Cloud Deployment Manager 将于 2025 年 12 月 31 日停止支持。
如果您目前使用的是部署管理器，请在
2025 年 12 月 31 日之前迁移到基础架构管理器或其他部署技术，以确保您的服务能够持续顺畅运行。

如需详细了解有关弃用和关停的信息，请参阅 Deployment Manager 弃用。

此页面由 Cloud Translation API 翻译。

使用 IAM 进行访问权限控制
使用集合让一切井井有条根据您的偏好保存内容并对其进行分类。

默认情况下，所有 Google Cloud 控制台项目都只包含一位用户：原始项目创建者。其他用户只有在被添加为项目团队成员之后，才能访问相关项目和 Google Cloud 资源。本页面介绍了将新用户添加到项目的不同方法。

此外，还介绍了 Deployment Manager 如何代表您对其他Google Cloud API 进行身份验证以创建资源。

准备工作

如果要使用本指南中的命令行示例，请安装 “gcloud” 命令行工具。
如果希望使用本指南中的 API 示例，请设置 API 访问权限。
了解 Google Cloud 控制台项目。
了解 Google Identity and Access Management。

针对用户的访问权限控制

为了让您的用户可以访问您的项目，以便他们可以创建配置和部署，您需要将用户添加为项目团队成员，并授予他们适当的 Identity and Access Management (IAM) 角色。

如需了解如何添加团队成员，请阅读文档添加团队成员。

Deployment Manager 角色

Role Permissions

Role	Permissions
Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`) Allows Deployment Manager service to actuate resources across DM projects and folders Warning: Do not grant service agent roles to any principals except service agents.	`accesscontextmanager.accessLevels.create` `accesscontextmanager.accessLevels.delete` `accesscontextmanager.accessLevels.get` `accesscontextmanager.accessLevels.update` `accesscontextmanager.policies.list` `accesscontextmanager.servicePerimeters.create` `accesscontextmanager.servicePerimeters.delete` `accesscontextmanager.servicePerimeters.get` `accesscontextmanager.servicePerimeters.update` `appengine.applications.get` `appengine.operations.get` `appengine.services.update` `appengine.versions.create` `appengine.versions.delete` `appengine.versions.get` `appengine.versions.list` `artifactregistry.repositories.create` `artifactregistry.repositories.delete` `artifactregistry.repositories.get` `artifactregistry.repositories.update` `bigquery.connections.get` `bigquery.datasets.create` `bigquery.datasets.delete` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.update` `bigquery.jobs.create` `bigquery.routines.create` `bigquery.routines.get` `bigquery.routines.update` `bigquery.tables.create` `bigquery.tables.delete` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.setCategory` `bigquery.tables.update` `bigquery.tables.updateData` `bigtable.instances.create` `bigtable.instances.delete` `bigtable.instances.get` `bigtable.instances.update` `bigtable.tables.create` `bigtable.tables.delete` `bigtable.tables.get` `bigtable.tables.update` `billing.resourceAssociations.create` `billing.resourcebudgets.write` `cloudbuild.builds.create` `cloudbuild.builds.get` `cloudfunctions.functions.call` `cloudfunctions.functions.create` `cloudfunctions.functions.delete` `cloudfunctions.functions.get` `cloudfunctions.functions.getIamPolicy` `cloudfunctions.functions.list` `cloudfunctions.functions.update` `cloudfunctions.operations.get` `cloudprivatecatalog.targets.get` `cloudscheduler.jobs.create` `cloudscheduler.jobs.delete` `cloudscheduler.jobs.get` `cloudscheduler.jobs.update` `cloudsql.backupRuns.create` `cloudsql.databases.` `cloudsql.databases.create` `cloudsql.databases.delete` `cloudsql.databases.get` `cloudsql.databases.list` `cloudsql.databases.update` `cloudsql.instances.create` `cloudsql.instances.delete` `cloudsql.instances.get` `cloudsql.instances.import` `cloudsql.instances.restart` `cloudsql.instances.update` `cloudsql.sslCerts.create` `cloudsql.sslCerts.delete` `cloudsql.sslCerts.get` `cloudsql.users.create` `cloudsql.users.delete` `cloudtasks.queues.create` `cloudtasks.queues.delete` `cloudtasks.queues.get` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.list` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.update` `compute.backendBuckets.create` `compute.backendBuckets.delete` `compute.backendBuckets.get` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.create` `compute.backendServices.delete` `compute.backendServices.get` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.delete` `compute.disks.get` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setLabels` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.create` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.get` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.create` `compute.firewallPolicies.delete` `compute.firewallPolicies.get` `compute.firewalls.create` `compute.firewalls.delete` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.update` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.get` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.create` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.get` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.setLabels` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.healthChecks.create` `compute.healthChecks.delete` `compute.healthChecks.get` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.create` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.get` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.create` `compute.images.delete` `compute.images.deprecate` `compute.images.get` `compute.images.setLabels` `compute.images.useReadOnly` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.create` `compute.instanceGroups.delete` `compute.instanceGroups.get` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.useReadOnly` `compute.instances.addAccessConfig` `compute.instances.create` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.get` `compute.instances.listTagBindings` `compute.instances.resume` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateDisplayDevice` `compute.instances.use` `compute.interconnectAttachments.create` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.get` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnects.create` `compute.interconnects.delete` `compute.interconnects.get` `compute.interconnects.setLabels` `compute.interconnects.use` `compute.machineImages.useReadOnly` `compute.machineTypes.get` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.use` `compute.networks.addPeering` `compute.networks.create` `compute.networks.delete` `compute.networks.get` `compute.networks.listPeeringRoutes` `compute.networks.removePeering` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.organizations.disableXpnResource` `compute.organizations.enableXpnHost` `compute.organizations.enableXpnResource` `compute.packetMirrorings.create` `compute.packetMirrorings.delete` `compute.packetMirrorings.get` `compute.projects.get` `compute.projects.setUsageExportBucket` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.get` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.get` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.use` `compute.regionOperations.get` `compute.regionSslCertificates.create` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.get` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.use` `compute.regionUrlMaps.create` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.get` `compute.regionUrlMaps.use` `compute.regions.get` `compute.reservations.list` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.use` `compute.routers.create` `compute.routers.delete` `compute.routers.get` `compute.routers.update` `compute.routers.use` `compute.routes.create` `compute.routes.delete` `compute.routes.get` `compute.securityPolicies.create` `compute.securityPolicies.delete` `compute.securityPolicies.get` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.serviceAttachments.create` `compute.serviceAttachments.get` `compute.snapshots.useReadOnly` `compute.sslCertificates.create` `compute.sslCertificates.delete` `compute.sslCertificates.get` `compute.sslPolicies.create` `compute.sslPolicies.delete` `compute.sslPolicies.get` `compute.sslPolicies.use` `compute.subnetworks.create` `compute.subnetworks.delete` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.mirror` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetHttpProxies.create` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.get` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.use` `compute.targetInstances.create` `compute.targetInstances.delete` `compute.targetInstances.get` `compute.targetInstances.use` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.delete` `compute.targetPools.get` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.use` `compute.targetSslProxies.create` `compute.targetSslProxies.delete` `compute.targetSslProxies.get` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.use` `compute.targetTcpProxies.create` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.get` `compute.targetTcpProxies.use` `compute.targetVpnGateways.create` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.get` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.create` `compute.urlMaps.delete` `compute.urlMaps.get` `compute.urlMaps.update` `compute.urlMaps.use` `compute.vpnGateways.create` `compute.vpnGateways.delete` `compute.vpnGateways.get` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.create` `compute.vpnTunnels.delete` `compute.vpnTunnels.get` `compute.vpnTunnels.setLabels` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.get` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.clusterRoleBindings.create` `container.clusterRoleBindings.delete` `container.clusterRoleBindings.get` `container.clusterRoles.bind` `container.clusterRoles.create` `container.clusterRoles.delete` `container.clusterRoles.escalate` `container.clusterRoles.get` `container.clusters.create` `container.clusters.delete` `container.clusters.get` `container.clusters.getCredentials` `container.clusters.update` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.update` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.update` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.update` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.update` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.mutatingWebhookConfigurations.delete` `container.mutatingWebhookConfigurations.get` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.get` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.operations.get` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podSecurityPolicies.delete` `container.podSecurityPolicies.get` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.roleBindings.create` `container.roleBindings.delete` `container.roleBindings.get` `container.roles.bind` `container.roles.create` `container.roles.delete` `container.roles.escalate` `container.roles.get` `container.roles.update` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.update` `container.serviceAccounts.create` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.update` `container.services.create` `container.services.delete` `container.services.get` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.update` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.update` `container.validatingWebhookConfigurations.delete` `container.validatingWebhookConfigurations.get` `datacatalog.taxonomies.get` `dataproc.autoscalingPolicies.create` `dataproc.autoscalingPolicies.delete` `dataproc.autoscalingPolicies.get` `dataproc.autoscalingPolicies.use` `dataproc.clusters.create` `dataproc.clusters.delete` `dataproc.clusters.get` `dataproc.nodeGroups.create` `dataproc.operations.get` `dataproc.workflowTemplates.create` `dataproc.workflowTemplates.delete` `dataproc.workflowTemplates.get` `deploymentmanager.compositeTypes.get` `deploymentmanager.deployments.create` `deploymentmanager.deployments.delete` `deploymentmanager.deployments.get` `deploymentmanager.deployments.update` `deploymentmanager.operations.get` `deploymentmanager.typeProviders.create` `deploymentmanager.typeProviders.delete` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.update` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.policies.delete` `dns.policies.get` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `file.instances.create` `file.instances.delete` `file.instances.get` `file.instances.update` `file.operations.get` `firebase.projects.get` `firebase.projects.update` `firebaseanalytics.resources.googleAnalyticsEdit` `iam.roles.create` `iam.roles.delete` `iam.roles.get` `iam.roles.list` `iam.roles.update` `iam.serviceAccountKeys.delete` `iam.serviceAccountKeys.get` `iam.serviceAccounts.actAs` `iam.serviceAccounts.create` `iam.serviceAccounts.delete` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `iam.serviceAccounts.update` `logging.buckets.update` `logging.exclusions.create` `logging.exclusions.delete` `logging.exclusions.get` `logging.exclusions.update` `logging.logEntries.create` `logging.logMetrics.create` `logging.logMetrics.delete` `logging.logMetrics.get` `logging.logMetrics.update` `logging.notificationRules.create` `logging.sinks.create` `logging.sinks.delete` `logging.sinks.get` `logging.sinks.update` `monitoring.alertPolicies.create` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.update` `monitoring.dashboards.create` `monitoring.dashboards.delete` `monitoring.dashboards.get` `monitoring.dashboards.update` `monitoring.groups.create` `monitoring.groups.delete` `monitoring.groups.get` `monitoring.groups.update` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.delete` `monitoring.metricDescriptors.get` `monitoring.notificationChannels.create` `monitoring.notificationChannels.delete` `monitoring.notificationChannels.get` `monitoring.notificationChannels.update` `monitoring.uptimeCheckConfigs.create` `monitoring.uptimeCheckConfigs.delete` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.update` `networksecurity.serverTlsPolicies.use` `pubsub.schemas.attach` `pubsub.subscriptions.create` `pubsub.subscriptions.delete` `pubsub.subscriptions.get` `pubsub.subscriptions.update` `pubsub.topics.attachSubscription` `pubsub.topics.create` `pubsub.topics.delete` `pubsub.topics.get` `pubsub.topics.getIamPolicy` `pubsub.topics.publish` `pubsub.topics.update` `redis.instances.create` `redis.instances.delete` `redis.instances.get` `redis.instances.update` `redis.instances.updateAuth` `redis.operations.get` `resourcemanager.folders.create` `resourcemanager.folders.delete` `resourcemanager.folders.get` `resourcemanager.folders.getIamPolicy` `resourcemanager.folders.list` `resourcemanager.folders.update` `resourcemanager.organizations.getIamPolicy` `resourcemanager.projects.create` `resourcemanager.projects.createBillingAssignment` `resourcemanager.projects.delete` `resourcemanager.projects.deleteBillingAssignment` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `resourcemanager.projects.move` `resourcemanager.projects.update` `resourcemanager.projects.updateLiens` `resourcemanager.tagHolds.create` `resourcemanager.tagHolds.delete` `resourcemanager.tagValueBindings.*` `resourcemanager.tagValueBindings.create` `resourcemanager.tagValueBindings.delete` `resourcemanager.tagValues.get` `runtimeconfig.configs.create` `runtimeconfig.configs.delete` `runtimeconfig.configs.get` `runtimeconfig.configs.list` `runtimeconfig.configs.update` `runtimeconfig.variables.create` `runtimeconfig.variables.delete` `runtimeconfig.variables.get` `runtimeconfig.variables.list` `runtimeconfig.variables.update` `runtimeconfig.waiters.create` `runtimeconfig.waiters.delete` `runtimeconfig.waiters.get` `runtimeconfig.waiters.list` `servicedirectory.namespaces.associatePrivateZone` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicemanagement.services.bind` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.get` `serviceusage.services.disable` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.use` `source.repos.create` `spanner.databaseOperations.get` `spanner.databases.create` `spanner.databases.drop` `spanner.databases.get` `spanner.databases.updateDdl` `spanner.instanceOperations.get` `spanner.instances.create` `spanner.instances.delete` `spanner.instances.get` `spanner.instances.update` `storage.buckets.create` `storage.buckets.delete` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.update` `storage.hmacKeys.create` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `vpcaccess.connectors.create` `vpcaccess.connectors.delete` `vpcaccess.operations.get` `workflows.operations.get` `workflows.workflows.create` `workflows.workflows.delete` `workflows.workflows.get`
Deployment Manager Editor (`roles/deploymentmanager.editor`) Provides the permissions necessary to create and manage deployments. Lowest-level resources where you can grant this role: Project	`deploymentmanager.compositeTypes.` `deploymentmanager.compositeTypes.create` `deploymentmanager.compositeTypes.delete` `deploymentmanager.compositeTypes.get` `deploymentmanager.compositeTypes.list` `deploymentmanager.compositeTypes.update` `deploymentmanager.deployments.cancelPreview` `deploymentmanager.deployments.create` `deploymentmanager.deployments.delete` `deploymentmanager.deployments.get` `deploymentmanager.deployments.list` `deploymentmanager.deployments.stop` `deploymentmanager.deployments.update` `deploymentmanager.manifests.` `deploymentmanager.manifests.get` `deploymentmanager.manifests.list` `deploymentmanager.operations.` `deploymentmanager.operations.get` `deploymentmanager.operations.list` `deploymentmanager.resources.` `deploymentmanager.resources.get` `deploymentmanager.resources.list` `deploymentmanager.typeProviders.` `deploymentmanager.typeProviders.create` `deploymentmanager.typeProviders.delete` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.getType` `deploymentmanager.typeProviders.list` `deploymentmanager.typeProviders.listTypes` `deploymentmanager.typeProviders.update` `deploymentmanager.types.` `deploymentmanager.types.create` `deploymentmanager.types.delete` `deploymentmanager.types.get` `deploymentmanager.types.list` `deploymentmanager.types.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`
Deployment Manager Type Editor (`roles/deploymentmanager.typeEditor`) Provides read and write access to all Type Registry resources. Lowest-level resources where you can grant this role: Project	`deploymentmanager.compositeTypes.` `deploymentmanager.compositeTypes.create` `deploymentmanager.compositeTypes.delete` `deploymentmanager.compositeTypes.get` `deploymentmanager.compositeTypes.list` `deploymentmanager.compositeTypes.update` `deploymentmanager.operations.get` `deploymentmanager.typeProviders.` `deploymentmanager.typeProviders.create` `deploymentmanager.typeProviders.delete` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.getType` `deploymentmanager.typeProviders.list` `deploymentmanager.typeProviders.listTypes` `deploymentmanager.typeProviders.update` `deploymentmanager.types.*` `deploymentmanager.types.create` `deploymentmanager.types.delete` `deploymentmanager.types.get` `deploymentmanager.types.list` `deploymentmanager.types.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get`
Deployment Manager Type Viewer (`roles/deploymentmanager.typeViewer`) Provides read-only access to all Type Registry resources. Lowest-level resources where you can grant this role: Project	`deploymentmanager.compositeTypes.get` `deploymentmanager.compositeTypes.list` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.getType` `deploymentmanager.typeProviders.list` `deploymentmanager.typeProviders.listTypes` `deploymentmanager.types.get` `deploymentmanager.types.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get`
Deployment Manager Viewer (`roles/deploymentmanager.viewer`) Provides read-only access to all Deployment Manager-related resources. Lowest-level resources where you can grant this role: Project	`deploymentmanager.compositeTypes.get` `deploymentmanager.compositeTypes.list` `deploymentmanager.deployments.get` `deploymentmanager.deployments.list` `deploymentmanager.manifests.` `deploymentmanager.manifests.get` `deploymentmanager.manifests.list` `deploymentmanager.operations.` `deploymentmanager.operations.get` `deploymentmanager.operations.list` `deploymentmanager.resources.*` `deploymentmanager.resources.get` `deploymentmanager.resources.list` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.getType` `deploymentmanager.typeProviders.list` `deploymentmanager.typeProviders.listTypes` `deploymentmanager.types.get` `deploymentmanager.types.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`

Cloud Deployment Manager Service Agent

(roles/clouddeploymentmanager.serviceAgent)

Allows Deployment Manager service to actuate resources across DM projects and folders

accesscontextmanager.accessLevels.create

accesscontextmanager.accessLevels.delete

accesscontextmanager.accessLevels.get

accesscontextmanager.accessLevels.update

accesscontextmanager.policies.list

accesscontextmanager.servicePerimeters.create

accesscontextmanager.servicePerimeters.delete

accesscontextmanager.servicePerimeters.get

accesscontextmanager.servicePerimeters.update

appengine.applications.get

appengine.operations.get

appengine.services.update

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

artifactregistry.repositories.create

artifactregistry.repositories.delete

artifactregistry.repositories.get

artifactregistry.repositories.update

bigquery.connections.get

bigquery.datasets.create

bigquery.datasets.delete

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.update

bigquery.jobs.create

bigquery.routines.create

bigquery.routines.get

bigquery.routines.update

bigquery.tables.create

bigquery.tables.delete

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.setCategory

bigquery.tables.update

bigquery.tables.updateData

bigtable.instances.create

bigtable.instances.delete

bigtable.instances.get

bigtable.instances.update

bigtable.tables.create

bigtable.tables.delete

bigtable.tables.get

bigtable.tables.update

billing.resourceAssociations.create

billing.resourcebudgets.write

cloudbuild.builds.create

cloudbuild.builds.get

cloudfunctions.functions.call

cloudfunctions.functions.create

cloudfunctions.functions.delete

cloudfunctions.functions.get

cloudfunctions.functions.getIamPolicy

cloudfunctions.functions.list

cloudfunctions.functions.update

cloudfunctions.operations.get

cloudprivatecatalog.targets.get

cloudscheduler.jobs.create

cloudscheduler.jobs.delete

cloudscheduler.jobs.get

cloudscheduler.jobs.update

cloudsql.backupRuns.create

cloudsql.databases.*

cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update

cloudsql.instances.create

cloudsql.instances.delete

cloudsql.instances.get

cloudsql.instances.import

cloudsql.instances.restart

cloudsql.instances.update

cloudsql.sslCerts.create

cloudsql.sslCerts.delete

cloudsql.sslCerts.get

cloudsql.users.create

cloudsql.users.delete

cloudtasks.queues.create

cloudtasks.queues.delete

cloudtasks.queues.get

compute.addresses.create

compute.addresses.createInternal

compute.addresses.delete

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.list

compute.addresses.setLabels

compute.addresses.use

compute.addresses.useInternal

compute.autoscalers.create

compute.autoscalers.delete

compute.autoscalers.get

compute.autoscalers.update

compute.backendBuckets.create

compute.backendBuckets.delete

compute.backendBuckets.get

compute.backendBuckets.update

compute.backendBuckets.use

compute.backendServices.create

compute.backendServices.delete

compute.backendServices.get

compute.backendServices.setSecurityPolicy

compute.backendServices.update

compute.backendServices.use

compute.disks.addResourcePolicies

compute.disks.create

compute.disks.delete

compute.disks.get

compute.disks.removeResourcePolicies

compute.disks.resize

compute.disks.setLabels

compute.disks.update

compute.disks.use

compute.disks.useReadOnly

compute.externalVpnGateways.create

compute.externalVpnGateways.delete

compute.externalVpnGateways.get

compute.externalVpnGateways.setLabels

compute.externalVpnGateways.use

compute.firewallPolicies.create

compute.firewallPolicies.delete

compute.firewallPolicies.get

compute.firewalls.create

compute.firewalls.delete

compute.firewalls.get

compute.firewalls.list

compute.firewalls.update

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscSetLabels

compute.forwardingRules.setLabels

compute.forwardingRules.setTarget

compute.forwardingRules.update

compute.forwardingRules.use

compute.globalAddresses.create

compute.globalAddresses.createInternal

compute.globalAddresses.delete

compute.globalAddresses.deleteInternal

compute.globalAddresses.get

compute.globalAddresses.setLabels

compute.globalAddresses.use

compute.globalForwardingRules.create

compute.globalForwardingRules.delete

compute.globalForwardingRules.get

compute.globalForwardingRules.pscCreate

compute.globalForwardingRules.pscDelete

compute.globalForwardingRules.pscSetLabels

compute.globalForwardingRules.setLabels

compute.globalNetworkEndpointGroups.attachNetworkEndpoints

compute.globalNetworkEndpointGroups.create

compute.globalNetworkEndpointGroups.delete

compute.globalNetworkEndpointGroups.get

compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.healthChecks.create

compute.healthChecks.delete

compute.healthChecks.get

compute.healthChecks.update

compute.healthChecks.use

compute.healthChecks.useReadOnly

compute.httpHealthChecks.create

compute.httpHealthChecks.delete

compute.httpHealthChecks.get

compute.httpHealthChecks.update

compute.httpHealthChecks.use

compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.create

compute.httpsHealthChecks.delete

compute.httpsHealthChecks.get

compute.httpsHealthChecks.update

compute.httpsHealthChecks.use

compute.httpsHealthChecks.useReadOnly

compute.images.create

compute.images.delete

compute.images.deprecate

compute.images.get

compute.images.setLabels

compute.images.useReadOnly

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.get

compute.instanceGroupManagers.update

compute.instanceGroupManagers.use

compute.instanceGroups.create

compute.instanceGroups.delete

compute.instanceGroups.get

compute.instanceGroups.update

compute.instanceGroups.use

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.addAccessConfig

compute.instances.create

compute.instances.delete

compute.instances.deleteAccessConfig

compute.instances.get

compute.instances.listTagBindings

compute.instances.resume

compute.instances.setDeletionProtection

compute.instances.setDiskAutoDelete

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.suspend

compute.instances.update

compute.instances.updateDisplayDevice

compute.instances.use

compute.interconnectAttachments.create

compute.interconnectAttachments.delete

compute.interconnectAttachments.get

compute.interconnectAttachments.setLabels

compute.interconnectAttachments.update

compute.interconnects.create

compute.interconnects.delete

compute.interconnects.get

compute.interconnects.setLabels

compute.interconnects.use

compute.machineImages.useReadOnly

compute.machineTypes.get

compute.networkEndpointGroups.attachNetworkEndpoints

compute.networkEndpointGroups.create

compute.networkEndpointGroups.delete

compute.networkEndpointGroups.get

compute.networkEndpointGroups.use

compute.networks.addPeering

compute.networks.create

compute.networks.delete

compute.networks.get

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.switchToCustomMode

compute.networks.update

compute.networks.updatePolicy

compute.networks.use

compute.networks.useExternalIp

compute.organizations.disableXpnResource

compute.organizations.enableXpnHost

compute.organizations.enableXpnResource

compute.packetMirrorings.create

compute.packetMirrorings.delete

compute.packetMirrorings.get

compute.projects.get

compute.projects.setUsageExportBucket

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.get

compute.regionBackendServices.update

compute.regionBackendServices.use

compute.regionHealthChecks.create

compute.regionHealthChecks.delete

compute.regionHealthChecks.get

compute.regionHealthChecks.update

compute.regionHealthChecks.use

compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.create

compute.regionNetworkEndpointGroups.delete

compute.regionNetworkEndpointGroups.get

compute.regionNetworkEndpointGroups.use

compute.regionOperations.get

compute.regionSslCertificates.create

compute.regionSslCertificates.delete

compute.regionSslCertificates.get

compute.regionTargetHttpProxies.create

compute.regionTargetHttpProxies.delete

compute.regionTargetHttpProxies.get

compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.create

compute.regionTargetHttpsProxies.delete

compute.regionTargetHttpsProxies.get

compute.regionTargetHttpsProxies.use

compute.regionUrlMaps.create

compute.regionUrlMaps.delete

compute.regionUrlMaps.get

compute.regionUrlMaps.use

compute.regions.get

compute.reservations.list

compute.resourcePolicies.create

compute.resourcePolicies.delete

compute.resourcePolicies.get

compute.resourcePolicies.use

compute.routers.create

compute.routers.delete

compute.routers.get

compute.routers.update

compute.routers.use

compute.routes.create

compute.routes.delete

compute.routes.get

compute.securityPolicies.create

compute.securityPolicies.delete

compute.securityPolicies.get

compute.securityPolicies.setLabels

compute.securityPolicies.update

compute.securityPolicies.use

compute.serviceAttachments.create

compute.serviceAttachments.get

compute.snapshots.useReadOnly

compute.sslCertificates.create

compute.sslCertificates.delete

compute.sslCertificates.get

compute.sslPolicies.create

compute.sslPolicies.delete

compute.sslPolicies.get

compute.sslPolicies.use

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.expandIpCidrRange

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.mirror

compute.subnetworks.update

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.targetHttpProxies.create

compute.targetHttpProxies.delete

compute.targetHttpProxies.get

compute.targetHttpProxies.use

compute.targetHttpsProxies.create

compute.targetHttpsProxies.delete

compute.targetHttpsProxies.get

compute.targetHttpsProxies.setSslCertificates

compute.targetHttpsProxies.setSslPolicy

compute.targetHttpsProxies.use

compute.targetInstances.create

compute.targetInstances.delete

compute.targetInstances.get

compute.targetInstances.use

compute.targetPools.addHealthCheck

compute.targetPools.addInstance

compute.targetPools.create

compute.targetPools.delete

compute.targetPools.get

compute.targetPools.removeHealthCheck

compute.targetPools.removeInstance

compute.targetPools.use

compute.targetSslProxies.create

compute.targetSslProxies.delete

compute.targetSslProxies.get

compute.targetSslProxies.setSslCertificates

compute.targetSslProxies.use

compute.targetTcpProxies.create

compute.targetTcpProxies.delete

compute.targetTcpProxies.get

compute.targetTcpProxies.use

compute.targetVpnGateways.create

compute.targetVpnGateways.delete

compute.targetVpnGateways.get

compute.targetVpnGateways.setLabels

compute.targetVpnGateways.use

compute.urlMaps.create

compute.urlMaps.delete

compute.urlMaps.get

compute.urlMaps.update

compute.urlMaps.use

compute.vpnGateways.create

compute.vpnGateways.delete

compute.vpnGateways.get

compute.vpnGateways.setLabels

compute.vpnGateways.use

compute.vpnTunnels.create

compute.vpnTunnels.delete

compute.vpnTunnels.get

compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.get

container.backendConfigs.create

container.backendConfigs.delete

container.backendConfigs.get

container.clusterRoleBindings.create

container.clusterRoleBindings.delete

container.clusterRoleBindings.get

container.clusterRoles.bind

container.clusterRoles.create

container.clusterRoles.delete

container.clusterRoles.escalate

container.clusterRoles.get

container.clusters.create

container.clusters.delete

container.clusters.get

container.clusters.getCredentials

container.clusters.update

container.configMaps.create

container.configMaps.delete

container.configMaps.get

container.configMaps.update

container.cronJobs.create

container.cronJobs.delete

container.cronJobs.get

container.cronJobs.update

container.daemonSets.create

container.daemonSets.delete

container.daemonSets.get

container.daemonSets.update

container.deployments.create

container.deployments.delete

container.deployments.get

container.deployments.update

container.frontendConfigs.create

container.frontendConfigs.delete

container.frontendConfigs.get

container.horizontalPodAutoscalers.create

container.horizontalPodAutoscalers.delete

container.horizontalPodAutoscalers.get

container.ingresses.create

container.ingresses.delete

container.ingresses.get

container.jobs.create

container.jobs.delete

container.jobs.get

container.managedCertificates.create

container.managedCertificates.delete

container.managedCertificates.get

container.mutatingWebhookConfigurations.delete

container.mutatingWebhookConfigurations.get

container.namespaces.create

container.namespaces.delete

container.namespaces.get

container.networkPolicies.create

container.networkPolicies.delete

container.networkPolicies.get

container.operations.get

container.podDisruptionBudgets.create

container.podDisruptionBudgets.delete

container.podDisruptionBudgets.get

container.podSecurityPolicies.delete

container.podSecurityPolicies.get

container.priorityClasses.create

container.priorityClasses.delete

container.priorityClasses.get

container.replicationControllers.create

container.replicationControllers.delete

container.replicationControllers.get

container.roleBindings.create

container.roleBindings.delete

container.roleBindings.get

container.roles.bind

container.roles.create

container.roles.delete

container.roles.escalate

container.roles.get

container.roles.update

container.secrets.create

container.secrets.delete

container.secrets.get

container.secrets.update

container.serviceAccounts.create

container.serviceAccounts.delete

container.serviceAccounts.get

container.serviceAccounts.update

container.services.create

container.services.delete

container.services.get

container.statefulSets.create

container.statefulSets.delete

container.statefulSets.get

container.statefulSets.update

container.storageClasses.create

container.storageClasses.delete

container.storageClasses.get

container.thirdPartyObjects.create

container.thirdPartyObjects.delete

container.thirdPartyObjects.get

container.thirdPartyObjects.update

container.validatingWebhookConfigurations.delete

container.validatingWebhookConfigurations.get

datacatalog.taxonomies.get

dataproc.autoscalingPolicies.create

dataproc.autoscalingPolicies.delete

dataproc.autoscalingPolicies.get

dataproc.autoscalingPolicies.use

dataproc.clusters.create

dataproc.clusters.delete

dataproc.clusters.get

dataproc.nodeGroups.create

dataproc.operations.get

dataproc.workflowTemplates.create

dataproc.workflowTemplates.delete

dataproc.workflowTemplates.get

deploymentmanager.compositeTypes.get

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.update

deploymentmanager.operations.get

deploymentmanager.typeProviders.create

deploymentmanager.typeProviders.delete

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.update

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.list

dns.managedZones.update

dns.networks.bindPrivateDNSZone

dns.networks.targetWithPeeringZone

dns.policies.delete

dns.policies.get

dns.resourceRecordSets.create

dns.resourceRecordSets.delete

dns.resourceRecordSets.list

dns.resourceRecordSets.update

file.instances.create

file.instances.delete

file.instances.get

file.instances.update

file.operations.get

firebase.projects.get

firebase.projects.update

firebaseanalytics.resources.googleAnalyticsEdit

iam.roles.create

iam.roles.delete

iam.roles.get

iam.roles.list

iam.roles.update

iam.serviceAccountKeys.delete

iam.serviceAccountKeys.get

iam.serviceAccounts.actAs

iam.serviceAccounts.create

iam.serviceAccounts.delete

iam.serviceAccounts.get

iam.serviceAccounts.list

iam.serviceAccounts.update

logging.buckets.update

logging.exclusions.create

logging.exclusions.delete

logging.exclusions.get

logging.exclusions.update

logging.logEntries.create

logging.logMetrics.create

logging.logMetrics.delete

logging.logMetrics.get

logging.logMetrics.update

logging.notificationRules.create

logging.sinks.create

logging.sinks.delete

logging.sinks.get

logging.sinks.update

monitoring.alertPolicies.create

monitoring.alertPolicies.delete

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.update

monitoring.dashboards.create

monitoring.dashboards.delete

monitoring.dashboards.get

monitoring.dashboards.update

monitoring.groups.create

monitoring.groups.delete

monitoring.groups.get

monitoring.groups.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.delete

monitoring.metricDescriptors.get

monitoring.notificationChannels.create

monitoring.notificationChannels.delete

monitoring.notificationChannels.get

monitoring.notificationChannels.update

monitoring.uptimeCheckConfigs.create

monitoring.uptimeCheckConfigs.delete

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.update

networksecurity.serverTlsPolicies.use

pubsub.schemas.attach

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.get

pubsub.topics.getIamPolicy

pubsub.topics.publish

pubsub.topics.update

redis.instances.create

redis.instances.delete

redis.instances.get

redis.instances.update

redis.instances.updateAuth

redis.operations.get

resourcemanager.folders.create

resourcemanager.folders.delete

resourcemanager.folders.get

resourcemanager.folders.getIamPolicy

resourcemanager.folders.list

resourcemanager.folders.update

resourcemanager.organizations.getIamPolicy

resourcemanager.projects.create

resourcemanager.projects.createBillingAssignment

resourcemanager.projects.delete

resourcemanager.projects.deleteBillingAssignment

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.projects.move

resourcemanager.projects.update

resourcemanager.projects.updateLiens

resourcemanager.tagHolds.create

resourcemanager.tagHolds.delete

resourcemanager.tagValueBindings.*

resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete

resourcemanager.tagValues.get

runtimeconfig.configs.create

runtimeconfig.configs.delete

runtimeconfig.configs.get

runtimeconfig.configs.list

runtimeconfig.configs.update

runtimeconfig.variables.create

runtimeconfig.variables.delete

runtimeconfig.variables.get

runtimeconfig.variables.list

runtimeconfig.variables.update

runtimeconfig.waiters.create

runtimeconfig.waiters.delete

runtimeconfig.waiters.get

runtimeconfig.waiters.list

servicedirectory.namespaces.associatePrivateZone

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicemanagement.services.bind

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.get

serviceusage.services.disable

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.use

source.repos.create

spanner.databaseOperations.get

spanner.databases.create

spanner.databases.drop

spanner.databases.get

spanner.databases.updateDdl

spanner.instanceOperations.get

spanner.instances.create

spanner.instances.delete

spanner.instances.get

spanner.instances.update

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.update

storage.hmacKeys.create

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.getIamPolicy

storage.objects.list

vpcaccess.connectors.create

vpcaccess.connectors.delete

vpcaccess.operations.get

workflows.operations.get

workflows.workflows.create

workflows.workflows.delete

workflows.workflows.get

Deployment Manager Editor

(roles/deploymentmanager.editor)

Provides the permissions necessary to create and manage deployments.

Lowest-level resources where you can grant this role:

Project

deploymentmanager.compositeTypes.*

deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update

deploymentmanager.deployments.cancelPreview

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.deployments.stop

deploymentmanager.deployments.update

deploymentmanager.manifests.*

deploymentmanager.manifests.get
deploymentmanager.manifests.list

deploymentmanager.operations.*

deploymentmanager.operations.get
deploymentmanager.operations.list

deploymentmanager.resources.*

deploymentmanager.resources.get
deploymentmanager.resources.list

deploymentmanager.typeProviders.*

deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.getType
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.listTypes
deploymentmanager.typeProviders.update

deploymentmanager.types.*

deploymentmanager.types.create
deploymentmanager.types.delete
deploymentmanager.types.get
deploymentmanager.types.list
deploymentmanager.types.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Deployment Manager Type Editor

(roles/deploymentmanager.typeEditor)

Provides read and write access to all Type Registry resources.

Lowest-level resources where you can grant this role:

Project

deploymentmanager.compositeTypes.*

deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update

deploymentmanager.operations.get

deploymentmanager.typeProviders.*

deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.getType
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.listTypes
deploymentmanager.typeProviders.update

deploymentmanager.types.*

deploymentmanager.types.create
deploymentmanager.types.delete
deploymentmanager.types.get
deploymentmanager.types.list
deploymentmanager.types.update

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

Deployment Manager Type Viewer

(roles/deploymentmanager.typeViewer)

Provides read-only access to all Type Registry resources.

Lowest-level resources where you can grant this role:

Project

deploymentmanager.compositeTypes.get

deploymentmanager.compositeTypes.list

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.getType

deploymentmanager.typeProviders.list

deploymentmanager.typeProviders.listTypes

deploymentmanager.types.get

deploymentmanager.types.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

Deployment Manager Viewer

(roles/deploymentmanager.viewer)

Provides read-only access to all Deployment Manager-related resources.

Lowest-level resources where you can grant this role:

Project

deploymentmanager.compositeTypes.get

deploymentmanager.compositeTypes.list

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.manifests.*

deploymentmanager.manifests.get
deploymentmanager.manifests.list

deploymentmanager.operations.*

deploymentmanager.operations.get
deploymentmanager.operations.list

deploymentmanager.resources.*

deploymentmanager.resources.get
deploymentmanager.resources.list

deploymentmanager.typeProviders.get

deploymentmanager.typeProviders.getType

deploymentmanager.typeProviders.list

deploymentmanager.typeProviders.listTypes

deploymentmanager.types.get

deploymentmanager.types.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

针对 Deployment Manager 的访问权限控制

为了创建其他 Google Cloud 资源，Deployment Manager 会使用 Google API 服务代理的凭据对其他 API 进行身份验证。Google API 服务代理专门用于代表您运行内部 Google 流程。此服务账号采用如下电子邮件地址形式：

[PROJECT_NUMBER]@cloudservices.gserviceaccount.com

Google API 服务代理会自动在项目级层授予 Editor 角色，并列在Google Cloud 控制台的 IAM 部分中。此服务账号随项目无限期存在；只有在项目被删除时，它才会被删除。由于 Deployment Manager 和其他服务（如托管实例组）依赖此服务账号来创建、删除和管理资源，建议您不要修改此账号的权限。

后续步骤

了解服务账号。
了解如何添加团队成员。
了解 IAM。

使用 IAM 进行访问权限控制 使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。

准备工作

针对用户的访问权限控制

Deployment Manager 角色

Cloud Deployment Manager Service Agent

Deployment Manager Editor

Deployment Manager Type Editor

Deployment Manager Type Viewer

Deployment Manager Viewer

针对 Deployment Manager 的访问权限控制

后续步骤

使用 IAM 进行访问权限控制
使用集合让一切井井有条根据您的偏好保存内容并对其进行分类。