets.listGkeBackupVolumeBackups

cloudasset.assets.listGkeBackupVolumeRestores

cloudasset.assets.listHealthcareConsentStores

cloudasset.assets.listHealthcareDatasets

cloudasset.assets.listHealthcareDicomStores

cloudasset.assets.listHealthcareFhirStores

cloudasset.assets.listHealthcareHl7V2Stores

cloudasset.assets.listIamPolicy

cloudasset.assets.listIamRoles

cloudasset.assets.listIamServiceAccountKeys

cloudasset.assets.listIamServiceAccounts

cloudasset.assets.listIapTunnel

cloudasset.assets.listIapTunnelInstances

cloudasset.assets.listIapTunnelZones

cloudasset.assets.listIapWeb

cloudasset.assets.listIapWebServiceVersion

cloudasset.assets.listIapWebServices

cloudasset.assets.listIapWebType

cloudasset.assets.listIdsEndpoints

cloudasset.assets.listIntegrationsAuthConfigs

cloudasset.assets.listIntegrationsCertificates

cloudasset.assets.listIntegrationsExecutions

cloudasset.assets.listIntegrationsIntegrationVersions

cloudasset.assets.listIntegrationsIntegrations

cloudasset.assets.listIntegrationsSfdcChannels

cloudasset.assets.listIntegrationsSfdcInstances

cloudasset.assets.listIntegrationsSuspensions

cloudasset.assets.listLoggingLogMetrics

cloudasset.assets.listLoggingLogSinks

cloudasset.assets.listManagedidentitiesDomain

cloudasset.assets.listMetastoreBackups

cloudasset.assets.listMetastoreMetadataImports

cloudasset.assets.listMetastoreServices

cloudasset.assets.listMonitoringAlertPolicies

cloudasset.assets.listNetworkConnectivityHubs

cloudasset.assets.listNetworkConnectivitySpokes

cloudasset.assets.listNetworkManagementConnectivityTests

cloudasset.assets.listNetworkServicesEndpointPolicies

cloudasset.assets.listNetworkServicesGateways

cloudasset.assets.listNetworkServicesGrpcRoutes

cloudasset.assets.listNetworkServicesHttpRoutes

cloudasset.assets.listNetworkServicesMeshes

cloudasset.assets.listNetworkServicesServiceBindings

cloudasset.assets.listNetworkServicesTcpRoutes

cloudasset.assets.listNetworkServicesTlsRoutes

cloudasset.assets.listOSConfigOSPolicyAssignmentReports

cloudasset.assets.listOSConfigOSPolicyAssignments

cloudasset.assets.listOSConfigVulnerabilityReports

cloudasset.assets.listOSInventories

cloudasset.assets.listOrgPolicy

cloudasset.assets.listPatchDeployments

cloudasset.assets.listPubsubSnapshots

cloudasset.assets.listPubsubSubscriptions

cloudasset.assets.listPubsubTopics

cloudasset.assets.listRedisInstances

cloudasset.assets.listResource

cloudasset.assets.listRunDomainMapping

cloudasset.assets.listRunRevision

cloudasset.assets.listRunService

cloudasset.assets.listSecretManagerSecretVersions

cloudasset.assets.listSecretManagerSecrets

cloudasset.assets.listServiceDirectoryNamespaces

cloudasset.assets.listServicePerimeter

cloudasset.assets.listServiceconsumermanagementConsumerProperty

cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits

cloudasset.assets.listServiceconsumermanagementConsumers

cloudasset.assets.listServiceconsumermanagementProducerOverrides

cloudasset.assets.listServiceconsumermanagementTenancyUnits

cloudasset.assets.listServiceconsumermanagementVisibility

cloudasset.assets.listServicemanagementServices

cloudasset.assets.listServiceusageAdminOverrides

cloudasset.assets.listServiceusageConsumerOverrides

cloudasset.assets.listServiceusageServices

cloudasset.assets.listSpannerBackups

cloudasset.assets.listSpannerDatabases

cloudasset.assets.listSpannerInstances

cloudasset.assets.listSpeakerIdPhrases

cloudasset.assets.listSpeakerIdSettings

cloudasset.assets.listSpeakerIdSpeakers

cloudasset.assets.listSpeechCustomClasses

cloudasset.assets.listSpeechPhraseSets

cloudasset.assets.listSqladminBackupRuns

cloudasset.assets.listSqladminInstances

cloudasset.assets.listStorageBuckets

cloudasset.assets.listTpuNodes

cloudasset.assets.listVpcaccessConnector

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.othercloudconnections.get

cloudasset.othercloudconnections.list

cloudasset.othercloudconnections.verify

cloudnotifications.activities.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

config.revisions.get

config.revisions.list

config.terraformversions.*

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.get

designcenter.applications.list

designcenter.catalogTemplateRevisions.get

designcenter.catalogTemplateRevisions.list

designcenter.catalogTemplates.get

designcenter.catalogTemplates.list

designcenter.catalogs.get

designcenter.catalogs.list

designcenter.components.get

designcenter.components.list

designcenter.connections.get

designcenter.connections.list

designcenter.locations.*

designcenter.operations.get

designcenter.operations.list

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.getIamPolicy

designcenter.spaces.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.listEffectiveTags

monitoring.alertPolicies.listTagBindings

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

opsconfigmonitoring.resourceMetadata.list

recommender.alloydbClusterPerformanceInsights.get

recommender.alloydbClusterPerformanceInsights.list

recommender.alloydbClusterPerformanceRecommendations.get

recommender.alloydbClusterPerformanceRecommendations.list

recommender.alloydbClusterReliabilityInsights.get

recommender.alloydbClusterReliabilityInsights.list

recommender.alloydbClusterReliabilityRecommendations.get

recommender.alloydbClusterReliabilityRecommendations.list

recommender.alloydbInstanceSecurityInsights.get

recommender.alloydbInstanceSecurityInsights.list

recommender.alloydbInstanceSecurityRecommendations.get

recommender.alloydbInstanceSecurityRecommendations.list

recommender.bigqueryCapacityCommitmentsInsights.get

recommender.bigqueryCapacityCommitmentsInsights.list

recommender.bigqueryCapacityCommitmentsRecommendations.get

recommender.bigqueryCapacityCommitmentsRecommendations.list

recommender.bigqueryMaterializedViewInsights.get

recommender.bigqueryMaterializedViewInsights.list

recommender.bigqueryMaterializedViewRecommendations.get

recommender.bigqueryMaterializedViewRecommendations.list

recommender.bigqueryPartitionClusterRecommendations.get

recommender.bigqueryPartitionClusterRecommendations.list

recommender.bigqueryTableStatsInsights.get

recommender.bigqueryTableStatsInsights.list

recommender.cloudAssetInsights.get

recommender.cloudAssetInsights.list

recommender.cloudCostGeneralInsights.get

recommender.cloudCostGeneralInsights.list

recommender.cloudCostGeneralRecommendations.get

recommender.cloudCostGeneralRecommendations.list

recommender.cloudDeprecationGeneralInsights.get

recommender.cloudDeprecationGeneralInsights.list

recommender.cloudDeprecationGeneralRecommendations.get

recommender.cloudDeprecationGeneralRecommendations.list

recommender.cloudFunctionsPerformanceInsights.get

recommender.cloudFunctionsPerformanceInsights.list

recommender.cloudFunctionsPerformanceRecommendations.get

recommender.cloudFunctionsPerformanceRecommendations.list

recommender.cloudManageabilityGeneralInsights.get

recommender.cloudManageabilityGeneralInsights.list

recommender.cloudManageabilityGeneralRecommendations.get

recommender.cloudManageabilityGeneralRecommendations.list

recommender.cloudPerformanceGeneralInsights.get

recommender.cloudPerformanceGeneralInsights.list

recommender.cloudPerformanceGeneralRecommendations.get

recommender.cloudPerformanceGeneralRecommendations.list

recommender.cloudRecentChangeInsights.get

recommender.cloudRecentChangeInsights.list

recommender.cloudRecentChangeRecommendations.get

recommender.cloudRecentChangeRecommendations.list

recommender.cloudRecentChangeRecommenderConfig.get

recommender.cloudReliabilityGeneralInsights.get

recommender.cloudReliabilityGeneralInsights.list

recommender.cloudReliabilityGeneralRecommendations.get

recommender.cloudReliabilityGeneralRecommendations.list

recommender.cloudSecurityGeneralInsights.get

recommender.cloudSecurityGeneralInsights.list

recommender.cloudSecurityGeneralRecommendations.get

recommender.cloudSecurityGeneralRecommendations.list

recommender.cloudsqlIdleInstanceRecommendations.get

recommender.cloudsqlIdleInstanceRecommendations.list

recommender.cloudsqlInstanceActivityInsights.get

recommender.cloudsqlInstanceActivityInsights.list

recommender.cloudsqlInstanceCpuUsageInsights.get

recommender.cloudsqlInstanceCpuUsageInsights.list

recommender.cloudsqlInstanceDiskUsageTrendInsights.get

recommender.cloudsqlInstanceDiskUsageTrendInsights.list

recommender.cloudsqlInstanceMemoryUsageInsights.get

recommender.cloudsqlInstanceMemoryUsageInsights.list

recommender.cloudsqlInstanceOomProbabilityInsights.get

recommender.cloudsqlInstanceOomProbabilityInsights.list

recommender.cloudsqlInstanceOutOfDiskRecommendations.get

recommender.cloudsqlInstanceOutOfDiskRecommendations.list

recommender.cloudsqlInstancePerformanceInsights.get

recommender.cloudsqlInstancePerformanceInsights.list

recommender.cloudsqlInstancePerformanceRecommendations.get

recommender.cloudsqlInstancePerformanceRecommendations.list

recommender.cloudsqlInstanceReliabilityInsights.get

recommender.cloudsqlInstanceReliabilityInsights.list

recommender.cloudsqlInstanceReliabilityRecommendations.get

recommender.cloudsqlInstanceReliabilityRecommendations.list

recommender.cloudsqlInstanceSecurityInsights.get

recommender.cloudsqlInstanceSecurityInsights.list

recommender.cloudsqlInstanceSecurityRecommendations.get

recommender.cloudsqlInstanceSecurityRecommendations.list

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list

recommender.cloudsqlOverprovisionedInstanceRecommendations.get

recommender.cloudsqlOverprovisionedInstanceRecommendations.list

recommender.cloudsqlUnderProvisionedInstanceRecommendations.get

recommender.cloudsqlUnderProvisionedInstanceRecommendations.list

recommender.commitmentUtilizationInsights.get

recommender.commitmentUtilizationInsights.list

recommender.computeAddressIdleResourceInsights.get

recommender.computeAddressIdleResourceInsights.list

recommender.computeAddressIdleResourceRecommendations.get

recommender.computeAddressIdleResourceRecommendations.list

recommender.computeDiskIdleResourceInsights.get

recommender.computeDiskIdleResourceInsights.list

recommender.computeDiskIdleResourceRecommendations.get

recommender.computeDiskIdleResourceRecommendations.list

recommender.computeFirewallInsightTypeConfigs.get

recommender.computeFirewallInsights.get

recommender.computeFirewallInsights.list

recommender.computeImageIdleResourceInsights.get

recommender.computeImageIdleResourceInsights.list

recommender.computeImageIdleResourceRecommendations.get

recommender.computeImageIdleResourceRecommendations.list

recommender.computeInstanceCpuUsageInsights.get

recommender.computeInstanceCpuUsageInsights.list

recommender.computeInstanceCpuUsagePredictionInsights.get

recommender.computeInstanceCpuUsagePredictionInsights.list

recommender.computeInstanceCpuUsageTrendInsights.get

recommender.computeInstanceCpuUsageTrendInsights.list

recommender.computeInstanceGroupManagerCpuUsageInsights.get

recommender.computeInstanceGroupManagerCpuUsageInsights.list

recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get

recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list

recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get

recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list

recommender.computeInstanceGroupManagerMachineTypeRecommendations.get

recommender.computeInstanceGroupManagerMachineTypeRecommendations.list

recommender.computeInstanceGroupManagerMemoryUsageInsights.get

recommender.computeInstanceGroupManagerMemoryUsageInsights.list

recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get

recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list

recommender.computeInstanceIdleResourceRecommendations.get

recommender.computeInstanceIdleResourceRecommendations.list

recommender.computeInstanceIdleResourceRecommenderConfig.get

recommender.computeInstanceMachineTypeRecommendations.get

recommender.computeInstanceMachineTypeRecommendations.list

recommender.computeInstanceMemoryUsageInsights.get

recommender.computeInstanceMemoryUsageInsights.list

recommender.computeInstanceMemoryUsagePredictionInsights.get

recommender.computeInstanceMemoryUsagePredictionInsights.list

recommender.computeInstanceNetworkThroughputInsights.get

recommender.computeInstanceNetworkThroughputInsights.list

recommender.containerDiagnosisInsights.get

recommender.containerDiagnosisInsights.list

recommender.containerDiagnosisRecommendations.get

recommender.containerDiagnosisRecommendations.list

recommender.costInsights.get

recommender.costInsights.list

recommender.dataflowDiagnosticsInsights.get

recommender.dataflowDiagnosticsInsights.list

recommender.errorReportingInsights.get

recommender.errorReportingInsights.list

recommender.errorReportingRecommendations.get

recommender.errorReportingRecommendations.list

recommender.firestoreDatabaseReliabilityInsights.get

recommender.firestoreDatabaseReliabilityInsights.list

recommender.firestoreDatabaseReliabilityRecommendations.get

recommender.firestoreDatabaseReliabilityRecommendations.list

recommender.gmpGuidedExperienceInsights.get

recommender.gmpGuidedExperienceInsights.list

recommender.gmpGuidedExperienceRecommendations.get

recommender.gmpGuidedExperienceRecommendations.list

recommender.gmpProjectManagementInsights.get

recommender.gmpProjectManagementInsights.list

recommender.gmpProjectManagementRecommendations.get

recommender.gmpProjectManagementRecommendations.list

recommender.gmpProjectProductSuggestionsInsights.get

recommender.gmpProjectProductSuggestionsInsights.list

recommender.gmpProjectProductSuggestionsRecommendations.get

recommender.gmpProjectProductSuggestionsRecommendations.list

recommender.iamPolicyChangeRiskInsights.get

recommender.iamPolicyChangeRiskInsights.list

recommender.iamPolicyChangeRiskRecommendations.get

recommender.iamPolicyChangeRiskRecommendations.list

recommender.iamPolicyInsights.get

recommender.iamPolicyInsights.list

recommender.iamPolicyLateralMovementInsights.get

recommender.iamPolicyLateralMovementInsights.list

recommender.iamPolicyRecommendations.get

recommender.iamPolicyRecommendations.list

recommender.iamPolicyRecommenderConfig.get

recommender.iamServiceAccountChangeRiskInsights.get

recommender.iamServiceAccountChangeRiskInsights.list

recommender.iamServiceAccountChangeRiskRecommendations.get

recommender.iamServiceAccountChangeRiskRecommendations.list

recommender.iamServiceAccountInsights.get

recommender.iamServiceAccountInsights.list

recommender.locations.*

recommender.loggingProductSuggestionContainerInsights.get

recommender.loggingProductSuggestionContainerInsights.list

recommender.loggingProductSuggestionContainerRecommendations.get

recommender.loggingProductSuggestionContainerRecommendations.list

recommender.monitoringProductSuggestionComputeInsights.get

recommender.monitoringProductSuggestionComputeInsights.list

recommender.monitoringProductSuggestionComputeRecommendations.get

recommender.monitoringProductSuggestionComputeRecommendations.list

recommender.networkAnalyzerCloudSqlInsights.get

recommender.networkAnalyzerCloudSqlInsights.list

recommender.networkAnalyzerDynamicRouteInsights.get

recommender.networkAnalyzerDynamicRouteInsights.list

recommender.networkAnalyzerGkeConnectivityInsights.get

recommender.networkAnalyzerGkeConnectivityInsights.list

recommender.networkAnalyzerGkeIpAddressInsights.get

recommender.networkAnalyzerGkeIpAddressInsights.list

recommender.networkAnalyzerGkeServiceAccountInsights.get

recommender.networkAnalyzerGkeServiceAccountInsights.list

recommender.networkAnalyzerIpAddressInsights.get

recommender.networkAnalyzerIpAddressInsights.list

recommender.networkAnalyzerLoadBalancerInsights.get

recommender.networkAnalyzerLoadBalancerInsights.list

recommender.networkAnalyzerVpcConnectivityInsights.get

recommender.networkAnalyzerVpcConnectivityInsights.list

recommender.orgPolicyInsights.get

recommender.orgPolicyInsights.list

recommender.orgPolicyRecommendations.get

recommender.orgPolicyRecommendations.list

recommender.resourcemanagerProjectChangeRiskInsights.get

recommender.resourcemanagerProjectChangeRiskInsights.list

recommender.resourcemanagerProjectChangeRiskRecommendations.get

recommender.resourcemanagerProjectChangeRiskRecommendations.list

recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get

recommender.resourcemanagerProjectUtilizationInsights.get

recommender.resourcemanagerProjectUtilizationInsights.list

recommender.resourcemanagerProjectUtilizationRecommendations.get

recommender.resourcemanagerProjectUtilizationRecommendations.list

recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get

recommender.resourcemanagerServiceLimitInsights.get

recommender.resourcemanagerServiceLimitInsights.list

recommender.resourcemanagerServiceLimitRecommendations.get

recommender.resourcemanagerServiceLimitRecommendations.list

recommender.runServiceCostInsights.get

recommender.runServiceCostInsights.list

recommender.runServiceCostRecommendations.get

recommender.runServiceCostRecommendations.list

recommender.runServiceIdentityInsights.get

recommender.runServiceIdentityInsights.list

recommender.runServiceIdentityRecommendations.get

recommender.runServiceIdentityRecommendations.list

recommender.runServicePerformanceInsights.get

recommender.runServicePerformanceInsights.list

recommender.runServicePerformanceRecommendations.get

recommender.runServicePerformanceRecommendations.list

recommender.runServiceSecurityInsights.get

recommender.runServiceSecurityInsights.list

recommender.runServiceSecurityRecommendations.get

recommender.runServiceSecurityRecommendations.list

recommender.spannerProjectReliabilityInsights.get

recommender.spannerProjectReliabilityInsights.list

recommender.spannerProjectReliabilityRecommendations.get

recommender.spannerProjectReliabilityRecommendations.list

recommender.spendBasedCommitmentInsights.get

recommender.spendBasedCommitmentInsights.list

recommender.spendBasedCommitmentRecommendations.get

recommender.spendBasedCommitmentRecommendations.list

recommender.spendBasedCommitmentRecommenderConfig.get

recommender.storageBucketSoftDeleteInsights.get

recommender.storageBucketSoftDeleteInsights.list

recommender.storageBucketSoftDeleteRecommendations.get

recommender.storageBucketSoftDeleteRecommendations.list

recommender.usageCommitmentRecommendations.get

recommender.usageCommitmentRecommendations.list

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.projects.get

resourcemanager.projects.list

servicehealth.*

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.folders.get

storage.folders.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

App Hub Editor

(roles/apphub.editor)

Edit access to App Hub resources.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.discoveredServices.*

apphub.discoveredWorkloads.*

apphub.locations.*

apphub.operations.*

apphub.serviceProjectAttachments.lookup

apphub.services.*

apphub.workloads.*

resourcemanager.projects.get

resourcemanager.projects.list

App Hub Viewer

(roles/apphub.viewer)

View access to App Hub resources.

apphub.applications.get

apphub.applications.list

apphub.discoveredServices.get

apphub.discoveredServices.list

apphub.discoveredWorkloads.get

apphub.discoveredWorkloads.list

apphub.locations.*

apphub.operations.get

apphub.operations.list

apphub.serviceProjectAttachments.lookup

apphub.services.get

apphub.services.list

apphub.workloads.get

apphub.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Appliance troubleshooting commands approver ^Beta

(roles/applianceactivation.approver)

Grants access to approve commands to run on appliances

applianceactivation.rttCommands.approve

applianceactivation.rttCommands.get

resourcemanager.projects.get

resourcemanager.projects.list

On-appliance troubleshooting client ^Beta

(roles/applianceactivation.client)

Grants access to read commands for an appliance and send its result.

applianceactivation.rttCommands.get

applianceactivation.rttCommands.sendResult

Appliance troubleshooter ^Beta

(roles/applianceactivation.troubleshooter)

Grants access to send new commands to run on appliances and view the outputs

applianceactivation.rttCommands.create

applianceactivation.rttCommands.get

applianceactivation.rttCommands.list

resourcemanager.projects.get

resourcemanager.projects.list

Assured OSS Admin

(roles/assuredoss.admin)

Access to use Assured OSS and manage configuration.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.*

iam.serviceAccountKeys.create

iam.serviceAccounts.create

iam.serviceAccounts.get

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.create

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.update

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

Assured OSS Project Admin ^Beta

(roles/assuredoss.projectAdmin)

Access to use Assured OSS and manage configuration.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.create

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.*

iam.serviceAccounts.create

iam.serviceAccounts.get

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

Assured OSS Reader

(roles/assuredoss.reader)

Access to use Assured OSS and view Assured OSS configuration.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.config.get

assuredoss.locations.*

assuredoss.metadata.*

assuredoss.operations.get

assuredoss.operations.list

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.validate

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.topics.get

pubsub.topics.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Assured OSS User

(roles/assuredoss.user)

Access to use Assured OSS.

artifactregistry.attachments.get

artifactregistry.attachments.list

artifactregistry.dockerimages.*

artifactregistry.files.download

artifactregistry.files.get

artifactregistry.files.list

artifactregistry.locations.*

artifactregistry.mavenartifacts.*

artifactregistry.npmpackages.*

artifactregistry.packages.get

artifactregistry.packages.list

artifactregistry.projectsettings.get

artifactregistry.pythonpackages.*

artifactregistry.repositories.downloadArtifacts

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.listEffectiveTags

artifactregistry.repositories.listTagBindings

artifactregistry.repositories.readViaVirtualRepository

artifactregistry.rules.get

artifactregistry.rules.list

artifactregistry.tags.get

artifactregistry.tags.list

artifactregistry.versions.get

artifactregistry.versions.list

assuredoss.locations.*

assuredoss.metadata.*

assuredoss.operations.get

assuredoss.operations.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Audit Manager Admin ^Beta

(roles/auditmanager.admin)

Full access to Audit Manager resources.

auditmanager.auditReports.*

auditmanager.auditScopeReports.generate

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controls.list

auditmanager.findings.*

auditmanager.locations.*

auditmanager.operations.*

auditmanager.resourceEnrollmentStatuses.*

cloudasset.assets.searchAllResources

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Audit Manager Auditor ^Beta

(roles/auditmanager.auditor)

Allows creating and viewing an audit report.

auditmanager.auditReports.*

auditmanager.auditScopeReports.generate

auditmanager.billingSettings.get

auditmanager.controlReports.*

auditmanager.controls.list

auditmanager.findings.*

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

auditmanager.resourceEnrollmentStatuses.*

cloudasset.assets.searchAllResources

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Custom Compliance Framework Admin ^Beta

(roles/auditmanager.ccfAdmin)

Full access to Custom Compliance Framework resources.

auditmanager.billingSettings.get

auditmanager.customComplianceFrameworks.*

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

resourcemanager.organizations.get

Custom Compliance Framework Viewer ^Beta

(roles/auditmanager.ccfViewer)

Allows viewing Custom Compliance Framework resources.

auditmanager.billingSettings.get

auditmanager.customComplianceFrameworks.get

auditmanager.customComplianceFrameworks.list

auditmanager.locations.get

auditmanager.locations.list

auditmanager.operations.*

resourcemanager.organizations.get

Autoscaling Metrics Writer ^Beta

(roles/autoscaling.metricsWriter)

Access to write metrics for autoscaling site

autoscaling.sites.writeMetrics

Autoscaling Recommendations Reader ^Beta

(roles/autoscaling.recommendationsReader)

Access to read recommendations from autoscaling site

autoscaling.sites.readRecommendations

Autoscaling Site Admin ^Beta

(roles/autoscaling.sitesAdmin)

Full access to all autoscaling site features

autoscaling.*

resourcemanager.projects.get

resourcemanager.projects.list

Autoscaling State Writer ^Beta

(roles/autoscaling.stateWriter)

Access to write state for autoscaling site

autoscaling.sites.writeState

Batch Administrator

(roles/batch.admin)

Administrator of Batch resources

batch.jobs.*

batch.locations.*

batch.operations.*

batch.resourceAllowances.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

Batch Agent Reporter

(roles/batch.agentReporter)

Reporter of Batch agent states.

batch.states.report

Batch Job Editor

(roles/batch.jobsEditor)

Editor of Batch Jobs

batch.jobs.*

batch.locations.*

batch.operations.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

Batch Job Viewer

(roles/batch.jobsViewer)

Viewer of Batch Jobs, Task Groups and Tasks

batch.jobs.get

batch.jobs.list

batch.locations.*

batch.operations.*

batch.tasks.*

resourcemanager.projects.get

resourcemanager.projects.list

Batch ResourceAllowance Editor

(roles/batch.resourceAllowancesEditor)

Editor of Batch ResourceAllowances

batch.locations.*

batch.operations.*

batch.resourceAllowances.*

resourcemanager.projects.get

resourcemanager.projects.list

Batch ResourceAllowance Viewer

(roles/batch.resourceAllowancesViewer)

Viewer of Batch ResourceAllowances

batch.locations.*

batch.operations.*

batch.resourceAllowances.get

batch.resourceAllowances.list

resourcemanager.projects.get

resourcemanager.projects.list

BigLake Admin

(roles/biglake.admin)

Provides full access to all BigLake resources.

biglake.*

resourcemanager.projects.get

resourcemanager.projects.list

BigLake Viewer

(roles/biglake.viewer)

Provides read-only access to all BigLake resources.

biglake.catalogs.get

biglake.catalogs.list

biglake.databases.get

biglake.databases.list

biglake.locks.list

biglake.tables.get

biglake.tables.list

resourcemanager.projects.get

resourcemanager.projects.list

MigrationWorkflow Editor

(roles/bigquerymigration.editor)

Editor of EDW migration workflows.

bigquerymigration.subtasks.*

bigquerymigration.workflows.create

bigquerymigration.workflows.delete

bigquerymigration.workflows.enableAiOutputTypes

bigquerymigration.workflows.enableLineageOutputTypes

bigquerymigration.workflows.enableOutputTypePermissions

bigquerymigration.workflows.get

bigquerymigration.workflows.list

bigquerymigration.workflows.update

Task Orchestrator

(roles/bigquerymigration.orchestrator)

Orchestrator of EDW migration tasks.

bigquerymigration.workflows.orchestrateTask

storage.objects.list

Migration Translation User

(roles/bigquerymigration.translationUser)

User of EDW migration interactive SQL translation service.

bigquerymigration.translation.translate

MigrationWorkflow Viewer

(roles/bigquerymigration.viewer)

Viewer of EDW migration MigrationWorkflow.

bigquerymigration.subtasks.*

bigquerymigration.workflows.get

bigquerymigration.workflows.list

Task Worker

(roles/bigquerymigration.worker)

Worker that executes EDW migration subtasks.

storage.objects.create

storage.objects.get

storage.objects.list

Carbon Footprint Viewer

(roles/billing.carbonViewer)

billing.accounts.get

billing.accounts.getCarbonInformation

billing.accounts.list

Blockchain Node Engine Admin

(roles/blockchainnodeengine.admin)

Full access to Blockchain Node Engine resources.

blockchainnodeengine.*

resourcemanager.projects.get

resourcemanager.projects.list

Blockchain Node Engine Viewer

(roles/blockchainnodeengine.viewer)

Read-only access to Blockchain Node Engine resources.

blockchainnodeengine.blockchainNodes.get

blockchainnodeengine.blockchainNodes.list

blockchainnodeengine.locations.*

blockchainnodeengine.operations.get

blockchainnodeengine.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Blockchain Validator Manager Admin ^Beta

(roles/blockchainvalidatormanager.admin)

Full access to Blockchain Validator Manager resources.

blockchainvalidatormanager.*

resourcemanager.projects.get

resourcemanager.projects.list

Blockchain Validator Viewer ^Beta

(roles/blockchainvalidatormanager.viewer)

Readonly access to Blockchain Validator Manager resources.

blockchainvalidatormanager.blockchainValidatorConfigs.get

blockchainvalidatormanager.blockchainValidatorConfigs.list

blockchainvalidatormanager.locations.*

blockchainvalidatormanager.operations.get

blockchainvalidatormanager.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Capacity Planner Usage Viewer ^Beta

(roles/capacityplanner.viewer)

Read-only access to Capacity Planner usage resources

capacityplanner.*

cloudquotas.quotas.get

compute.futureReservations.get

compute.futureReservations.list

compute.reservations.get

compute.reservations.list

monitoring.timeSeries.list

resourcemanager.folders.get

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

Care Studio Patients Viewer

(roles/carestudio.viewer)

This role can view all properties of Patients.

carestudio.*

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle Service Admin

(roles/chroniclesm.admin)

Admins can view and modify Chronicle service details.

chroniclesm.*

Chronicle Service Viewer

(roles/chroniclesm.viewer)

Viewers can see Chronicle service details but not change them.

chroniclesm.gcpAssociations.get

chroniclesm.gcpAssociations.list

chroniclesm.gcpLogFlowFilters.get

chroniclesm.gcpSettings.get

Location reader ^Beta

(roles/cloud.locationReader)

Read and enumerate locations available for resource creation.

cloud.*

Code Repository Indexes Admin ^Beta

(roles/cloudaicompanion.codeRepositoryIndexesAdmin)

Grants full access to Code Repository Indexes resources.

cloudaicompanion.codeRepositoryIndexes.*

cloudaicompanion.operations.*

cloudaicompanion.repositoryGroups.create

cloudaicompanion.repositoryGroups.delete

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

cloudaicompanion.repositoryGroups.setIamPolicy

cloudaicompanion.repositoryGroups.update

resourcemanager.projects.get

resourcemanager.projects.list

Code Repository Indexes Viewer ^Beta

(roles/cloudaicompanion.codeRepositoryIndexesViewer)

Grants readonly access to Code Repository Indexes resources.

cloudaicompanion.codeRepositoryIndexes.get

cloudaicompanion.codeRepositoryIndexes.list

cloudaicompanion.operations.get

cloudaicompanion.operations.list

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.list

resourcemanager.projects.get

resourcemanager.projects.list

Repository Groups User ^Beta

(roles/cloudaicompanion.repositoryGroupsUser)

Grants Read/Use access to the Code Repository Indexes Repository Group.

cloudaicompanion.codeRepositoryIndexes.get

cloudaicompanion.repositoryGroups.get

cloudaicompanion.repositoryGroups.getIamPolicy

cloudaicompanion.repositoryGroups.use

Gemini for Google Cloud Settings Admin ^Beta

(roles/cloudaicompanion.settingsAdmin)

Grants read and write access to the Gemini for Cloud setting and their bindings.

cloudaicompanion.codeToolsSettings.*

cloudaicompanion.dataSharingWithGoogleSettings.*

cloudaicompanion.geminiGcpEnablementSettings.*

cloudaicompanion.loggingSettings.*

cloudaicompanion.releaseChannelSettings.*

cloudaicompanion.settingBindings.*

Gemini for Google Cloud Settings User ^Beta

(roles/cloudaicompanion.settingsUser)

Grants read access to the Gemini for Cloud setting and their bindings.

cloudaicompanion.dataSharingWithGoogleSettings.get

cloudaicompanion.dataSharingWithGoogleSettings.list

cloudaicompanion.geminiGcpEnablementSettings.get

cloudaicompanion.geminiGcpEnablementSettings.list

cloudaicompanion.loggingSettings.get

cloudaicompanion.loggingSettings.list

cloudaicompanion.releaseChannelSettings.get

cloudaicompanion.releaseChannelSettings.list

cloudaicompanion.settingBindings.codeToolsSettingsGet

cloudaicompanion.settingBindings.codeToolsSettingsList

cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet

cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList

cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet

cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList

cloudaicompanion.settingBindings.loggingSettingsGet

cloudaicompanion.settingBindings.loggingSettingsList

cloudaicompanion.settingBindings.releaseChannelSettingsGet

cloudaicompanion.settingBindings.releaseChannelSettingsList

Topic Admin ^Beta

(roles/cloudaicompanion.topicAdmin)

Grants read, write and permission management access to the Topic resource.

cloudaicompanion.topics.delete

cloudaicompanion.topics.get

cloudaicompanion.topics.getIamPolicy

cloudaicompanion.topics.setIamPolicy

cloudaicompanion.topics.update

Topic Reader ^Beta

(roles/cloudaicompanion.topicReader)

Grants read-only access to topic resource.

cloudaicompanion.topics.get

Gemini for Google Cloud User ^Beta

(roles/cloudaicompanion.user)

A user who can use Gemini for Google Cloud

cloudaicompanion.companions.*

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

cloudaicompanion.licenses.selfAssign

cloudaicompanion.operations.get

cloudaicompanion.topics.create

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Controls Partner Admin

(roles/cloudcontrolspartner.admin)

Full access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.*

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.list

cloudcontrolspartner.workloads.list

Cloud Controls Partner Editor

(roles/cloudcontrolspartner.editor)

Editor access to Cloud Controls Partner resources.

cloudcontrolspartner.*

Cloud Controls Partner Inspectability Reader

(roles/cloudcontrolspartner.inspectabilityReader)

Readonly access to Cloud Controls Partner inspectability resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.platformcontrols.get

Cloud Controls Partner Monitoring Reader

(roles/cloudcontrolspartner.monitoringReader)

Read-only access to Cloud Controls Partner monitoring resources.

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.violations.*

cloudcontrolspartner.workloads.*

Cloud Controls Partner Reader

(roles/cloudcontrolspartner.reader)

Read-only access to Cloud Controls Partner resources.

cloudcontrolspartner.accessapprovalrequests.list

cloudcontrolspartner.customers.get

cloudcontrolspartner.customers.list

cloudcontrolspartner.ekmconnections.get

cloudcontrolspartner.inspectabilityevents.get

cloudcontrolspartner.partnerpermissions.get

cloudcontrolspartner.partners.get

cloudcontrolspartner.platformcontrols.get

cloudcontrolspartner.violations.*

cloudcontrolspartner.workloads.*

Cloud Optimization AI Admin

(roles/cloudoptimization.admin)

Administrator of Cloud Optimization AI resources

cloudoptimization.*

Cloud Optimization AI Editor

(roles/cloudoptimization.editor)

Editor of Cloud Optimization AI resources

cloudoptimization.*

Cloud Optimization AI Viewer

(roles/cloudoptimization.viewer)

Viewer of Cloud Optimization AI resources

cloudoptimization.operations.get

Cloud Quotas Admin ^Beta

(roles/cloudquotas.admin)

Full access to Cloud Quotas resources.

cloudquotas.*

monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Quotas Viewer ^Beta

(roles/cloudquotas.viewer)

Readonly access to Cloud Quotas resources.

cloudquotas.quotas.get

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Agreement Publishing Admin ^Beta

(roles/commerceagreementpublishing.admin)

Admin of Commerce Agreement Publishing service

commerceagreementpublishing.*

resourcemanager.projects.get

resourcemanager.projects.list

Commerce Agreement Publishing Viewer ^Beta

(roles/commerceagreementpublishing.viewer)

Viewer of Commerce Agreement Publishing service

commerceagreementpublishing.agreements.get

commerceagreementpublishing.agreements.list

commerceagreementpublishing.documents.get

commerceagreementpublishing.documents.list

resourcemanager.projects.get

resourcemanager.projects.list

Confidential Space Workload User

(roles/confidentialcomputing.workloadUser)

Grants the ability to generate an attestation token and run a workload in a VM. Intended for service accounts that run on Confidential Space VMs.

confidentialcomputing.*

logging.logEntries.create

ConfigDelivery Admin ^Beta

(roles/configdelivery.configDeliveryAdmin)

Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.

configdelivery.*

resourcemanager.projects.get

resourcemanager.projects.list

ConfigDelivery Viewer ^Beta

(roles/configdelivery.configDeliveryViewer)

Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.

configdelivery.fleetPackages.get

configdelivery.fleetPackages.list

configdelivery.locations.*

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.get

configdelivery.releases.list

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.rollouts.get

configdelivery.rollouts.list

resourcemanager.projects.get

resourcemanager.projects.list

Config Delivery Resource Bundle Publisher ^Beta

(roles/configdelivery.resourceBundlePublisher)

Grants read and write permissions to Config Delivery ResourceBundles and Releases.

configdelivery.locations.*

configdelivery.operations.get

configdelivery.operations.list

configdelivery.releases.create

configdelivery.releases.get

configdelivery.releases.list

configdelivery.releases.update

configdelivery.resourceBundles.create

configdelivery.resourceBundles.get

configdelivery.resourceBundles.list

configdelivery.resourceBundles.update

resourcemanager.projects.get

resourcemanager.projects.list

Contact Center AI Platform Admin

(roles/contactcenteraiplatform.admin)

Full access to Contact Center AI Platform resources.

contactcenteraiplatform.*

resourcemanager.projects.get

resourcemanager.projects.list

Contact Center AI Platform Viewer

(roles/contactcenteraiplatform.viewer)

Read-only access to Contact Center AI Platform resources.

contactcenteraiplatform.contactCenters.get

contactcenteraiplatform.contactCenters.list

contactcenteraiplatform.locations.*

contactcenteraiplatform.operations.get

contactcenteraiplatform.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Contact Center AI Insights Admin ^Beta

(roles/contactcenterinsights.admin)

Grants full access to all Contact Center AI Insights resources.

contactcenterinsights.*

Contact Center AI Insights authorized editor ^Beta

(roles/contactcenterinsights.authorizedEditor)

Grants read and write access to Authorized resources.

contactcenterinsights.authorizedAnalyses.*

contactcenterinsights.authorizedConversations.*

contactcenterinsights.authorizedFeedbackLabels.*

contactcenterinsights.authorizedOperations.*

contactcenterinsights.authorizedViewSets.get

contactcenterinsights.authorizedViews.get

Contact Center AI Insights authorized viewer ^Beta

(roles/contactcenterinsights.authorizedViewer)

Grants read access to Authorized resources.

contactcenterinsights.authorizedAnalyses.get

contactcenterinsights.authorizedAnalyses.list

contactcenterinsights.authorizedConversations.get

contactcenterinsights.authorizedConversations.list

contactcenterinsights.authorizedFeedbackLabels.get

contactcenterinsights.authorizedFeedbackLabels.list

contactcenterinsights.authorizedOperations.*

contactcenterinsights.authorizedViewSets.get

contactcenterinsights.authorizedViewSets.list

contactcenterinsights.authorizedViews.get

contactcenterinsights.authorizedViews.list

Contact Center AI Insights editor

(roles/contactcenterinsights.editor)

Grants read and write access to all Contact Center AI Insights resources.

contactcenterinsights.analyses.*

contactcenterinsights.analysisRules.*

contactcenterinsights.authorizedAnalyses.*

contactcenterinsights.authorizedConversations.*

contactcenterinsights.authorizedFeedbackLabels.create

contactcenterinsights.authorizedFeedbackLabels.delete

contactcenterinsights.authorizedFeedbackLabels.get

contactcenterinsights.authorizedFeedbackLabels.list

contactcenterinsights.authorizedFeedbackLabels.update

contactcenterinsights.authorizedOperations.*

contactcenterinsights.authorizedViewSets.*

contactcenterinsights.authorizedViews.create

contactcenterinsights.authorizedViews.delete

contactcenterinsights.authorizedViews.get

contactcenterinsights.authorizedViews.list

contactcenterinsights.authorizedViews.update

contactcenterinsights.conversations.*

contactcenterinsights.faqEntries.*

contactcenterinsights.faqModels.*

contactcenterinsights.feedbackLabels.*

contactcenterinsights.issueModels.*

contactcenterinsights.issues.*

contactcenterinsights.operations.*

contactcenterinsights.phraseMatchers.*

contactcenterinsights.qaQuestionTags.*

contactcenterinsights.qaQuestions.*

contactcenterinsights.qaScorecardRevisions.*

contactcenterinsights.qaScorecards.*

contactcenterinsights.settings.*

contactcenterinsights.views.*

contactcenterinsights.visibilityLabels.list

Contact Center AI Insights viewer

(roles/contactcenterinsights.viewer)

Grants read access to all Contact Center AI Insights resources.

contactcenterinsights.analyses.get

contactcenterinsights.analyses.list

contactcenterinsights.analysisRules.get

contactcenterinsights.analysisRules.list

contactcenterinsights.assessmentRules.get

contactcenterinsights.assessmentRules.list

contactcenterinsights.authorizedAnalyses.get

contactcenterinsights.authorizedAnalyses.list

contactcenterinsights.authorizedConversations.get

contactcenterinsights.authorizedConversations.list

contactcenterinsights.authorizedFeedbackLabels.get

contactcenterinsights.authorizedFeedbackLabels.list

contactcenterinsights.authorizedOperations.*

contactcenterinsights.authorizedViewSets.get

contactcenterinsights.authorizedViewSets.list

contactcenterinsights.authorizedViews.get

contactcenterinsights.authorizedViews.list

contactcenterinsights.conversations.get

contactcenterinsights.conversations.list

contactcenterinsights.faqEntries.get

contactcenterinsights.faqEntries.list

contactcenterinsights.faqModels.get

contactcenterinsights.faqModels.list

contactcenterinsights.feedbackLabels.download

contactcenterinsights.feedbackLabels.get

contactcenterinsights.feedbackLabels.list

contactcenterinsights.issueModels.get

contactcenterinsights.issueModels.list

contactcenterinsights.issues.get

contactcenterinsights.issues.list

contactcenterinsights.operations.get

contactcenterinsights.operations.list

contactcenterinsights.phraseMatchers.get

contactcenterinsights.phraseMatchers.list

contactcenterinsights.qaQuestions.get

contactcenterinsights.qaQuestions.list

contactcenterinsights.qaScorecardRevisions.get

contactcenterinsights.qaScorecardRevisions.list

contactcenterinsights.qaScorecards.get

contactcenterinsights.qaScorecards.list

contactcenterinsights.settings.get

contactcenterinsights.views.get

contactcenterinsights.views.list

contactcenterinsights.visibilityLabels.list

GKE Security Posture Viewer ^Beta

(roles/containersecurity.viewer)

Read-only access to GKE Security Posture resources.

container.clusters.list

containersecurity.*

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse Admin

(roles/contentwarehouse.admin)

Grants full access to all the resources in Content Warehouse

contentwarehouse.corpora.*

contentwarehouse.dataExportJobs.*

contentwarehouse.documentSchemas.*

contentwarehouse.documents.*

contentwarehouse.locations.*

contentwarehouse.operations.get

contentwarehouse.rawDocuments.*

contentwarehouse.ruleSets.*

contentwarehouse.synonymSets.*

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse Document Admin

(roles/contentwarehouse.documentAdmin)

Grants full access to the document resource in Content Warehouse

contentwarehouse.documentSchemas.get

contentwarehouse.documents.create

contentwarehouse.documents.delete

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.documents.setIamPolicy

contentwarehouse.documents.update

contentwarehouse.links.*

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.*

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse document creator

(roles/contentwarehouse.documentCreator)

Grants access to create document in Content Warehouse

contentwarehouse.documentSchemas.get

contentwarehouse.documentSchemas.list

contentwarehouse.documents.create

contentwarehouse.locations.getStatus

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse Document Editor

(roles/contentwarehouse.documentEditor)

Grants access to update document resource in Content Warehouse

contentwarehouse.documentSchemas.get

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.documents.update

contentwarehouse.links.*

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.*

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse document schema viewer

(roles/contentwarehouse.documentSchemaViewer)

Grants access to view the document schemas in Content Warehouse

contentwarehouse.documentSchemas.get

contentwarehouse.documentSchemas.list

contentwarehouse.locations.getStatus

resourcemanager.projects.get

resourcemanager.projects.list

Content Warehouse Viewer

(roles/contentwarehouse.documentViewer)

Grants access to view all the resources in Content Warehouse

contentwarehouse.documentSchemas.get

contentwarehouse.documents.get

contentwarehouse.documents.getIamPolicy

contentwarehouse.links.get

contentwarehouse.locations.getStatus

contentwarehouse.rawDocuments.download

resourcemanager.projects.get

resourcemanager.projects.list

Database Center Admin ^Beta

(roles/databasecenter.admin)

Admin role for Database Center resource data

cloudaicompanion.entitlements.get

databasecenter.*

databasesconsole.locations.*

resourcemanager.projects.get

resourcemanager.projects.list

Database Center viewer ^Beta

(roles/databasecenter.viewer)

Viewer role for Database Center resource data

cloudaicompanion.entitlements.get

databasecenter.*

databasesconsole.locations.*

resourcemanager.projects.get

resourcemanager.projects.list

Database Insights assistant viewer ^Beta

(roles/databaseinsights.assistantViewer)

Viewer role for Database Insights assistant data

databaseinsights.performanceIssues.*

Events Service viewer ^Beta

(roles/databaseinsights.eventsViewer)

Viewer role for Events Service data

databaseinsights.aggregatedEvents.query

databaseinsights.clusterEvents.query

databaseinsights.instanceEvents.query

Database Insights monitoring viewer ^Beta

(roles/databaseinsights.monitoringViewer)

Viewer role for Database Insights monitoring data

databaseinsights.activeQueries.fetch

databaseinsights.activitySummary.fetch

databaseinsights.aggregatedStats.query

databaseinsights.locations.*

databaseinsights.timeSeries.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

Database Insights performing operations ^Beta

(roles/databaseinsights.operationsAdmin)

Admin role for performing Database Insights operations

databaseinsights.activeQuery.terminate

Database Insights recommendation viewer ^Beta

(roles/databaseinsights.recommendationViewer)

Viewer role for Database Insights recommendation data

databaseinsights.locations.*

databaseinsights.recommendations.query

databaseinsights.resourceRecommendations.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

Database Insights viewer ^Beta

(roles/databaseinsights.viewer)

Viewer role for Database Insights data

databaseinsights.activeQueries.fetch

databaseinsights.activitySummary.fetch

databaseinsights.aggregatedStats.query

databaseinsights.locations.*

databaseinsights.performanceIssues.*

databaseinsights.recommendations.query

databaseinsights.resourceRecommendations.query

databaseinsights.timeSeries.query

databaseinsights.workloadRecommendations.fetch

resourcemanager.projects.get

resourcemanager.projects.list

Studio Query Admin ^Beta

(roles/databasesconsole.studioQueryAdmin)

Full access to Studio Query resources.

databasesconsole.*

resourcemanager.projects.get

resourcemanager.projects.list

Studio Query User ^Beta

(roles/databasesconsole.studioQueryUser)

Access to create, update, search and delete studio queries.

databasesconsole.locations.*

databasesconsole.operations.get

databasesconsole.operations.list

databasesconsole.studioQueries.create

databasesconsole.studioQueries.delete

databasesconsole.studioQueries.search

databasesconsole.studioQueries.update

resourcemanager.projects.get

resourcemanager.projects.list

Data Lineage Administrator

(roles/datalineage.admin)

Grants full access to all resources in Data Lineage API

datalineage.*

resourcemanager.projects.get

resourcemanager.projects.list

Data Lineage Editor

(roles/datalineage.editor)

Grants edit access to all resources in Data Lineage API

datalineage.events.*

datalineage.locations.searchLinks

datalineage.operations.get

datalineage.processes.create

datalineage.processes.get

datalineage.processes.list

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.list

datalineage.runs.update

resourcemanager.projects.get

resourcemanager.projects.list

Data Lineage Events Producer

(roles/datalineage.producer)

Grants access to creating all resources in Data Lineage API

datalineage.events.create

datalineage.processes.create

datalineage.processes.get

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.update

resourcemanager.projects.get

resourcemanager.projects.list

Data Lineage Viewer

(roles/datalineage.viewer)

Grants read access to all resources in Data Lineage API

datalineage.events.get

datalineage.events.list

datalineage.locations.searchLinks

datalineage.processes.get

datalineage.processes.list

datalineage.runs.get

datalineage.runs.list

resourcemanager.projects.get

resourcemanager.projects.list

Data Processing Controls Resource Admin

(roles/dataprocessing.admin)

Data processing controls admin who can fully manage data processing controls settings and view all datasource data.

billing.accounts.get

billing.accounts.list

dataprocessing.*

Data Processing Controls Data Source Manager

(roles/dataprocessing.dataSourceManager)

Data processing controls data source manager who can get, list, and update the underlying data.

dataprocessing.datasources.list

dataprocessing.datasources.update

Dataproc Resource Manager Admin ^Beta

(roles/dataprocrm.admin)

Grants full access to all Dataproc Resource Manager resources. Intended for users that need to create and delete any Dataproc Resource Manager resources.

dataprocrm.*

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Resource Manager Viewer ^Beta

(roles/dataprocrm.viewer)

Grants read access to all Dataproc Resource Manager resources. Intended for users that need read-only access to Dataproc Resource Manager resources.

dataprocrm.locations.*

dataprocrm.nodePools.get

dataprocrm.nodePools.list

dataprocrm.nodes.get

dataprocrm.nodes.list

dataprocrm.nodes.mintOAuthToken

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.get

dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Design Center Admin ^Beta

(roles/designcenter.admin)

Full access to Application Design Center resources.

apphub.serviceProjectAttachments.list

designcenter.*

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.*

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.move

storage.objects.restore

storage.objects.update

Application Admin ^Beta

(roles/designcenter.applicationAdmin)

Admin access to Application.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.locations.*

apphub.serviceProjectAttachments.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

config.revisions.get

config.revisions.list

config.terraformversions.*

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.*

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Editor ^Beta

(roles/designcenter.applicationEditor)

Read and Write access to Application.

apphub.applications.create

apphub.applications.delete

apphub.applications.get

apphub.applications.list

apphub.applications.update

apphub.locations.*

apphub.serviceProjectAttachments.list

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

config.revisions.get

config.revisions.list

config.terraformversions.*

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.*

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Viewer ^Beta

(roles/designcenter.applicationViewer)

Readonly access to Application.

apphub.applications.get

apphub.applications.list

apphub.locations.*

config.deployments.get

config.deployments.getIamPolicy

config.deployments.list

config.locations.*

config.operations.get

config.operations.list

config.previews.get

config.previews.list

config.resources.*

config.revisions.get

config.revisions.list

config.terraformversions.*

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.get

designcenter.applications.list

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Design Center User ^Beta

(roles/designcenter.user)

Readonly access to Application Design Center resources.

apphub.serviceProjectAttachments.list

designcenter.applicationTemplateRevisions.*

designcenter.applicationTemplates.*

designcenter.applications.get

designcenter.applications.list

designcenter.catalogTemplateRevisions.get

designcenter.catalogTemplateRevisions.list

designcenter.catalogTemplates.get

designcenter.catalogTemplates.list

designcenter.catalogs.get

designcenter.catalogs.list

designcenter.components.*

designcenter.connections.*

designcenter.locations.*

designcenter.operations.get

designcenter.operations.list

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.getIamPolicy

designcenter.spaces.list

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.*

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.move

storage.objects.restore

storage.objects.update

Application Design Center Viewer ^Beta

(roles/designcenter.viewer)

Readonly access to Application Design Center resources.

designcenter.applicationTemplateRevisions.get

designcenter.applicationTemplateRevisions.list

designcenter.applicationTemplates.get

designcenter.applicationTemplates.list

designcenter.applications.get

designcenter.applications.list

designcenter.catalogTemplateRevisions.get

designcenter.catalogTemplateRevisions.list

designcenter.catalogTemplates.get

designcenter.catalogTemplates.list

designcenter.catalogs.get

designcenter.catalogs.list

designcenter.components.get

designcenter.components.list

designcenter.connections.get

designcenter.connections.list

designcenter.locations.*

designcenter.operations.get

designcenter.operations.list

designcenter.sharedTemplateRevisions.*

designcenter.sharedTemplates.*

designcenter.shares.get

designcenter.shares.list

designcenter.spaces.get

designcenter.spaces.getIamPolicy

designcenter.spaces.list

resourcemanager.projects.get

resourcemanager.projects.list

storage.folders.get

storage.folders.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

Developer Connect Admin ^Beta

(roles/developerconnect.admin)

Full access to Developer Connect resources.

developerconnect.connections.*

developerconnect.gitRepositoryLinks.create

developerconnect.gitRepositoryLinks.delete

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Git Proxy Reader ^Beta

(roles/developerconnect.gitProxyReader)

Grants read-only access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

Developer Connect Git Proxy User ^Beta

(roles/developerconnect.gitProxyUser)

Grants read and write access to repositories through the Git Proxy.

developerconnect.gitRepositoryLinks.gitProxyRead

developerconnect.gitRepositoryLinks.gitProxyWrite

Developer Connect OAuth Admin ^Beta

(roles/developerconnect.oauthAdmin)

Grants read and write access to AccountConnector resources.

developerconnect.accountConnectors.*

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

developerconnect.providers.list

developerconnect.users.*

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect OAuth User ^Beta

(roles/developerconnect.oauthUser)

Grants read and write access to User resources, and read access to AccountConnectors.

developerconnect.accountConnectors.get

developerconnect.accountConnectors.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

developerconnect.users.deleteSelf

developerconnect.users.fetchAccessToken

developerconnect.users.finishOAuth

developerconnect.users.getSelf

developerconnect.users.startOAuth

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Read Token Accessor ^Beta

(roles/developerconnect.readTokenAccessor)

Grants access to Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.get

Developer Connect Token Accessor ^Beta

(roles/developerconnect.tokenAccessor)

Grants access to Read/Write and Read-Only tokens (both PAT and short-lived). Also grants access to view the git repository link.

developerconnect.connections.get

developerconnect.gitRepositoryLinks.fetchReadToken

developerconnect.gitRepositoryLinks.fetchReadWriteToken

developerconnect.gitRepositoryLinks.get

Developer Connect User ^Beta

(roles/developerconnect.user)

Grants access to view the connection and to the features that interact with the actual repository such as reading content from the repository

developerconnect.connections.fetchGitHubInstallations

developerconnect.connections.fetchLinkableGitRepositories

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.fetchGitRefs

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Developer Connect Viewer ^Beta

(roles/developerconnect.viewer)

Readonly access to Developer Connect resources.

developerconnect.connections.get

developerconnect.connections.list

developerconnect.gitRepositoryLinks.get

developerconnect.gitRepositoryLinks.list

developerconnect.locations.*

developerconnect.operations.get

developerconnect.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine Admin

(roles/discoveryengine.admin)

Grants full access to all discoveryengine resources.

discoveryengine.*

resourcemanager.projects.get

resourcemanager.projects.list

Discovery Engine Editor

(roles/discoveryengine.editor)

Grants read and write access to all discovery engine resources.

discoveryengine.aclConfigs.get

discoveryengine.analytics.*

discoveryengine.answers.get

discoveryengine.branches.*

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.*

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.dataStores.trainCustomModel

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.create

discoveryengine.documents.delete

discoveryengine.documents.get

discoveryengine.documents.import

discoveryengine.documents.list

discoveryengine.documents.update

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.engines.pause

discoveryengine.engines.resume

discoveryengine.engines.tune

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.models.*

discoveryengine.operations.*

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.*

discoveryengine.sampleQuerySets.*

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.*

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.create

discoveryengine.userEvents.fetchStats

discoveryengine.userEvents.import

discoveryengine.widgetConfigs.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM Notebook Editor ^Beta

(roles/discoveryengine.notebookEditor)

Grants read and write access to a Cloud NotebookLM Notebook.

Cloud NotebookLM Admin ^Beta

(roles/discoveryengine.notebookLmOwner)

Grants full access to Cloud NotebookLM resources.

discoveryengine.aclConfigs.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM User ^Beta

(roles/discoveryengine.notebookLmUser)

Grants user-level access to Cloud NotebookLM resources.

resourcemanager.projects.get

resourcemanager.projects.list

Cloud NotebookLM Notebook Owner ^Beta

(roles/discoveryengine.notebookOwner)

Grants full access to a Cloud NotebookLM Notebook.

Cloud NotebookLM Notebook Viewer ^Beta

(roles/discoveryengine.notebookViewer)

Grants read-only access to a Cloud NotebookLM Notebook.

Discovery Engine User ^Beta

(roles/discoveryengine.user)

Grants user-level access to Discovery Engine resources.

discoveryengine.answers.get

discoveryengine.completionConfigs.completeQuery

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.search

discoveryengine.sessions.delete

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.sessions.update

discoveryengine.userEvents.create

discoveryengine.widgetConfigs.get

Discovery Engine Viewer

(roles/discoveryengine.viewer)

Grants read access to all discovery engine resources.

discoveryengine.aclConfigs.get

discoveryengine.analytics.*

discoveryengine.answers.get

discoveryengine.branches.*

discoveryengine.cmekConfigs.get

discoveryengine.cmekConfigs.list

discoveryengine.collections.get

discoveryengine.collections.list

discoveryengine.completionConfigs.completeQuery

discoveryengine.completionConfigs.get

discoveryengine.controls.get

discoveryengine.controls.list

discoveryengine.conversations.converse

discoveryengine.conversations.get

discoveryengine.conversations.list

discoveryengine.dataStores.completeQuery

discoveryengine.dataStores.get

discoveryengine.dataStores.list

discoveryengine.dataStores.listCustomModels

discoveryengine.documentProcessingConfigs.get

discoveryengine.documents.batchGetDocumentsMetadata

discoveryengine.documents.get

discoveryengine.documents.list

discoveryengine.engines.get

discoveryengine.engines.list

discoveryengine.evaluations.get

discoveryengine.evaluations.list

discoveryengine.groundingConfigs.check

discoveryengine.models.get

discoveryengine.models.list

discoveryengine.operations.*

discoveryengine.projects.get

discoveryengine.rankingConfigs.rank

discoveryengine.sampleQueries.get

discoveryengine.sampleQueries.list

discoveryengine.sampleQuerySets.get

discoveryengine.sampleQuerySets.list

discoveryengine.schemas.get

discoveryengine.schemas.list

discoveryengine.schemas.preview

discoveryengine.schemas.validate

discoveryengine.servingConfigs.answer

discoveryengine.servingConfigs.get

discoveryengine.servingConfigs.list

discoveryengine.servingConfigs.recommend

discoveryengine.servingConfigs.search

discoveryengine.sessions.get

discoveryengine.sessions.list

discoveryengine.siteSearchEngines.get

discoveryengine.targetSites.get

discoveryengine.targetSites.list

discoveryengine.userEvents.fetchStats

discoveryengine.widgetConfigs.get

resourcemanager.projects.get

resourcemanager.projects.list

Enterprise Purchasing Admin ^Beta

(roles/enterprisepurchasing.admin)

Full access to Enterprise Purchasing resources.

enterprisepurchasing.*

resourcemanager.projects.get

resourcemanager.projects.list

Enterprise Purchasing Editor ^Beta

(roles/enterprisepurchasing.editor)

Edit access to Enterprise Purchasing resources.

enterprisepurchasing.gcveCuds.get

enterprisepurchasing.gcveCuds.list

enterprisepurchasing.gcveNodePricingInfo.list

enterprisepurchasing.locations.*

enterprisepurchasing.operations.get

enterprisepurchasing.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Enterprise Purchasing Viewer ^Beta

(roles/enterprisepurchasing.viewer)

Readonly access to Enterprise Purchasing resources.

enterprisepurchasing.gcveCuds.get

enterprisepurchasing.gcveCuds.list

enterprisepurchasing.gcveNodePricingInfo.list

enterprisepurchasing.locations.*

enterprisepurchasing.operations.get

enterprisepurchasing.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Essential Contacts Admin

(roles/essentialcontacts.admin)

Full access to all essential contacts

essentialcontacts.*

Essential Contacts Viewer

(roles/essentialcontacts.viewer)

Viewer for all essential contacts

essentialcontacts.contacts.get

essentialcontacts.contacts.list

Firebase Cloud Messaging API Admin ^Beta

(roles/firebasecloudmessaging.admin)

Full read/write access to Firebase Cloud Messaging API resources.

cloudmessaging.messages.create

fcmdata.deliverydata.list

resourcemanager.projects.get

resourcemanager.projects.list

Firebase Crash Symbol Uploader

(roles/firebasecrash.symbolMappingsAdmin)

Full read/write access to symbol mapping file resources for Firebase Crash Reporting.

firebase.clients.get

firebase.clients.list

resourcemanager.projects.get

Firebase Data Connect API Admin ^Beta

(roles/firebasedataconnect.admin)

Full access to Firebase Data Connect API resources, including data.

firebasedataconnect.*

resourcemanager.projects.get

resourcemanager.projects.list

Firebase Data Connect API Data Admin ^Beta

(roles/firebasedataconnect.dataAdmin)

Full access to data sources.

firebasedataconnect.services.executeGraphql

firebasedataconnect.services.executeGraphqlRead

Firebase Data Connect API Data Viewer ^Beta

(roles/firebasedataconnect.dataViewer)

Readonly access to data sources.

firebasedataconnect.services.executeGraphqlRead

Firebase Data Connect API Viewer ^Beta

(roles/firebasedataconnect.viewer)

Readonly access to Firebase Data Connect API resources. Role does not grant access to data.

firebasedataconnect.connectorRevisions.get

firebasedataconnect.connectorRevisions.list

firebasedataconnect.connectors.get

firebasedataconnect.connectors.list

firebasedataconnect.locations.*

firebasedataconnect.operations.get

firebasedataconnect.operations.list

firebasedataconnect.schemaRevisions.get

firebasedataconnect.schemaRevisions.list

firebasedataconnect.schemas.get

firebasedataconnect.schemas.list

firebasedataconnect.services.get

firebasedataconnect.services.list

resourcemanager.projects.get

resourcemanager.projects.list

GDC Hardware Management Admin ^Beta

(roles/gdchardwaremanagement.admin)

Full access to GDC Hardware Management resources.

gdchardwaremanagement.*

resourcemanager.projects.get

resourcemanager.projects.list

GDC Hardware Management Operator ^Beta

(roles/gdchardwaremanagement.operator)

Create, read, and update access to GDC Hardware Management resources that support those operations. Also grants delete access to HardwareGroup resource.

gdchardwaremanagement.changeLogEntries.*

gdchardwaremanagement.comments.*

gdchardwaremanagement.hardware.*

gdchardwaremanagement.hardwareGroups.*

gdchardwaremanagement.locations.*

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.create

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.orders.update

gdchardwaremanagement.sites.*

gdchardwaremanagement.skus.*

gdchardwaremanagement.zones.*

resourcemanager.projects.get

resourcemanager.projects.list

GDC Hardware Management Reader ^Beta

(roles/gdchardwaremanagement.reader)

Readonly access to GDC Hardware Management resources.

gdchardwaremanagement.changeLogEntries.*

gdchardwaremanagement.comments.get

gdchardwaremanagement.comments.list

gdchardwaremanagement.hardware.get

gdchardwaremanagement.hardware.list

gdchardwaremanagement.hardwareGroups.get

gdchardwaremanagement.hardwareGroups.list

gdchardwaremanagement.locations.*

gdchardwaremanagement.operations.get

gdchardwaremanagement.operations.list

gdchardwaremanagement.orders.get

gdchardwaremanagement.orders.list

gdchardwaremanagement.sites.get

gdchardwaremanagement.sites.list

gdchardwaremanagement.skus.*

gdchardwaremanagement.zones.get

gdchardwaremanagement.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Gemini Cloud Assist User ^Beta

(roles/geminicloudassist.user)

A user who can use Gemini Cloud Assist

cloudaicompanion.companions.*

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

cloudaicompanion.licenses.selfAssign

cloudaicompanion.topics.create

resourcemanager.projects.get

resourcemanager.projects.list

Identity Platform Admin ^Beta

(roles/identityplatform.admin)

Full access to Identity Platform resources.

firebaseauth.*

identitytoolkit.*

Identity Platform Viewer ^Beta

(roles/identityplatform.viewer)

Read access to Identity Platform resources.

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

Identity Toolkit Admin

(roles/identitytoolkit.admin)

Full access to Identity Toolkit resources.

firebaseauth.*

identitytoolkit.*

Identity Toolkit Viewer

(roles/identitytoolkit.viewer)

Read access to Identity Toolkit resources.

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

Apigee Integration Admin

(roles/integrations.apigeeIntegrationAdminRole)

A user that has full access to all Apigee integrations.

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeAuthConfigs.*

integrations.apigeeCertificates.*

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.*

integrations.apigeeSfdcInstances.*

integrations.apigeeSuspensions.*

integrations.authConfigs.*

integrations.certificates.*

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.create

integrations.integrations.delete

integrations.integrations.deploy

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.integrations.update

integrations.sfdcChannels.*

integrations.sfdcInstances.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Integration Deployer

(roles/integrations.apigeeIntegrationDeployerRole)

A developer that can deploy/undeploy Apigee integrations to the integration runtime.

integrations.apigeeIntegrationVers.deploy

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.deploy

integrations.integrations.get

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Integration Editor

(roles/integrations.apigeeIntegrationEditorRole)

A developer that can list, create and update Apigee integrations.

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeAuthConfigs.create

integrations.apigeeAuthConfigs.get

integrations.apigeeAuthConfigs.list

integrations.apigeeAuthConfigs.update

integrations.apigeeCertificates.create

integrations.apigeeCertificates.get

integrations.apigeeCertificates.list

integrations.apigeeCertificates.update

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.create

integrations.apigeeSfdcChannels.get

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcChannels.update

integrations.apigeeSfdcInstances.create

integrations.apigeeSfdcInstances.get

integrations.apigeeSfdcInstances.list

integrations.apigeeSfdcInstances.update

integrations.authConfigs.create

integrations.authConfigs.get

integrations.authConfigs.list

integrations.authConfigs.update

integrations.certificates.get

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.create

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.integrations.update

integrations.sfdcChannels.*

integrations.sfdcInstances.*

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Integration Invoker

(roles/integrations.apigeeIntegrationInvokerRole)

A role that can invoke Apigee integrations.

connectors.actions.*

connectors.connections.executeSqlQuery

connectors.entities.*

connectors.entityTypes.list

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.*

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.invoke

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Integration Viewer

(roles/integrations.apigeeIntegrationsViewer)

A developer that can list and view Apigee integrations.

integrations.apigeeAuthConfigs.list

integrations.apigeeCertificates.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcInstances.list

integrations.authConfigs.get

integrations.authConfigs.list

integrations.certificates.get

integrations.certificates.list

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.list

integrations.sfdcChannels.list

integrations.sfdcInstances.list

resourcemanager.projects.get

resourcemanager.projects.list

Apigee Integration Approver

(roles/integrations.apigeeSuspensionResolver)

A role that can approve / reject Apigee integrations that contain a suspension/wait task.

integrations.apigeeSuspensions.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

Certificate Viewer

(roles/integrations.certificateViewer)

A developer that can list and view Certificates.

integrations.certificates.get

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Admin

(roles/integrations.integrationAdmin)

A user that has full access (CRUD) to all integrations.

integrations.apigeeAuthConfigs.*

integrations.apigeeCertificates.*

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.*

integrations.apigeeSfdcInstances.*

integrations.apigeeSuspensions.*

integrations.authConfigs.*

integrations.certificates.*

integrations.executions.*

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.*

integrations.sfdcChannels.*

integrations.sfdcInstances.*

integrations.suspensions.*

integrations.testCases.*

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Deployer

(roles/integrations.integrationDeployer)

A developer that can deploy/undeploy integrations to the integration runtime.

integrations.apigeeIntegrationVers.deploy

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.deploy

integrations.integrations.get

integrations.integrations.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Editor

(roles/integrations.integrationEditor)

A developer that can list, create and update integrations.

integrations.apigeeAuthConfigs.create

integrations.apigeeAuthConfigs.get

integrations.apigeeAuthConfigs.list

integrations.apigeeAuthConfigs.update

integrations.apigeeCertificates.create

integrations.apigeeCertificates.get

integrations.apigeeCertificates.list

integrations.apigeeCertificates.update

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.*

integrations.apigeeIntegrations.*

integrations.apigeeSfdcChannels.create

integrations.apigeeSfdcChannels.get

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcChannels.update

integrations.apigeeSfdcInstances.create

integrations.apigeeSfdcInstances.get

integrations.apigeeSfdcInstances.list

integrations.apigeeSfdcInstances.update

integrations.authConfigs.create

integrations.authConfigs.get

integrations.authConfigs.list

integrations.authConfigs.update

integrations.certificates.get

integrations.executions.*

integrations.integrationVersions.create

integrations.integrationVersions.delete

integrations.integrationVersions.deploy

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrationVersions.update

integrations.integrations.create

integrations.integrations.generateOpenApiSpec

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.integrations.update

integrations.sfdcChannels.*

integrations.sfdcInstances.*

integrations.testCases.*

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Invoker

(roles/integrations.integrationInvoker)

A role that can invoke integrations.

integrations.apigeeExecutions.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.*

integrations.executions.*

integrations.integrationVersions.get

integrations.integrationVersions.invoke

integrations.integrationVersions.list

integrations.integrations.get

integrations.integrations.invoke

integrations.integrations.list

integrations.testCases.get

integrations.testCases.invoke

integrations.testCases.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Viewer

(roles/integrations.integrationViewer)

A developer that can list and view integrations.

integrations.apigeeAuthConfigs.list

integrations.apigeeCertificates.list

integrations.apigeeIntegrationVers.get

integrations.apigeeIntegrationVers.list

integrations.apigeeIntegrations.list

integrations.apigeeSfdcChannels.list

integrations.apigeeSfdcInstances.list

integrations.authConfigs.get

integrations.authConfigs.list

integrations.certificates.get

integrations.certificates.list

integrations.executions.get

integrations.executions.list

integrations.integrationVersions.get

integrations.integrationVersions.list

integrations.integrations.generateOpenApiSpec

integrations.integrations.get

integrations.integrations.list

integrations.sfdcChannels.list

integrations.sfdcInstances.list

integrations.testCases.get

integrations.testCases.list

resourcemanager.projects.get

resourcemanager.projects.list

Security Integration Admin ^Beta

(roles/integrations.securityIntegrationAdmin)

A user that has full access to all Security integrations.

integrations.securityAuthConfigs.*

integrations.securityExecutions.*

integrations.securityIntegTempVers.*

integrations.securityIntegrationVers.*

integrations.securityIntegrations.*

Application Integration SFDC Instance Admin

(roles/integrations.sfdcInstanceAdmin)

A user that has full access (CRUD) to all SFDC instances.

integrations.sfdcChannels.*

integrations.sfdcInstances.*

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration SFDC Instance Editor

(roles/integrations.sfdcInstanceEditor)

A developer that can list, create and update integrations.

integrations.sfdcChannels.create

integrations.sfdcChannels.get

integrations.sfdcChannels.list

integrations.sfdcChannels.update

integrations.sfdcInstances.create

integrations.sfdcInstances.get

integrations.sfdcInstances.list

integrations.sfdcInstances.update

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration SFDC Instance Viewer

(roles/integrations.sfdcInstanceViewer)

A developer that can list and view SFDC instances.

integrations.sfdcChannels.get

integrations.sfdcChannels.list

integrations.sfdcInstances.get

integrations.sfdcInstances.list

resourcemanager.projects.get

resourcemanager.projects.list

Application Integration Approver

(roles/integrations.suspensionResolver)

A role that can resolve suspended integrations.

integrations.apigeeSuspensions.*

integrations.suspensions.*

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Account Manager Admin ^Beta

(roles/issuerswitch.accountManagerAdmin)

This role can perform all account manager related operations

issuerswitch.accountManagerTransactions.*

issuerswitch.managedAccounts.*

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Account Manager Transactions Admin ^Beta

(roles/issuerswitch.accountManagerTransactionsAdmin)

This role can perform all account manager transactions related operations

issuerswitch.accountManagerTransactions.*

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Account Manager Transactions Viewer ^Beta

(roles/issuerswitch.accountManagerTransactionsViewer)

This role can view all account manager transactions

issuerswitch.accountManagerTransactions.list

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Admin ^Beta

(roles/issuerswitch.admin)

Access to all issuer switch roles

issuerswitch.*

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Participants Admin ^Beta

(roles/issuerswitch.issuerParticipantsAdmin)

Full access to issuer switch participants

issuerswitch.issuerParticipants.*

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Resolutions Admin ^Beta

(roles/issuerswitch.resolutionsAdmin)

Full access to issuer switch resolutions

issuerswitch.complaintTransactions.list

issuerswitch.complaints.*

issuerswitch.disputes.*

issuerswitch.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Rules Admin ^Beta

(roles/issuerswitch.rulesAdmin)

Full access to issuer switch rules

issuerswitch.ruleMetadata.list

issuerswitch.ruleMetadataValues.*

issuerswitch.rules.list

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Rules Viewer ^Beta

(roles/issuerswitch.rulesViewer)

This role can view rules and related metadata.

issuerswitch.ruleMetadata.list

issuerswitch.ruleMetadataValues.list

issuerswitch.rules.list

resourcemanager.projects.get

resourcemanager.projects.list

Issuerswitch Transactions Viewer ^Beta

(roles/issuerswitch.transactionsViewer)

This role can view all transactions

issuerswitch.complaintTransactions.list

issuerswitch.financialTransactions.list

issuerswitch.mandateTransactions.list

issuerswitch.metadataTransactions.list

issuerswitch.operations.get

issuerswitch.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Metadata Publisher ^Beta

(roles/kubernetesmetadata.publisher)

Publisher of Kubernetes clusters metadata

kubernetesmetadata.*

Cloud License Manager Admin

(roles/licensemanager.admin)

Full access to Cloud License Manager resources.

licensemanager.*

resourcemanager.projects.get

resourcemanager.projects.list

Cloud License Manager Viewer

(roles/licensemanager.viewer)

Readonly access to Cloud License Manager resources.

licensemanager.configurations.get

licensemanager.configurations.list

licensemanager.instances.*

licensemanager.locations.*

licensemanager.operations.get

licensemanager.operations.list

licensemanager.products.*

resourcemanager.projects.get

resourcemanager.projects.list

Maintenance API Viewer ^Beta

(roles/maintenance.viewer)

Readonly access to Maintenance API resources.

maintenance.*

resourcemanager.projects.get

resourcemanager.projects.list

Managed Flink Admin ^Beta

(roles/managedflink.admin)

Full access to Managed Flink resources.

managedflink.*

resourcemanager.projects.get

resourcemanager.projects.list

Managed Flink Developer ^Beta

(roles/managedflink.developer)

Full access to Managed Flink Jobs and Sessions and read access to Deployments.

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.*

managedflink.locations.*

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.*

resourcemanager.projects.get

resourcemanager.projects.list

Managed Flink Viewer ^Beta

(roles/managedflink.viewer)

Readonly access to Managed Flink resources.

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.get

managedflink.jobs.list

managedflink.locations.*

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.get

managedflink.sessions.list

resourcemanager.projects.get

resourcemanager.projects.list

Managed Kafka Admin

(roles/managedkafka.admin)

Full access to Managed Kafka resources.

cloudasset.assets.searchAllResources

managedkafka.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Client

(roles/managedkafka.client)

Provides access to connect to the Kafka servers in a cluster, i.e. provides Kafka data plane access. Intended for, e.g., producers and consumers.

cloudasset.assets.searchAllResources

managedkafka.clusters.attachConnectCluster

managedkafka.clusters.connect

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.get

managedkafka.connectors.list

managedkafka.consumerGroups.*

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Cluster Editor

(roles/managedkafka.clusterEditor)

Provides read and write access to Kafka clusters. Intended for, e.g., IT Departments that provision Kafka clusters, but need not be able to read or modify topics or consumer groups.

cloudasset.assets.searchAllResources

managedkafka.clusters.create

managedkafka.clusters.delete

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.clusters.update

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.get

managedkafka.connectors.list

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Connect Cluster Editor ^Beta

(roles/managedkafka.connectClusterEditor)

Provides read and write access to Kafka Connect clusters. Intended for, e.g., IT Departments that provision Kafka Connect clusters, but need not be able to read or modify connectors.

managedkafka.connectClusters.*

managedkafka.connectors.get

managedkafka.connectors.list

Managed Kafka Connector Editor ^Beta

(roles/managedkafka.connectorEditor)

Provides read and write access to connectors. Intended for, e.g., developers who configure and operate connectors.

cloudasset.assets.searchAllResources

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.*

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Consumer Group Editor

(roles/managedkafka.consumerGroupEditor)

Provides read and write access to consumer group metadata. Intended for, e.g., developers who configure consumer groups.

cloudasset.assets.searchAllResources

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.get

managedkafka.connectors.list

managedkafka.consumerGroups.*

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Topic Editor

(roles/managedkafka.topicEditor)

Provides read and write access to topic metadata. Intended for, e.g., developers who configure topics.

cloudasset.assets.searchAllResources

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.get

managedkafka.connectors.list

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.*

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Managed Kafka Viewer

(roles/managedkafka.viewer)

Readonly access to Managed Kafka resources.

cloudasset.assets.searchAllResources

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.connectClusters.get

managedkafka.connectClusters.list

managedkafka.connectors.get

managedkafka.connectors.list

managedkafka.consumerGroups.get

managedkafka.consumerGroups.list

managedkafka.locations.*

managedkafka.operations.get

managedkafka.operations.list

managedkafka.topics.get

managedkafka.topics.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Mandiant Attack Surface Management Editor ^Beta

(roles/mandiant.attackSurfaceManagementEditor)

Access to write Attack Surface Management

mandiant.genericAttackSurfaceManagements.create

mandiant.genericAttackSurfaceManagements.delete

mandiant.genericAttackSurfaceManagements.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Attack Surface Management Viewer ^Beta

(roles/mandiant.attackSurfaceManagementViewer)

Access to read Attack Surface Management

mandiant.genericAttackSurfaceManagements.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Digital Threat Monitoring Editor ^Beta

(roles/mandiant.digitalThreatMonitoringEditor)

Access to write Digital Threat Monitoring

mandiant.genericDigitalThreatMonitorings.create

mandiant.genericDigitalThreatMonitorings.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Digital Threat Monitoring Viewer ^Beta

(roles/mandiant.digitalThreatMonitoringViewer)

Access to read Digital Threat Monitoring

mandiant.genericDigitalThreatMonitorings.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Expertise On Demand Editor ^Beta

(roles/mandiant.expertiseOnDemandEditor)

Access to write Expertise On Demand

mandiant.genericExpertiseOnDemands.create

mandiant.genericExpertiseOnDemands.delete

mandiant.genericExpertiseOnDemands.update

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Expertise On Demand Viewer ^Beta

(roles/mandiant.expertiseOnDemandViewer)

Access to read Expertise On Demand

mandiant.genericExpertiseOnDemands.get

mandiant.genericPlatforms.get

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Threat Intel Editor ^Beta

(roles/mandiant.threatIntelEditor)

Access to write Threat Intel

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

mandiant.genericThreatIntels.create

mandiant.genericThreatIntels.delete

mandiant.genericThreatIntels.update

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Threat Intel Viewer ^Beta

(roles/mandiant.threatIntelViewer)

Access to read Threat Intel

mandiant.genericPlatforms.get

mandiant.genericThreatIntels.get

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Validation Editor ^Beta

(roles/mandiant.validationEditor)

Access to write Validation

mandiant.genericPlatforms.create

mandiant.genericPlatforms.delete

mandiant.genericPlatforms.update

mandiant.genericValidations.create

mandiant.genericValidations.delete

mandiant.genericValidations.update

resourcemanager.projects.get

resourcemanager.projects.list

Mandiant Validation Viewer ^Beta

(roles/mandiant.validationViewer)

Access to read Validation

mandiant.genericPlatforms.get

mandiant.genericValidations.get

resourcemanager.projects.get

resourcemanager.projects.list

Mobility Solutions Overages Viewer ^Beta

(roles/mapsanalytics.mobilitySolutionsOverageViewer)

Grants read-only access to Mobility Solutions Overages metric data.

mapsanalytics.metricData.queryMobilitySolutionsOverageData

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.list

Maps Analytics Viewer ^Beta

(roles/mapsanalytics.viewer)

Grants read-only access to all of the Maps Analytics resources.

mapsanalytics.metricData.query

mapsanalytics.metricMetadata.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.list

Maps Platform Datasets Admin ^Beta

(roles/mapsplatformdatasets.admin)

Grants read and write access to all the Maps Platform Datasets API resources

mapsadmin.clientStyles.*

mapsplatformdatasets.*

resourcemanager.projects.get

resourcemanager.projects.list

Maps Platform Datasets Viewer ^Beta

(roles/mapsplatformdatasets.viewer)

Grants read-only access to all the Maps Platform Datasets API resources

mapsadmin.clientStyles.get

mapsadmin.clientStyles.list

mapsplatformdatasets.datasets.export

mapsplatformdatasets.datasets.get

mapsplatformdatasets.datasets.list

resourcemanager.projects.get

resourcemanager.projects.list

Marketplace Solutions Admin ^Beta

(roles/marketplacesolutions.admin)

Full access to Marketplace Solutions resources.

marketplacesolutions.*

resourcemanager.projects.get

resourcemanager.projects.list

Marketplace Solutions Editor ^Beta

(roles/marketplacesolutions.editor)

Edit access to Marketplace Solutions resources.

marketplacesolutions.locations.*

marketplacesolutions.operations.get

marketplacesolutions.operations.list

marketplacesolutions.powerImages.*

marketplacesolutions.powerInstances.get

marketplacesolutions.powerInstances.list

marketplacesolutions.powerInstances.update

marketplacesolutions.powerNetworks.*

marketplacesolutions.powerSshKeys.*

marketplacesolutions.powerVolumes.*

resourcemanager.projects.get

resourcemanager.projects.list

Marketplace Solutions Viewer ^Beta

(roles/marketplacesolutions.viewer)

Readonly access to Marketplace Solutions resources.

marketplacesolutions.locations.*

marketplacesolutions.operations.get

marketplacesolutions.operations.list

marketplacesolutions.powerImages.*

marketplacesolutions.powerInstances.get

marketplacesolutions.powerInstances.list

marketplacesolutions.powerNetworks.*

marketplacesolutions.powerSshKeys.*

marketplacesolutions.powerVolumes.*

resourcemanager.projects.get

resourcemanager.projects.list

Memorystore Admin

(roles/memorystore.admin)

Full access to Memorystore resources.

memorystore.*

resourcemanager.projects.get

resourcemanager.projects.list

Memorystore DB Connector User

(roles/memorystore.dbConnectionUser)

Access to connecting to Memorystore Server db.

memorystore.instances.connect

Memorystore Viewer

(roles/memorystore.viewer)

Readonly access to Memorystore resources.

memorystore.backupCollections.*

memorystore.backups.get

memorystore.backups.list

memorystore.instances.get

memorystore.instances.list

memorystore.locations.*

memorystore.operations.get

memorystore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Admin

(roles/modelarmor.admin)

Grants full access to all modelarmor resources. Intended for administrators & owners.

modelarmor.locations.*

modelarmor.templates.*

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Admin

(roles/modelarmor.floorSettingsAdmin)

Grants full access to all Model Armor Floor Setting resources. Intended for administrators & owners.

modelarmor.floorSettings.*

modelarmor.locations.*

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Floor Setting Viewer

(roles/modelarmor.floorSettingsViewer)

Grants read access to all Model Armor Floor Setting resources. Intended for viewers.

modelarmor.floorSettings.get

modelarmor.locations.*

resourcemanager.folders.get

resourcemanager.folders.list

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor User

(roles/modelarmor.user)

Grants access to sanitize APIs for templates. Intended for users & applications which plan to use a template.

modelarmor.locations.*

modelarmor.templates.useToSanitizeModelResponse

modelarmor.templates.useToSanitizeUserPrompt

resourcemanager.projects.get

resourcemanager.projects.list

Model Armor Viewer

(roles/modelarmor.viewer)

Grants read access to all model armor resources. Intended for viewers.

modelarmor.locations.*

modelarmor.templates.get

modelarmor.templates.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Home Developer Console Admin

(roles/nestconsole.homeDeveloperAdmin)

Admin access to Google Home Developer Console resources

nestconsole.*

resourcemanager.projects.get

resourcemanager.projects.list

Google Home Developer Console Editor

(roles/nestconsole.homeDeveloperEditor)

Read-Write access to Google Home Developer Console resources

nestconsole.smarthomePreviews.update

nestconsole.smarthomeProjects.get

nestconsole.smarthomeProjects.update

nestconsole.smarthomeVersions.*

resourcemanager.projects.get

resourcemanager.projects.list

Google Home Developer Console Reader

(roles/nestconsole.homeDeveloperViewer)

Read-only access to Google Home Developer Console resources

nestconsole.smarthomeProjects.get

nestconsole.smarthomeVersions.get

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud NetApp Volumes Admin ^Beta

(roles/netapp.admin)

Full access to Google Cloud NetApp Volumes resources.

netapp.*

resourcemanager.projects.get

resourcemanager.projects.list

Google Cloud NetApp Volumes Viewer ^Beta

(roles/netapp.viewer)

Readonly access to Google Cloud NetApp Volumes resources.

netapp.activeDirectories.get

netapp.activeDirectories.list

netapp.backupPolicies.get

netapp.backupPolicies.list

netapp.backupVaults.get

netapp.backupVaults.list

netapp.backups.get

netapp.backups.list

netapp.kmsConfigs.get

netapp.kmsConfigs.list

netapp.locations.*

netapp.operations.get

netapp.operations.list

netapp.quotaRules.get

netapp.quotaRules.list

netapp.replications.get

netapp.replications.list

netapp.snapshots.get

netapp.snapshots.list

netapp.storagePools.get

netapp.storagePools.list

netapp.volumes.get

netapp.volumes.list

resourcemanager.projects.get

resourcemanager.projects.list

OAuth Config Editor ^Beta

(roles/oauthconfig.editor)

Read/write access to OAuth config resources

clientauthconfig.*

firebase.clients.create

firebase.clients.get

firebase.clients.list

firebase.clients.update

firebaseappcheck.resourcePolicies.*

oauthconfig.*

OAuth Config Viewer ^Beta

(roles/oauthconfig.viewer)

Read-only access to OAuth config resources

clientauthconfig.brands.get

clientauthconfig.brands.list

clientauthconfig.clients.get

clientauthconfig.clients.list

firebase.clients.get

firebase.clients.list

firebaseappcheck.resourcePolicies.get

oauthconfig.clientpolicy.get

oauthconfig.testusers.get

oauthconfig.verification.get

Oracle Database@Google Cloud admin

(roles/oracledatabase.admin)

Grants full access to manage all Oracle Database resources.

oracledatabase.*

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Autonomous Database Admin

(roles/oracledatabase.autonomousDatabaseAdmin)

Grants full access to manage all Autonomous Database resources.

oracledatabase.autonomousDatabaseBackups.*

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.*

oracledatabase.autonomousDbVersions.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Autonomous Database Viewer

(roles/oracledatabase.autonomousDatabaseViewer)

Grants read access to see all Autonomous Database resources.

oracledatabase.autonomousDatabaseBackups.get

oracledatabase.autonomousDatabaseBackups.list

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.get

oracledatabase.autonomousDatabases.list

oracledatabase.autonomousDbVersions.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Infrastructure Admin

(roles/oracledatabase.cloudExadataInfrastructureAdmin)

Grants full access to manage all Exadata Infrastructure resources.

oracledatabase.cloudExadataInfrastructures.create

oracledatabase.cloudExadataInfrastructures.delete

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.cloudExadataInfrastructures.update

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Infrastructure Viewer

(roles/oracledatabase.cloudExadataInfrastructureViewer)

Grants read access to see all Exadata Infrastructure resources.

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud VM Cluster Admin

(roles/oracledatabase.cloudVmClusterAdmin)

Grants full access to manage all VM Cluster resources.

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.cloudExadataInfrastructures.use

oracledatabase.cloudVmClusters.*

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.*

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud VM Cluster Viewer

(roles/oracledatabase.cloudVmClusterViewer)

Grants read access to see all VM Cluster resources.

oracledatabase.cloudVmClusters.get

oracledatabase.cloudVmClusters.list

oracledatabase.dbNodes.list

oracledatabase.entitlements.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud viewer

(roles/oracledatabase.viewer)

Grants view access to all Oracle Database resources.

oracledatabase.autonomousDatabaseBackups.get

oracledatabase.autonomousDatabaseBackups.list

oracledatabase.autonomousDatabaseCharacterSets.list

oracledatabase.autonomousDatabases.get

oracledatabase.autonomousDatabases.list

oracledatabase.autonomousDbVersions.list

oracledatabase.cloudExadataInfrastructures.get

oracledatabase.cloudExadataInfrastructures.list

oracledatabase.cloudVmClusters.get

oracledatabase.cloudVmClusters.list

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase.dbSystemShapes.list

oracledatabase.entitlements.list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Parallelstore Admin

(roles/parallelstore.admin)

Full access to Parallelstore resources.

parallelstore.*

resourcemanager.projects.get

resourcemanager.projects.list

Parallelstore Viewer

(roles/parallelstore.viewer)

Readonly access to Parallelstore resources.

parallelstore.instances.get

parallelstore.instances.list

parallelstore.locations.*

parallelstore.operations.get

parallelstore.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Parameter Manager Admin ^Beta

(roles/parametermanager.admin)

Grants full access to all Parameter Manager resources. Intended for project admins & owners who need to perform all administrative tasks.

parametermanager.*

resourcemanager.projects.get

resourcemanager.projects.list

Parameter Manager Parameter Accessor ^Beta

(roles/parametermanager.parameterAccessor)

Grants read access to ParameterManager ParameterVersion resources. Intended for users & applications that need to perform read operations on ParameterVersion only.

parametermanager.locations.*

parametermanager.parameterVersions.render

resourcemanager.projects.get

resourcemanager.projects.list

Parameter Manager Parameter Version Adder ^Beta

(roles/parametermanager.parameterVersionAdder)

Grants create access to Parameter Manager ParameterVersion resources. Intended for users & applications that need to perform create operations on ParameterVersions only.

parametermanager.locations.*

parametermanager.parameterVersions.create

parametermanager.parameters.get

parametermanager.parameters.list

resourcemanager.projects.get

resourcemanager.projects.list

Parameter Manager Parameter Version Manager ^Beta

(roles/parametermanager.parameterVersionManager)

Grants read & write access to all Parameter Manager ParameterVersion resources. Intended for users & applications that need to view Parameters & perform create/read/update/delete/list operations on ParameterVersions only.

parametermanager.locations.*

parametermanager.parameterVersions.create

parametermanager.parameterVersions.delete

parametermanager.parameterVersions.get

parametermanager.parameterVersions.list

parametermanager.parameterVersions.update

parametermanager.parameters.get

parametermanager.parameters.list

resourcemanager.projects.get

resourcemanager.projects.list

Parameter Manager Parameter Viewer ^Beta

(roles/parametermanager.parameterViewer)

Grants read access to Parameter Manager Parameter & ParameterVersion resources. Intended for users & applications that need to perform read/list operations on Parameters & ParameterVersions only.

parametermanager.locations.*

parametermanager.parameterVersions.get

parametermanager.parameterVersions.list

parametermanager.parameters.get

parametermanager.parameters.list

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Admin ^Beta

(roles/paymentsresellersubscription.partnerAdmin)

Full access to all Payments Reseller resources, including subscriptions, products and promotions

paymentsresellersubscription.*

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Viewer ^Beta

(roles/paymentsresellersubscription.partnerViewer)

Read access to all Payments Reseller resources, including subscriptions, products and promotions

paymentsresellersubscription.products.list

paymentsresellersubscription.promotions.list

paymentsresellersubscription.subscriptions.get

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Products Viewer ^Beta

(roles/paymentsresellersubscription.productViewer)

Read access to Payments Reseller Product resource

paymentsresellersubscription.products.list

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Promotions Viewer ^Beta

(roles/paymentsresellersubscription.promotionViewer)

Read access to Payments Reseller Promotion resource

paymentsresellersubscription.promotions.list

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Subscriptions Editor ^Beta

(roles/paymentsresellersubscription.subscriptionEditor)

Write access to Payments Reseller Subscription resource

paymentsresellersubscription.subscriptions.*

resourcemanager.projects.get

resourcemanager.projects.list

Payments Reseller Subscriptions Viewer ^Beta

(roles/paymentsresellersubscription.subscriptionViewer)

Read access to Payments Reseller Subscription resource

paymentsresellersubscription.subscriptions.get

resourcemanager.projects.get

resourcemanager.projects.list

Payments Partner UserSessions Editor ^Beta

(roles/paymentsresellersubscription.userSessionEditor)

Editor of UserSessions for a Payments Partner

paymentsresellersubscription.userSessions.generate

Activity Analysis Viewer ^Beta

(roles/policyanalyzer.activityAnalysisViewer)

Viewer user that can read all activity analysis.

policyanalyzer.*

Policy Remediator Admin ^Beta

(roles/policyremediatormanager.policyRemediatorAdmin)

Grants the ability to enable and disable the usage of the policy remediator for the organization

policyremediatormanager.*

Policy Remediator Reader ^Beta

(roles/policyremediatormanager.policyRemediatorReader)

Grants the ability to read/view the state of the policy remediator for the organization

policyremediatormanager.locations.*

policyremediatormanager.operations.get

policyremediatormanager.operations.list

policyremediatormanager.remediatorServices.get

Simulator Admin ^Beta

(roles/policysimulator.admin)

Admin user that can run and access replays.

policysimulator.accessPolicySimulationResults.list

policysimulator.accessPolicySimulations.*

policysimulator.replayResults.list

policysimulator.replays.*

OrgPolicy Simulator Admin ^Beta

(roles/policysimulator.orgPolicyAdmin)

OrgPolicy Admin that can run and access simulations.

cloudasset.assets.analyzeOrgPolicy

cloudasset.assets.exportResource

cloudasset.assets.listResource

cloudasset.assets.searchAllResources

orgpolicy.customConstraints.get

orgpolicy.customConstraints.list

orgpolicy.policies.list

orgpolicy.policy.get

policysimulator.orgPolicyViolations.list

policysimulator.orgPolicyViolationsPreviews.*

resourcemanager.organizations.get

External Account Key Creator ^Beta

(roles/publicca.externalAccountKeyCreator)

This role can create a new externalAccountKey resource.

publicca.externalAccountKeys.create

resourcemanager.projects.get

resourcemanager.projects.list

Subscription Linking Admin

(roles/readerrevenuesubscriptionlinking.admin)

Full access to publication reader resources

readerrevenuesubscriptionlinking.*

resourcemanager.projects.get

resourcemanager.projects.list

Subscription Linking Entitlements Viewer

(roles/readerrevenuesubscriptionlinking.entitlementsViewer)

This role can view all publication reader entitlements

readerrevenuesubscriptionlinking.readerEntitlements.get

Subscription Linking Viewer

(roles/readerrevenuesubscriptionlinking.viewer)

This role can view all publication reader resources

readerrevenuesubscriptionlinking.readerEntitlements.get

readerrevenuesubscriptionlinking.readers.get

resourcemanager.projects.get

resourcemanager.projects.list

Recommendations Exporter

(roles/recommender.exporter)

Exporter of Recommendations

recommender.resources.export

Remote Build Execution Action Cache Writer ^Beta

(roles/remotebuildexecution.actionCacheWriter)

Remote Build Execution Action Cache Writer

remotebuildexecution.actions.set

remotebuildexecution.blobs.create

Remote Build Execution Artifact Admin ^Beta

(roles/remotebuildexecution.artifactAdmin)

Remote Build Execution Artifact Admin

remotebuildexecution.actions.create

remotebuildexecution.actions.delete

remotebuildexecution.actions.get

remotebuildexecution.blobs.*

remotebuildexecution.logstreams.*

Remote Build Execution Artifact Creator ^Beta

(roles/remotebuildexecution.artifactCreator)

Remote Build Execution Artifact Creator

remotebuildexecution.actions.create

remotebuildexecution.actions.get

remotebuildexecution.blobs.*

remotebuildexecution.logstreams.*

Remote Build Execution Artifact Viewer ^Beta

(roles/remotebuildexecution.artifactViewer)

Remote Build Execution Artifact Viewer

remotebuildexecution.actions.get

remotebuildexecution.blobs.get

remotebuildexecution.logstreams.get

Remote Build Execution Configuration Admin ^Beta

(roles/remotebuildexecution.configurationAdmin)

Remote Build Execution Configuration Admin

remotebuildexecution.instances.*

remotebuildexecution.workerpools.*

Remote Build Execution Configuration Viewer ^Beta

(roles/remotebuildexecution.configurationViewer)

Remote Build Execution Configuration Viewer

remotebuildexecution.instances.get

remotebuildexecution.instances.list

remotebuildexecution.workerpools.get

remotebuildexecution.workerpools.list

Remote Build Execution Logstream Writer ^Beta

(roles/remotebuildexecution.logstreamWriter)

Remote Build Execution Logstream Writer

remotebuildexecution.logstreams.create

remotebuildexecution.logstreams.update

Remote Build Execution Reservation Admin ^Beta

(roles/remotebuildexecution.reservationAdmin)

Remote Build Execution Reservation Admin

remotebuildexecution.actions.create

remotebuildexecution.actions.delete

remotebuildexecution.actions.get

Remote Build Execution Worker ^Beta

(roles/remotebuildexecution.worker)

Remote Build Execution Worker

remotebuildexecution.actions.update

remotebuildexecution.blobs.*

remotebuildexecution.botsessions.*

remotebuildexecution.logstreams.create

remotebuildexecution.logstreams.update

Retail Admin

(roles/retail.admin)

Full access to Retail api resources.

automlrecommendations.apiKeys.create

automlrecommendations.apiKeys.delete

automlrecommendations.catalogItems.*

automlrecommendations.catalogs.*

automlrecommendations.eventStores.getStats

automlrecommendations.events.create

automlrecommendations.events.list

automlrecommendations.events.purge

automlrecommendations.events.rejoin

automlrecommendations.placements.*

automlrecommendations.recommendations.*

retail.alertConfigs.*

retail.attributesConfigs.*

retail.branches.*

retail.catalogs.*

retail.controls.*

retail.experiments.*

retail.models.*

retail.operations.*

retail.placements.*

retail.products.*

retail.retailProjects.*

retail.servingConfigs.*

retail.userEvents.*

Retail Editor

(roles/retail.editor)

Full access to Retail api resources except purge, rejoin, and setSponsorship.

automlrecommendations.apiKeys.create

automlrecommendations.apiKeys.delete

automlrecommendations.catalogItems.*

automlrecommendations.catalogs.*

automlrecommendations.eventStores.getStats

automlrecommendations.events.create

automlrecommendations.events.list

automlrecommendations.placements.*

automlrecommendations.recommendations.*

retail.alertConfigs.*

retail.attributesConfigs.addCatalogAttribute

retail.attributesConfigs.exportCatalogAttributes

retail.attributesConfigs.get

retail.attributesConfigs.importCatalogAttributes

retail.attributesConfigs.replaceCatalogAttribute

retail.attributesConfigs.update

retail.branches.*

retail.catalogs.*

retail.controls.*

retail.experiments.*

retail.models.*

retail.operations.*

retail.placements.*

retail.products.create

retail.products.delete

retail.products.export

retail.products.get

retail.products.import

retail.products.list

retail.products.update

retail.retailProjects.get

retail.servingConfigs.*

retail.userEvents.create

retail.userEvents.import

Retail Merchant Approver ^Beta

(roles/retail.merchantApprover)

Grants access and approval rights to MerchantControls in the merchant console.

retail.attributesConfigs.get

retail.merchantControls.*

retail.servingConfigs.list

retail.servingConfigs.search

Retail Merchant Creator ^Beta

(roles/retail.merchantCreator)

Grants access to own MerchantControls in the merchant console.

retail.attributesConfigs.get

retail.merchantControls.creatorCreate

retail.merchantControls.creatorDelete

retail.merchantControls.creatorGet

retail.merchantControls.creatorList

retail.merchantControls.creatorSubmit

retail.merchantControls.creatorUpdate

retail.servingConfigs.search

Retail Viewer

(roles/retail.viewer)

Grants access to read all resources in Retail.

automlrecommendations.catalogItems.get

automlrecommendations.catalogItems.list

automlrecommendations.catalogs.getStats

automlrecommendations.catalogs.list

automlrecommendations.eventStores.getStats

automlrecommendations.events.list

automlrecommendations.placements.getStats

automlrecommendations.placements.list

automlrecommendations.recommendations.list

retail.alertConfigs.get

retail.attributesConfigs.exportCatalogAttributes

retail.attributesConfigs.get

retail.branches.*

retail.catalogs.completeQuery

retail.catalogs.exportAnalyticsMetrics

retail.catalogs.get

retail.catalogs.list

retail.controls.export

retail.controls.get

retail.controls.list

retail.experiments.get

retail.experiments.list

retail.experiments.loadExperimentLookerDashboard

retail.experiments.queryTrafficMetrics

retail.models.get

retail.models.list

retail.operations.*

retail.placements.*

retail.products.export

retail.products.get

retail.products.list

retail.retailProjects.get

retail.servingConfigs.get

retail.servingConfigs.list

retail.servingConfigs.predict

retail.servingConfigs.search

RISC Configuration Admin ^Beta

(roles/riscconfigs.admin)

Read/write access to RISC config resources.

clientauthconfig.clients.list

riscconfigurationservice.*

RISC Configuration Viewer ^Beta

(roles/riscconfigs.viewer)

Read-only access to RISC config resources.

clientauthconfig.clients.list

riscconfigurationservice.riscconfigs.get

Route Optimization Editor

(roles/routeoptimization.editor)

This role can create long-running operations via BatchOptimizeTours.

resourcemanager.projects.get

resourcemanager.projects.list

routeoptimization.*

Route Optimization Viewer

(roles/routeoptimization.viewer)

This role can view any long-running Operations.

resourcemanager.projects.get

resourcemanager.projects.list

routeoptimization.operations.get

Serverless Integrations Developer ^Beta

(roles/runapps.developer)

Access to create and change Serverless Integrations and their configuration.

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.*

runapps.deployments.get

runapps.deployments.list

runapps.locations.*

runapps.operations.*

Serverless Integrations Operator ^Beta

(roles/runapps.operator)

Access to deploy Serverless Integrations.

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.get

runapps.applications.getStatus

runapps.applications.list

runapps.deployments.*

runapps.locations.*

runapps.operations.*

Serverless Integrations Viewer ^Beta

(roles/runapps.viewer)

Read-only access to Serverless Integrations resources.

resourcemanager.projects.get

resourcemanager.projects.list

runapps.applications.get

runapps.applications.getStatus

runapps.applications.list

runapps.deployments.get

runapps.deployments.list

runapps.locations.*

runapps.operations.get

runapps.operations.list

Cloud RuntimeConfig Admin

(roles/runtimeconfig.admin)

Full access to RuntimeConfig resources.

runtimeconfig.*

SaaS Service Management Admin ^Beta

(roles/saasservicemgmt.admin)

Full access to SaaS Service Management resources.

resourcemanager.projects.get

resourcemanager.projects.list

saasservicemgmt.*

SaaS Service Management Viewer ^Beta

(roles/saasservicemgmt.viewer)

Readonly access to SaaS Service Management resources.

resourcemanager.projects.get

resourcemanager.projects.list

saasservicemgmt.locations.*

saasservicemgmt.operations.get

saasservicemgmt.operations.list

saasservicemgmt.releases.get

saasservicemgmt.releases.list

saasservicemgmt.rolloutKinds.get

saasservicemgmt.rolloutKinds.list

saasservicemgmt.rollouts.get

saasservicemgmt.rollouts.list

saasservicemgmt.saas.get

saasservicemgmt.saas.list

saasservicemgmt.unitKinds.get

saasservicemgmt.unitKinds.list

saasservicemgmt.unitOperations.get

saasservicemgmt.unitOperations.list

saasservicemgmt.units.get

saasservicemgmt.units.list

SLZ BQDW Blueprint Organization Level Remediator ^Beta

(roles/securedlandingzone.bqdwOrgRemediator)

Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.list

accesscontextmanager.servicePerimeters.update

SLZ BQDW Blueprint Project Level Remediator ^Beta

(roles/securedlandingzone.bqdwProjectRemediator)

Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.setIamPolicy

bigquery.datasets.update

cloudkms.cryptoKeys.get

cloudkms.cryptoKeys.getIamPolicy

cloudkms.cryptoKeys.list

cloudkms.cryptoKeys.setIamPolicy

cloudkms.cryptoKeys.update

cloudkms.keyRings.getIamPolicy

cloudkms.keyRings.setIamPolicy

pubsub.topics.get

pubsub.topics.getIamPolicy

pubsub.topics.list

pubsub.topics.setIamPolicy

pubsub.topics.update

resourcemanager.projects.update

serviceusage.services.use

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

storage.buckets.setIamPolicy

storage.buckets.update

Overwatch Activator ^Beta

(roles/securedlandingzone.overwatchActivator)

This role can activate or suspend Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.overwatches.activate

securedlandingzone.overwatches.suspend

Overwatch Admin ^Beta

(roles/securedlandingzone.overwatchAdmin)

Full access to Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.*

Overwatch Viewer ^Beta

(roles/securedlandingzone.overwatchViewer)

This role can view all properties of Overwatches

resourcemanager.projects.get

resourcemanager.projects.list

securedlandingzone.operations.get

securedlandingzone.overwatches.get

securedlandingzone.overwatches.list

Security Posture Admin

(roles/securityposture.admin)

Full access to Security Posture service APIs.

orgpolicy.*

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycentermanagement.effectiveSecurityHealthAnalyticsCustomModules.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.get

securitycentermanagement.securityHealthAnalyticsCustomModules.list

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.*

Security Posture Deployer

(roles/securityposture.postureDeployer)

Mutate and read permissions to the Posture Deployment resource.

orgpolicy.*

resourcemanager.organizations.get

securitycenter.securityhealthanalyticssettings.*

securitycentermanagement.securityHealthAnalyticsCustomModules.create

securitycentermanagement.securityHealthAnalyticsCustomModules.delete

securitycentermanagement.securityHealthAnalyticsCustomModules.update

securityposture.operations.get

securityposture.postureDeployments.*

Security Posture Deployments Viewer

(roles/securityposture.postureDeploymentsViewer)

Read only access to the Posture Deployment resource.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

Security Posture Resource Editor

(roles/securityposture.postureEditor)

Mutate and read permissions to the Posture resource.

securityposture.operations.get

securityposture.postures.*

Security Posture Resource Viewer

(roles/securityposture.postureViewer)

Read only access to the Posture resource.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postures.get

securityposture.postures.list

Security Posture Shift-Left Validator

(roles/securityposture.reportCreator)

Create access for Reports, e.g. IaC Validation Report.

securityposture.operations.get

securityposture.reports.*

Security Posture Viewer

(roles/securityposture.viewer)

Read only access to all the SecurityPosture Service resources.

resourcemanager.organizations.get

securityposture.operations.get

securityposture.postureDeployments.get

securityposture.postureDeployments.list

securityposture.postureTemplates.*

securityposture.postures.get

securityposture.postures.list

Personalized Service Health Viewer

(roles/servicehealth.viewer)

Readonly access to Personalized Service Health resources.

resourcemanager.projects.get

resourcemanager.projects.list

servicehealth.*

Security Insights Viewer ^Beta

(roles/servicesecurityinsights.securityInsightsViewer)

Read-only access to Security Insights resources

servicesecurityinsights.*

Speaker ID Admin

(roles/speakerid.admin)

Grants full access to all Speaker ID resources, including project settings.

speakerid.*

Speaker ID Editor

(roles/speakerid.editor)

Grants access to read and write all Speaker ID resources.

speakerid.phrases.*

speakerid.speakers.*

Speaker ID Verifier

(roles/speakerid.verifier)

Grants read access to all Speaker ID resources, and allows verification.

speakerid.phrases.get

speakerid.phrases.list

speakerid.speakers.get

speakerid.speakers.list

speakerid.speakers.verify

Speaker ID Viewer

(roles/speakerid.viewer)

Grants read access to all Speaker ID resources.

speakerid.phrases.get

speakerid.phrases.list

speakerid.speakers.get

speakerid.speakers.list

Cloud Speech Administrator

(roles/speech.admin)

Grants full access to all resources in Speech-to-text

speech.*

Cloud Speech Client

(roles/speech.client)

Grants access to the recognition APIs.

speech.adaptations.execute

speech.customClasses.get

speech.customClasses.list

speech.locations.*

speech.operations.get

speech.operations.list

speech.operations.wait

speech.phraseSets.get

speech.phraseSets.list

speech.recognizers.get

speech.recognizers.list

speech.recognizers.recognize

Cloud Speech Editor

(roles/speech.editor)

Grants access to edit resources in Speech-to-text

speech.adaptations.execute

speech.customClasses.*

speech.locations.*

speech.operations.*

speech.phraseSets.*

speech.recognizers.*

Storage Insights Admin

(roles/storageinsights.admin)

Full access to Storage Insights resources.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.*

Storage Insights Analyst

(roles/storageinsights.analyst)

Data access to Storage Insights.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.linkDataset

storageinsights.datasetConfigs.list

storageinsights.datasetConfigs.unlinkDataset

storageinsights.locations.*

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

Storage Insights Viewer

(roles/storageinsights.viewer)

Read-only access to Storage Insights resources.

resourcemanager.projects.get

resourcemanager.projects.list

storageinsights.datasetConfigs.get

storageinsights.datasetConfigs.list

storageinsights.locations.*

storageinsights.operations.get

storageinsights.operations.list

storageinsights.reportConfigs.get

storageinsights.reportConfigs.list

storageinsights.reportDetails.*

Subscribe with Google Developer ^Beta

(roles/subscribewithgoogledeveloper.developer)

Access DevTools for Subscribe with Google

resourcemanager.projects.get

resourcemanager.projects.list

subscribewithgoogledeveloper.tools.get

Telco Automation Admin ^Beta

(roles/telcoautomation.admin)

Full access to Telco Automation resources.

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logScopes.get

logging.logScopes.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

monitoring.timeSeries.list

observability.scopes.get

resourcemanager.projects.get

serviceusage.quotas.*

serviceusage.services.*

source.repos.get

source.repos.list

telcoautomation.*

Telco Automation Blueprint Designer ^Beta

(roles/telcoautomation.blueprintDesigner)

Ability to manage blueprints

telcoautomation.blueprints.create

telcoautomation.blueprints.delete

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.blueprints.propose

telcoautomation.blueprints.update

telcoautomation.deployments.computeStatus

telcoautomation.deployments.get

telcoautomation.deployments.list

telcoautomation.hydratedDeployments.get

telcoautomation.hydratedDeployments.list

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

telcoautomation.publicBlueprints.*

Telco Automation Deployment Admin ^Beta

(roles/telcoautomation.deploymentAdmin)

Ability to manage deployments

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

Telco Automation Tier 1 Operations Admin ^Beta

(roles/telcoautomation.opsAdminTier1)

Ability to get status of deployments

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logScopes.get

logging.logScopes.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.computeStatus

telcoautomation.deployments.get

telcoautomation.deployments.list

telcoautomation.hydratedDeployments.get

telcoautomation.hydratedDeployments.list

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

Telco Automation Tier 4 Operations Admin ^Beta

(roles/telcoautomation.opsAdminTier4)

Ability to manage deployments and their status

logging.buckets.get

logging.buckets.list

logging.exclusions.get

logging.exclusions.list

logging.links.get

logging.links.list

logging.locations.*

logging.logEntries.list

logging.logMetrics.get

logging.logMetrics.list

logging.logScopes.get

logging.logScopes.list

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.operations.get

logging.operations.list

logging.queries.getShared

logging.queries.listShared

logging.queries.usePrivate

logging.sinks.get

logging.sinks.list

logging.usage.get

logging.views.get

logging.views.list

observability.scopes.get

resourcemanager.projects.get

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

Telco Automation Service Orchestrator ^Beta

(roles/telcoautomation.serviceOrchestrator)

Ability to manage deployments

telcoautomation.blueprints.get

telcoautomation.blueprints.list

telcoautomation.deployments.*

telcoautomation.hydratedDeployments.*

telcoautomation.orchestrationClusters.get

telcoautomation.orchestrationClusters.list

Timeseries Insights DataSet Editor ^Beta

(roles/timeseriesinsights.datasetsEditor)

Edit access to DataSets.

timeseriesinsights.*

Timeseries Insights DataSet Owner ^Beta

(roles/timeseriesinsights.datasetsOwner)

Full access to DataSets.

timeseriesinsights.*

Timeseries Insights DataSet Viewer ^Beta

(roles/timeseriesinsights.datasetsViewer)

Read-only access (List and Query) to DataSets.

timeseriesinsights.datasets.evaluate

timeseriesinsights.datasets.list

timeseriesinsights.datasets.query

timeseriesinsights.locations.*

Traffic Director Client ^Beta

(roles/trafficdirector.client)

Fetch service configurations and report metrics.

trafficdirector.*

Translation Hub Admin ^Beta

(roles/translationhub.admin)

Admin of Translation Hub

automl.models.get

automl.models.list

automl.models.predict

cloudtranslate.customModels.get

cloudtranslate.customModels.list

cloudtranslate.customModels.predict

cloudtranslate.glossaries.create

cloudtranslate.glossaries.delete

cloudtranslate.glossaries.get

cloudtranslate.glossaries.list

cloudtranslate.glossaries.predict

resourcemanager.projects.get

resourcemanager.projects.list

translationhub.*

Translation Hub Portal User ^Beta

(roles/translationhub.portalUser)

Portal user of Translation Hub

automl.models.get

automl.models.list

automl.models.predict

cloudtranslate.customModels.get

cloudtranslate.customModels.list

cloudtranslate.customModels.predict

cloudtranslate.glossaries.get

cloudtranslate.glossaries.list

cloudtranslate.glossaries.predict

resourcemanager.projects.get

resourcemanager.projects.list

translationhub.portals.get

translationhub.portals.list

Visual Inspection AI Solution Editor

(roles/visualinspection.editor)

Read and write access to all Visual Inspection AI resources except visualinspection.locations.reportUsageMetrics

visualinspection.annotationSets.*

visualinspection.annotationSpecs.*

visualinspection.annotations.*

visualinspection.datasets.*

visualinspection.images.*

visualinspection.locations.get

visualinspection.locations.list

visualinspection.modelEvaluations.*

visualinspection.models.*

visualinspection.modules.*

visualinspection.operations.*

visualinspection.solutionArtifacts.*

visualinspection.solutions.*

Visual Inspection AI Usage Metrics Reporter

(roles/visualinspection.usageMetricsReporter)

ReportUsageMetric access to Visual Inspection AI Service

visualinspection.locations.reportUsageMetrics

Visual Inspection AI Viewer

(roles/visualinspection.viewer)

Read access to Visual Inspection AI resources

visualinspection.annotationSets.get

visualinspection.annotationSets.list

visualinspection.annotationSpecs.get

visualinspection.annotationSpecs.list

visualinspection.annotations.get

visualinspection.annotations.list

visualinspection.datasets.export

visualinspection.datasets.get

visualinspection.datasets.list

visualinspection.images.get

visualinspection.images.list

visualinspection.locations.get

visualinspection.locations.list

visualinspection.modelEvaluations.*

visualinspection.models.get

visualinspection.models.list

visualinspection.modules.get

visualinspection.modules.list

visualinspection.operations.*

visualinspection.solutionArtifacts.get

visualinspection.solutionArtifacts.list

visualinspection.solutionArtifacts.predict

visualinspection.solutions.get

visualinspection.solutions.list

For more information about predefined roles, see Roles and permissions. For help choosing the most appropriate predefined roles, see Choose predefined roles.

Predefined Application Integration IAM roles

Other roles

Advisory Notifications Admin

Advisory Notifications Viewer

Cloud API Hub Admin Beta

Cloud API hub Attributes Admin Beta

Cloud API Hub Editor Beta

Cloud API hub Plugins Admin Beta

Cloud API hub Provisioning Admin Beta

Cloud API hub Runtime Project Attachment Editor Beta

Cloud API hub Viewer Beta

API Management Admin Beta

API Management Viewer Beta

App Hub Admin

App Management Viewer Beta

App Hub Editor

App Hub Viewer

Appliance troubleshooting commands approver Beta

On-appliance troubleshooting client Beta

Appliance troubleshooter Beta

Assured OSS Admin

Assured OSS Project Admin Beta

Assured OSS Reader

Assured OSS User

Audit Manager Admin Beta

Audit Manager Auditor Beta

Custom Compliance Framework Admin Beta

Custom Compliance Framework Viewer Beta

Autoscaling Metrics Writer Beta

Autoscaling Recommendations Reader Beta

Autoscaling Site Admin Beta

Autoscaling State Writer Beta

Batch Administrator

Batch Agent Reporter

Batch Job Editor

Batch Job Viewer

Batch ResourceAllowance Editor

Batch ResourceAllowance Viewer

BigLake Admin

BigLake Viewer

MigrationWorkflow Editor

Task Orchestrator

Migration Translation User

MigrationWorkflow Viewer

Task Worker

Carbon Footprint Viewer

Blockchain Node Engine Admin

Blockchain Node Engine Viewer

Blockchain Validator Manager Admin Beta

Blockchain Validator Viewer Beta

Capacity Planner Usage Viewer Beta

Care Studio Patients Viewer

Chronicle Service Admin

Chronicle Service Viewer

Location reader Beta

Code Repository Indexes Admin Beta

Code Repository Indexes Viewer Beta

Repository Groups User Beta

Gemini for Google Cloud Settings Admin Beta

Gemini for Google Cloud Settings User Beta

Topic Admin Beta

Topic Reader Beta

Gemini for Google Cloud User Beta

Cloud Controls Partner Admin

Cloud Controls Partner Editor

Cloud Controls Partner Inspectability Reader

Cloud Controls Partner Monitoring Reader

Cloud Controls Partner Reader

Cloud Optimization AI Admin

Cloud Optimization AI Editor

Cloud Optimization AI Viewer

Cloud Quotas Admin Beta

Cloud Quotas Viewer Beta

Commerce Agreement Publishing Admin Beta

Commerce Agreement Publishing Viewer Beta

Confidential Space Workload User

ConfigDelivery Admin Beta

ConfigDelivery Viewer Beta

Config Delivery Resource Bundle Publisher Beta

Contact Center AI Platform Admin

Cloud API Hub Admin ^Beta

Cloud API hub Attributes Admin ^Beta

Cloud API Hub Editor ^Beta

Cloud API hub Plugins Admin ^Beta

Cloud API hub Provisioning Admin ^Beta

Cloud API hub Runtime Project Attachment Editor ^Beta

Cloud API hub Viewer ^Beta

API Management Admin ^Beta

API Management Viewer ^Beta

App Management Viewer ^Beta

Appliance troubleshooting commands approver ^Beta

On-appliance troubleshooting client ^Beta

Appliance troubleshooter ^Beta

Assured OSS Project Admin ^Beta

Audit Manager Admin ^Beta

Audit Manager Auditor ^Beta

Custom Compliance Framework Admin ^Beta

Custom Compliance Framework Viewer ^Beta

Autoscaling Metrics Writer ^Beta

Autoscaling Recommendations Reader ^Beta

Autoscaling Site Admin ^Beta

Autoscaling State Writer ^Beta

Blockchain Validator Manager Admin ^Beta

Blockchain Validator Viewer ^Beta

Capacity Planner Usage Viewer ^Beta

Location reader ^Beta

Code Repository Indexes Admin ^Beta

Code Repository Indexes Viewer ^Beta

Repository Groups User ^Beta

Gemini for Google Cloud Settings Admin ^Beta

Gemini for Google Cloud Settings User ^Beta

Topic Admin ^Beta

Topic Reader ^Beta

Gemini for Google Cloud User ^Beta

Cloud Quotas Admin ^Beta

Cloud Quotas Viewer ^Beta

Commerce Agreement Publishing Admin ^Beta

Commerce Agreement Publishing Viewer ^Beta

ConfigDelivery Admin ^Beta

ConfigDelivery Viewer ^Beta

Config Delivery Resource Bundle Publisher ^Beta

Contact Center AI Insights Admin ^Beta

Contact Center AI Insights authorized editor ^Beta

Contact Center AI Insights authorized viewer ^Beta

GKE Security Posture Viewer ^Beta

Database Center Admin ^Beta

Database Center viewer ^Beta

Database Insights assistant viewer ^Beta

Events Service viewer ^Beta

Database Insights monitoring viewer ^Beta

Database Insights performing operations ^Beta

Database Insights recommendation viewer ^Beta

Database Insights viewer ^Beta

Studio Query Admin ^Beta

Studio Query User ^Beta

Dataproc Resource Manager Admin ^Beta

Dataproc Resource Manager Viewer ^Beta

Application Design Center Admin ^Beta

Application Admin ^Beta

Application Editor ^Beta

Application Viewer ^Beta

Application Design Center User ^Beta

Application Design Center Viewer ^Beta

Developer Connect Admin ^Beta

Developer Connect Git Proxy Reader ^Beta

Developer Connect Git Proxy User ^Beta

Developer Connect OAuth Admin ^Beta

Developer Connect OAuth User ^Beta

Developer Connect Read Token Accessor ^Beta

Developer Connect Token Accessor ^Beta

Developer Connect User ^Beta

Developer Connect Viewer ^Beta

Cloud NotebookLM Notebook Editor ^Beta

Cloud NotebookLM Admin ^Beta

Cloud NotebookLM User ^Beta

Cloud NotebookLM Notebook Owner ^Beta

Cloud NotebookLM Notebook Viewer ^Beta

Discovery Engine User ^Beta

Enterprise Purchasing Admin ^Beta

Enterprise Purchasing Editor ^Beta